target/arm: MTE fixes

[PATCH 2/3] target/arm: Fix reported EL for mte_check_fail

Posted by Richard Henderson 5 years, 1 month ago

The reporting in AArch64.TagCheckFail only depends on PSTATE.EL,
and not the AccType of the operation.  There are two guest
visible problems that affect LDTR and STTR because of this:

(1) Selecting TCF0 vs TCF1 to decide on reporting,
(2) Report "data abort same el" not "data abort lower el".

Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/mte_helper.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 734cc5ca67..153bd1e9df 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -525,14 +525,10 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
     reg_el = regime_el(env, arm_mmu_idx);
     sctlr = env->cp15.sctlr_el[reg_el];
 
-    switch (arm_mmu_idx) {
-    case ARMMMUIdx_E10_0:
-    case ARMMMUIdx_E20_0:
-        el = 0;
+    el = arm_current_el(env);
+    if (el == 0) {
         tcf = extract64(sctlr, 38, 2);
-        break;
-    default:
-        el = reg_el;
+    } else {
         tcf = extract64(sctlr, 40, 2);
     }
 
-- 
2.25.1

Re: [PATCH 2/3] target/arm: Fix reported EL for mte_check_fail

Posted by Vincenzo Frascino 5 years, 1 month ago


On 10/8/20 5:21 PM, Richard Henderson wrote:
> The reporting in AArch64.TagCheckFail only depends on PSTATE.EL,
> and not the AccType of the operation.  There are two guest
> visible problems that affect LDTR and STTR because of this:
> 
> (1) Selecting TCF0 vs TCF1 to decide on reporting,
> (2) Report "data abort same el" not "data abort lower el".
> 
> Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com>

> ---
>  target/arm/mte_helper.c | 10 +++-------
>  1 file changed, 3 insertions(+), 7 deletions(-)
> 
> diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
> index 734cc5ca67..153bd1e9df 100644
> --- a/target/arm/mte_helper.c
> +++ b/target/arm/mte_helper.c
> @@ -525,14 +525,10 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
>      reg_el = regime_el(env, arm_mmu_idx);
>      sctlr = env->cp15.sctlr_el[reg_el];
>  
> -    switch (arm_mmu_idx) {
> -    case ARMMMUIdx_E10_0:
> -    case ARMMMUIdx_E20_0:
> -        el = 0;
> +    el = arm_current_el(env);
> +    if (el == 0) {
>          tcf = extract64(sctlr, 38, 2);
> -        break;
> -    default:
> -        el = reg_el;
> +    } else {
>          tcf = extract64(sctlr, 40, 2);
>      }
>  
> 

-- 
Regards,
Vincenzo

[PATCH 1/3] target/arm: Remove redundant mmu_idx lookup
[PATCH 2/3] target/arm: Fix reported EL for mte_check_fail
[PATCH 3/3] target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11