From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637165; cv=none; d=zohomail.com; s=zohoarc; b=iyTdvMWI2g78O2TGdFMWbuB7dHFRG0/NQi6xycGtmaXt2TS342WBFB05zLUSE5zyWoppgUdWMSGEm6GTsFxzBndexd2legZqid2AEsjgc9npYywTzmYBMRXo54AT9m6acXqdi0qyk513TVD1OLkbo+0yZSTDjAtNNlbdb9GS1C0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637165; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=B+Hv/Pd2LCKw/PSMs7i5uhg6AdBJ5kEZzn6b+5/2FjM=; b=ggnb+wHan6i+bJAub9tlkvewSNdUeeEtxD2I2xWFVcSuJW9Cs9E8SN1YYt/zVG6F/eKvXlnu8cMwAPCjeddoWa/yQY1RASg191k5XEowOlNVJwVwC++ssSNKsSsIvRB/YHCjzK+mdoGoLZ3ZpvFJkJVAjvQBO3UrIiY6BUbWFyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637165175892.4248856773997; Mon, 5 Jan 2026 10:19:25 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7b-0001Bg-GZ; Mon, 05 Jan 2026 13:16:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00015Y-6P for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:51 -0500 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp76-00034D-0Q for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:35 -0500 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-88a3b9ddd40so1187996d6.1 for ; Mon, 05 Jan 2026 10:15:28 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636927; x=1768241727; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B+Hv/Pd2LCKw/PSMs7i5uhg6AdBJ5kEZzn6b+5/2FjM=; b=juFdlLis4zgB/5xn+zxQeORrVjeiLKPYdjG822FSKZxiRxI1/eMgN1h9rjHAwqFNl+ y8FmtPo+yxJMGOewRVjE90g7nR3wYALJDLDw33kPcblyWN0lbPOSPGi67SuEjIJtVrU/ zMCbVvHxsWMRVC7KSv+x/Lr23eUVbuKzlnRyzEZbWu+GkayuXRLOA7EI1yOHzinD8mht 2UWigWvwMfN7EK9F1lmeDJksX5OlFubYa99fG+ZK0kM91sYYRrXVe6VFFVQPIhdnYkH+ tHJGVHlM+GJ3LHyFry53NJQ8iTeP6eQP0h72tWX2HkyiGjlpTliASKi2cpyEJ7kLr7zQ IWrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636927; x=1768241727; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B+Hv/Pd2LCKw/PSMs7i5uhg6AdBJ5kEZzn6b+5/2FjM=; b=mFDt3IhgU4xkJ+GXYM2v/YdmAOlSIrMVZoTcaxi7WIJq+dPfCJng8lbNd2exCWOUr6 b4dqwfRsm9+BCPieFVaro7PmKKpAo6IqE1OpHWVuKww5HUzE+gzr9I1OmNC0/WNyqp1q XrJ+RdkSQxy54+YBv1kyTpoElV1rj7OCHvUO8k2syuFWGQ4//v8OKxdbHtenWvAbDGjU oQ/0qWh20EcgI0lOceLPrg/uJRlOUEY9Sa5cAoJ6M5n9VQDAfm5+UfqER5ZOR/sPhjgg H/D3n6fYFrzooKPwBMeYntkObkEKU1SQTcXWx1fRK1Q+slcPx/rQeig8G0qoBxPNzruS JuRA== X-Gm-Message-State: AOJu0YwkUqFbPLFnc0Yn2BlR6KNWGr4Fv8cLCPzIp7AlXQy/4ehvrIt4 aj57FfUtzueJnQoTQtJauLjhOQJcNKSwV+6Sun1MJNRCSapdX6yiv4dg X-Gm-Gg: AY/fxX5Hp4csgPrUvtXHMHTnKL4qmP65Yd+1l8pvvACsJj9J/a5EzeGdUHxIqGkef76 8alRz8Mg+LghYKyTLqukqL2gj/oH4A9O4Wv7dBxj4X7V+5avIfb/I8eq27UlSb1AZO14hWSk7uP Rba+hbgpdqsk+v3q80rUpeacoumOrlZ2pGfR4FfYn3pm6MLst4gXoBq3djcL/Kszd5OQxhm2+eq eM7YH6TgcBt4/QSXC/jYOltJeFbwhrDpmkFhRBiFDfl0BTU4X6kOQPCDdnigFL/Fef0OAhjdncy 0C1GWZc6TcvHAbLk385YjHfVQZ+Dcg5rSZVlKe6UPImMJMu7fDaB+wjAACbsG6V6UB82BjWZKCe nVb2pv4+qxLrLu5SyStd74KU2bQiOqFcBYQKnvOb0w7APevHtdphZegVYnyM4K9rmsjF7IXjoYS IlqwfoUYCDU4kfuu7YkBtt3mVC X-Google-Smtp-Source: AGHT+IHYdP20i1E7axKMbgwKe0aKHUb/bZzfMFwriKu5QlYEyH4TDqPUEvh7RcaA5iabb9jxFF7QAg== X-Received: by 2002:a05:6214:ca5:b0:88a:2841:bb11 with SMTP id 6a1803df08f44-89075e7d88dmr8395466d6.27.1767636927168; Mon, 05 Jan 2026 10:15:27 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:50 -0700 Subject: [PATCH RFC v3 01/12] target/arm: implement MTE_PERM MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-1-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=4132; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=mE5nY5j9NmtdHiwmNlYtPNB/QFvmyHnfw0X1To8yh9E=; b=fw7lNXQ/lCpLWby01FFEWy68Mi+AUEDEqfPihX3PZu8BCygZ+db6AYEfyVp7YeKmNm0UeQKIf A06vc40EN3wDWDDr5JdsohyfMknbpaToP0qySQSAUU+yBfhSYfYHQ/z X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f2d; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637167042158500 Introduces a new stage 2 memory attribute, NoTagAccess, that raises a stage 2 data abort on a tag check, tag read, or tag write. Signed-off-by: Gabriel Brookman --- target/arm/cpu-features.h | 5 +++++ target/arm/ptw.c | 17 ++++++++++++++++- target/arm/tcg/mte_helper.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index c86a4e667d..48009b5a66 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1139,6 +1139,11 @@ static inline bool isar_feature_aa64_mte3(const ARMI= SARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTE) >=3D 3; } =20 +static inline bool isar_feature_aa64_mteperm(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 2e6b149b2d..9f864fe837 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3393,7 +3393,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ARMCacheAttrs s1, ARMCacheAttrs s2) { ARMCacheAttrs ret; - bool tagged =3D false; + bool tagged, notagaccess =3D false; =20 assert(!s1.is_s2_format); ret.is_s2_format =3D false; @@ -3403,6 +3403,18 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, s1.attrs =3D 0xff; } =20 + if (hcr & HCR_FWB) { + if (s2.attrs >=3D 0xe) { + notagaccess =3D true; + s2.attrs =3D 0x7; + } + } else { + if (s2.attrs =3D=3D 0x4) { + notagaccess =3D true; + s2.attrs =3D 0xf; + } + } + /* Combine shareability attributes (table D4-43) */ if (s1.shareability =3D=3D 2 || s2.shareability =3D=3D 2) { /* if either are outer-shareable, the result is outer-shareable */ @@ -3437,6 +3449,9 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, /* TODO: CombineS1S2Desc does not consider transient, only WB, RWA. */ if (tagged && ret.attrs =3D=3D 0xff) { ret.attrs =3D 0xf0; + if (notagaccess) { + ret.attrs =3D 0xe0; + } } =20 return ret; diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index bb48fe359b..942bd4103d 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -57,6 +57,28 @@ static int choose_nonexcluded_tag(int tag, int offset, u= int16_t exclude) return tag; } =20 +#ifdef CONFIG_USER_ONLY +#else +/* + * Constructs S2 Permission Fault as described in ARM ARM "Stage 2 Memory + * Tagging Attributes". + */ +static void mte_perm_check_fail(CPUARMState *env, uint64_t dirty_ptr, + uintptr_t ra, bool is_write) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(0, 0, 0, 0, 0, is_write, 0); + + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, 2, ra); + g_assert_not_reached(); +} +#endif + uint8_t *allocation_tag_mem_probe(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -116,6 +138,15 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, } assert(!(flags & TLB_INVALID_MASK)); =20 + /* + * If the virtual page MemAttr =3D=3D Tagged NoTagAccess, throw S2 per= mission + * fault (conditional on mteperm being implemented and RA !=3D 0). + */ + if (ra && cpu_isar_feature(aa64_mteperm, env_archcpu(env)) + && full->extra.arm.pte_attrs =3D=3D 0xe0) { + mte_perm_check_fail(env, ptr, ra, tag_access =3D=3D 1); + } + /* If the virtual page MemAttr !=3D Tagged, access unchecked. */ if (full->extra.arm.pte_attrs !=3D 0xf0) { return NULL; --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637001; cv=none; d=zohomail.com; s=zohoarc; b=DMIOIXwc4KlcldH0E214sXnYvmOEIw6OJ0/cQuVojo4RjrgziVj9ABCCeKyoQneAzAA8gm8Pz5F9wQFHHl0gONVNBXna4HHPO8gVF1SuNLoKm6u6cNj8oEyuedBWJbGoSNBhqKkCSSufslbigCmOx/8aniEhWCt6Hw/0HICRa1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637001; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LWCpE05OCyK9rjkWEbDU6wH4iFFezXLpSY4SvfoXKxo=; b=ZkWKum9SnyJobDHBjSIp76Ece6UCIxSJsBuZLFjO1zSSttmx2NMqLXf/FQXgchKhtvgMy3WiMmbGt/IW5qZzdZrpl+A7k3f1Eo6NB8T/t4UlDzk4wkT9vxurs9GBMGOa3BRpRYtdZMT+hC5iYHr2hhd8gwrsZhMLpPfdrEONyHc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637001738543.6883247909933; Mon, 5 Jan 2026 10:16:41 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7V-00016w-3p; Mon, 05 Jan 2026 13:15:57 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7I-00014q-MC for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:46 -0500 Received: from mail-qv1-xf32.google.com ([2607:f8b0:4864:20::f32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp76-00034b-0U for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:35 -0500 Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-88a2b99d8c5so1330816d6.1 for ; Mon, 05 Jan 2026 10:15:29 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636929; x=1768241729; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=LWCpE05OCyK9rjkWEbDU6wH4iFFezXLpSY4SvfoXKxo=; b=KFLGAxLeBVKxzYVjbK1kqDQXbfrOxMmBL7aE3bqF75CXaQVTXdG6Kf+RYPnNBDdqI5 jziYI8pWjfrw6JSpGoI0eBal3jld6XYf/8ERmNFBUyfsIOQ2V1mSaKhNbR4vz0P9mTHG Kj7Glti2y+CrtajdrE7LZ823mgyFwbGrZL9ULvxqAzADnHCdIpFFmJXknSBh2d4+QHEW qmqYVRfDzO5mB1fvC/QrDw0PQqwiJGAzNS+1p/p1/Bv1w3TMnRNjEJMmZwxFTwwQ098t DVbXZBlDnM9BEV9Cz36uKjL4KmNakL0a8mxjRd0k7+kZefnOkvL3HW/WXZR+W1L+meke qV3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636929; x=1768241729; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=LWCpE05OCyK9rjkWEbDU6wH4iFFezXLpSY4SvfoXKxo=; b=MzZeAIJ4KNQbFlJN/glkqccZ2eDP+p+HA8E6SXbDuj5OXWktR/SfX0QKo613BrV1L9 gWguBwopO9WC/Nf6SxaBoMnyDVgy4yw8VkNdzS3clMK22w6FtXnuj+J1/wiBpbn7IkSm NKgvVtmRaidojzngCjb34kadmQ9WCETzyKgbdLz52X6tiazwbfeF9+3s+Hnc0vslmaF4 fzErQjaIOsHM9BcPsAgn98D8t18o5dp+IpeNiwp6d8cGQT7KyqZsM+f4AD3sFwRc2kNc ut3kM9uLaNGC72wuApDIeY2V7fCwsGnCKThci560I021dRahY3cNwBTeZKcKRcZ05OTn V0HA== X-Gm-Message-State: AOJu0YxE1iLCu5jByVCSaEJnO/tPhIXH8iPn1k5xu8I57tH5r+tTGBI0 n6Ppt9KVveolkxyf8gDQtXkYDlK+UayASsFfwwHd7FfElCfDLCsD9NR0 X-Gm-Gg: AY/fxX7NgFdcknOcyt1au0wq+RKbmAiGiO2WFrhe2Is3rva7v247FoXn8rHMLrBI/h0 jsbRt0g8hMnZjrVUYRFWieVHFqXTAg9Uzs+3O2AA0dTr+8mtHhhI1mHLNrYdD0dP3Ej0jy1J6J8 DHWhqCqOKS9gdTOFJPlsZSG0flZVB3UfZ1kzFjA4cVu/PgKKVCl1AQWpJygrc3h05nt9XSGgnR6 MtX4O27dY+Qt+xiL64DN/2+AGlWMg68ksR3++30/wwMoi9igmivgm4JJYgUJ5f+UngFczepvLxL D0GS0ts7DQaoN349Ln2aCtR7Pj4RvJgn4oL9zB9B9KtlOogJgTmdjvUBE4d1gO0hyzua6BqZotC +V1WUAmMZlaU0WnOQ3OTUOFr4o10Gi9vUtFIGYREmJh2rc83M7esGafy9Ne6xAcTKM9DLlc3dVv 7ro6hD7yIC1ZX07eOs6llyx10c X-Google-Smtp-Source: AGHT+IEh+on4dgKiJHXBp25QPS2Hce84+sLR8W5yWTCQ2L2YBe0dnohkPXb9Ocx3XHBI33dWkv8KJg== X-Received: by 2002:a05:6214:202d:b0:87d:fbe9:9566 with SMTP id 6a1803df08f44-89075e28819mr6831526d6.26.1767636928726; Mon, 05 Jan 2026 10:15:28 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:51 -0700 Subject: [PATCH RFC v3 02/12] target/arm: add TCSO bitmasks to SCTLR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-2-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=2722; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=Us4U7asgtOyjNGX+6WrRHwqGtfDdMl8/TKs5M/sdrmU=; b=FJwkdrVcUsLSLtQD9816e+sUA13U2L5lwo/uXXYuWLWwfHLMlyjKLGBZttMHDPtUYap9Lz5SF cgI1QwV/AaGBWpm5Uu0afmsLbgWub27K6Is+S8We9LpzONoPGip1h/N X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f32; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf32.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637002404158500 These are the bitmasks used to control the FEAT_MTE_STORE_ONLY feature. They are now named and setting these fields of SCTLR is ignored if MTE or MTE4 is disabled, as per convention. Signed-off-by: Gabriel Brookman --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 2 ++ target/arm/helper.c | 11 +++++++++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 48009b5a66..3473787ab8 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1144,6 +1144,11 @@ static inline bool isar_feature_aa64_mteperm(const A= RMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) =3D=3D 1; } =20 +static inline bool isar_feature_aa64_mte4(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEFAR) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 9579d43ba3..393bfc0dc9 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1424,6 +1424,8 @@ void pmu_init(ARMCPU *cpu); #define SCTLR_EnAS0 (1ULL << 55) /* FEAT_LS64_ACCDATA */ #define SCTLR_EnALS (1ULL << 56) /* FEAT_LS64 */ #define SCTLR_EPAN (1ULL << 57) /* FEAT_PAN3 */ +#define SCTLR_TCSO0 (1ULL << 58) /* FEAT_MTE_STORE_ONLY */ +#define SCTLR_TCSO (1ULL << 59) /* FEAT_MTE_STORE_ONLY */ #define SCTLR_EnTP2 (1ULL << 60) /* FEAT_SME */ #define SCTLR_NMI (1ULL << 61) /* FEAT_NMI */ #define SCTLR_SPINTMASK (1ULL << 62) /* FEAT_NMI */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 263ca29d92..4086423b6f 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3364,10 +3364,17 @@ static void sctlr_write(CPUARMState *env, const ARM= CPRegInfo *ri, =20 if (ri->state =3D=3D ARM_CP_STATE_AA64 && !cpu_isar_feature(aa64_mte, = cpu)) { if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA); + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA | SCTLR_TCSO); } else { value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | - SCTLR_ATA0 | SCTLR_ATA); + SCTLR_ATA0 | SCTLR_ATA | SCTLR_TCSO | SCTLR_TCSO0); + } + } else if (ri->state =3D=3D ARM_CP_STATE_AA64 + && !cpu_isar_feature(aa64_mte4, cpu)) { /* mte but not mte4 */ + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~SCTLR_TCSO; + } else { + value &=3D ~(SCTLR_TCSO | SCTLR_TCSO0); } } =20 --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637018; cv=none; d=zohomail.com; s=zohoarc; b=jBMoy4h8n3vSmT746chC7lBWd0NIgPQnk+4KpmcO1awu2anLGebYVQlA3ztwPX3b2U19ajpfuEl0fsu7Hc+XqttEP7u4JN9un0mAsn0C+3mqCjdThYCk81h/IjTPdcIRzhXq7W0jAsS7D7ghCMRJ+tR6bzUZTHhSjg6nNA9Hqmc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637018; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=JsFy8Iyum9ah2SkooVn94rXucxc4Cbh0xRfZphDpj7A=; b=GcYP+73HnqectdhWV6B7PT2WSOPwgXIAsTntSOpSzEeeO4p21zFX83HcWbAljfyguXGgpBBAPPHiPCEbwudp3DutHUdQz4Z1q0QenCI002HPpbA29RbHOn9mJO3cDkHpyrK5gEPg/XKoQrGWFwo+86xEFYwFEy3c8q8uvtNdPWA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176763701847814.665003235076256; Mon, 5 Jan 2026 10:16:58 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7W-00019L-Vx; Mon, 05 Jan 2026 13:15:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00015Z-67 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:51 -0500 Received: from mail-qv1-xf35.google.com ([2607:f8b0:4864:20::f35]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp76-00034o-10 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:37 -0500 Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-88a37cb5afdso25420916d6.0 for ; Mon, 05 Jan 2026 10:15:31 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636930; x=1768241730; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=JsFy8Iyum9ah2SkooVn94rXucxc4Cbh0xRfZphDpj7A=; b=RT2hpjnryePmIjObN1FkTJr27MBU5JLvSHLDKGNt437Yv9BD6l/f1mvKE5oiBEi+Lr qsLsgDwguHaBwgM+ORoyBNMH5Wkt/N7jcctEbEeSkXKJr3Hf/ny+ecb52pJTWi0lM82P yVmN3ykefbiwGHjcjBLPNJvPwWSLFqdo+XD6yaruQDjoQ2YTVi7dSURjSMvQP48ROuXu yw+OVh2pa+hCkvpRYyxwX3XtUbcual/TZSHHI7vLf876g8SCBErbaoEGId99PT8xdc2s qKhB+qiSLI8MHqRgbzbK3tqau9NQRb+iqhXI50eK1jdAhx7KnPTxnVIhIuxP1fdeaMHe eAEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636930; x=1768241730; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JsFy8Iyum9ah2SkooVn94rXucxc4Cbh0xRfZphDpj7A=; b=GUTAR9H1LGT+EL1BBnIZWwRbCxG3j5o3eAIVVzufVMt87FiLNcXrQuwUxQbxPX960M iO2vrlqTwUYW1OJGvZxsfSLQoRbJ7rMnOX7wyEC4c8FREzWsFZ6KMZvqGgvUCIE8CG6w BSgeaCqPnEoRCVxFC0Q2VwSPehuDV/xCk33YsGUHY+IS0b3kAbttIr7m22mpefEkYtg+ zmj2Djo8nljFcn9yj4NLo2BINmFLD4roRhxgXk48FkpWABaQI10NE2mzfTc0w86Fb05D GN967irHgfd57jS1aC1WKbrW3j969rqcUc0wzy4BDB8wKxoobL4bpZVE4WNYx7t5fn9J hO1Q== X-Gm-Message-State: AOJu0YzIDMdj6ekzPVFNEuXlRl7twikppugq98W+d5kjGWQIRONeTiF/ 3Z7zwtwnB16uGVKfrNhHu3tXNmyUx/E++sEMnzW2ICO+U42KOiAh/Z+t X-Gm-Gg: AY/fxX5f8nFd1ScxAPd1wydyDFca6hKYt8eGH7YvXnY0H8oZZY3Gdp6WraPQEBpE9CY gZNYSExOVyW6Y5SEb3coD/ImoSvtpV1b3uB+emO/za2vC7g04XvhF3ERejBXYCRGkPDHR08eqSg kegJs15CTQD7v5GiRsUhud2TdlSwj0A0UR9IlEOQ37szNm0xjANsd4GfrMwJ4AbG46xCv5lmZOh QFfhCnTXvRCr/pU6lJ8O7Wh243qhN4Qcc82yt0gUwpR3oUAMKmlPH6Rvq9310y5EZdQ53mR0dKX WfbTu+03tqtEOon4sPRlHAokfMmC6rvfkzDD4WFcSFs13XXLGJja8Pn/+CIsaWSGwYrza1nUV7P 9jwM4y3DFFbmKasyr26JQDddTgMMU/H9HA5S4HBcMvc+TQLYzYU5gPT2QxD+0y78r+QadB1HvPv axyctiutt/x2LWHsnhu0aJXxJJ X-Google-Smtp-Source: AGHT+IEaJcXRrOe3Dcc3gidmKy5VGVo3pwvdlerE6eUAquN8ACRKvMTcT7x92a+kdLjAS6JStjuNYw== X-Received: by 2002:ad4:5cc8:0:b0:88a:2867:981f with SMTP id 6a1803df08f44-89076993aa8mr1446086d6.13.1767636930277; Mon, 05 Jan 2026 10:15:30 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:52 -0700 Subject: [PATCH RFC v3 03/12] target/arm: mte_check unemitted on STORE_ONLY load MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-3-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=4634; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=nX8YQtvx/EZ/E/bQK1h3CLSfeL6r95IQJ8DtaChx8a0=; b=PhSTQBkGzHcBzkP+y8TI3mpqz63Qokgw5v6cCBHd383lAr/dpXcC80LjuuQUGy3Uia/xn9EpF bLXH0VsyPvvAI2JWZYoywLmjZ9VRPN/bO1mMgJ65VPQnVZP9F1nNjPr X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f35; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf35.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637020328158500 This feature disables generation of the mte check helper on loads when STORE_ONLY tag checking mode is enabled. Signed-off-by: Gabriel Brookman --- target/arm/cpu.h | 2 ++ target/arm/tcg/hflags.c | 14 ++++++++++++++ target/arm/tcg/translate-a64.c | 8 ++++++-- target/arm/tcg/translate.h | 2 ++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 393bfc0dc9..4087484faf 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2496,6 +2496,8 @@ FIELD(TBFLAG_A64, ZT0EXC_EL, 39, 2) FIELD(TBFLAG_A64, GCS_EN, 41, 1) FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) +FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) +FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 5c9b9bec3b..c4696af5d8 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -425,6 +425,16 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, */ DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); } + /* + * Repeat for MTE_STORE_ONLY + */ + if (cpu_isar_feature(aa64_mte4, env_archcpu(env)) && + ((el =3D=3D 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr)) { + DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } + } } } /* And again for unprivileged accesses, if required. */ @@ -434,6 +444,10 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + if (cpu_isar_feature(aa64_mte4, env_archcpu(env)) && + (SCTLR_TCSO0 & sctlr)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } } /* * For unpriv tag-setting accesses we also need ATA0. Again, in diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index cde22a5cca..8b39d5357a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -298,7 +298,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, MemOp memop, bool is_unpriv, int core_idx) { - if (tag_checked && s->mte_active[is_unpriv]) { + if (tag_checked && s->mte_active[is_unpriv] && + (is_write || !s->mte_store_only[is_unpriv])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -330,7 +331,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr,= bool is_write, TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, bool tag_checked, int total_size, MemOp single_mop) { - if (tag_checked && s->mte_active[0]) { + if (tag_checked && s->mte_active[0] && + (is_write || !s->mte_store_only[0])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -10693,6 +10695,8 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->ata[1] =3D EX_TBFLAG_A64(tb_flags, ATA0); dc->mte_active[0] =3D EX_TBFLAG_A64(tb_flags, MTE_ACTIVE); dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); + dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); + dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index b62104b4ae..206aadcb17 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -140,6 +140,8 @@ typedef struct DisasContext { bool ata[2]; /* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */ bool mte_active[2]; + /* True if v8.5-MTE tag checks disabled for reads; index with is_unpri= v. */ + bool mte_store_only[2]; /* True with v8.5-BTI and SCTLR_ELx.BT* set. */ bool bt; /* True if any CP15 access is trapped by HSTR_EL2 */ --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637026; cv=none; d=zohomail.com; s=zohoarc; b=eKZUQGYs8XTROeC/I0Ks+3Ux/SjN2h1Iux+No+hxZ0vKjo+mca41FCa+wxKFeA69r8+4RonhKcf2/6o0t84g7TgqOqBggKsn0KpIlrKbZ1YUQEnnLE1yHbreuNsTiraRrs1vR1nJzsit3N62EV1toxlU15u/S7yt9ZGui44qeOQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637026; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=BWmrXieWCSWbw5aDZUcuXmz1CVwQXvxz4s+Pt+y6UfI=; b=ndXg+dYEcKp9C5Ns3zz+D0LPqjHJL55ymoATRHAMuEqcG0sJaVWlEj6dNbyyR++mlTEPwOzArIzJjMKE3cbx2g7ux4VdHNLRYat1gNPqBHf20luiQdwz4NEtCdhlVYanNCUFMsHONxgwfjH4FmxNXjYteMHZLeRUMUZmJc8pdc8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637026590926.1494598561565; Mon, 5 Jan 2026 10:17:06 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7Y-00019r-SW; Mon, 05 Jan 2026 13:16:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00015f-6T for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:51 -0500 Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp77-000353-UE for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:37 -0500 Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-8888a16d243so1369766d6.1 for ; Mon, 05 Jan 2026 10:15:32 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636932; x=1768241732; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=BWmrXieWCSWbw5aDZUcuXmz1CVwQXvxz4s+Pt+y6UfI=; b=UaFzIHMNCwkGOcpnjf2PbzQvTTCTryUFFz8ZjD1UEeRHpNt106HTxqJTD3cJd9Z2df iA7uZ1HNmGONdGqoZf3j8RCdmNb0uIh3zHcCb2lgCpyXXEyyYs9bsPlN/C9mzXCHUhth FVvTUPZhylH4WW+rvSvzA+A9/8umG0SaKzqyeUThQqtoZF7QOsa5JQtjstPN9eKYrMeh 76t25XOCH/v0qv4dcLiOHoSKKJ8qc8C6L27bk0VrauWjCn5Ft0iQkUTeEftuxswrQiRt ssnA92S6RSQuS6E3es3LxmiA6TFrUPiGLJn2kTHMSiXZp8VEfnyxRiSWMT0jXS4P3Mrv Jrkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636932; x=1768241732; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BWmrXieWCSWbw5aDZUcuXmz1CVwQXvxz4s+Pt+y6UfI=; b=G4JIKxlYX0hwQzVJ3nQ1ZEAT0HjMumAatyNLcL84UgYc7aZe7f0VRKmw19ZxGumYgL WS/jASOlrnvpe0E1K8Nqk+mHeCR+3lZmhbr/WOAkQlZVSsJYZG+C9j4QUB3awCQ5hxuC +Z/H/CYkQxEsBuM7Nzi4PRnGNUh73KGtz2vbFFZZOhzgS+lEULyU9RbddLGIe0s6D1ea 41vGPJlWjC+9/kEUJjIqxh94K2/jRXhT+knTK9IUOMbfLiH39MSXqvKqZQ8oU2nwy4k2 PxKqMhBkeAhHOOrlloxlY61ZVEjBjVwEp6Nr81n4ouwEoo81vxLgCJDlCVlnzAsaw5T5 j40A== X-Gm-Message-State: AOJu0Yw8KjtnUevF3+FZSgLxJGlrCt6xt6WBV+0DGuconVnDVYI2b80l 3yYii05gQUzj3+OUChhMQcYjTDuPLtdHtDrR+xEyPYiEjhmWdXpINKKh X-Gm-Gg: AY/fxX7M523jYu8QWHAwAWVPPjtSQ0YmiCG9OsxkoX5GrAH1/NN0gxOOj681//VLlll xANGgrkDdcPIYxWDOR+ZwUCdol3443FbbqJ2tdGHQ+2v8Hcoz4MCX7f3TNt9k1mgGKT8wcGciOh EbU+zuxAYcwmbKDmtt7kaZgg83afEc0mtmjpaW0Tk4kyNqFd75GPUMktUN8FjiqE96PJckAKtb3 10RPR1UI+O93yfhpUMaDsWSJdV8oZKbjsL4VUGLXdspo0i2YiMLYLvj4DFa1dVK/9QM9tUUJALr +YmP9drWqAc8IwBefm1vQQ/cXEEqKRBdCIkksiIYMkYrOWMaDGqgeAH6h9NnNFHC9osU5rFcX4Y vfQcmHKbrdMXfztYTCO21D6L8Vzubdd3jldfr13lw6kvbIt6ltgr+/d2CFq71axe9CCx6PSIEFP UthwNh1deADbxv1VfQ6WTX+06M X-Google-Smtp-Source: AGHT+IHjF8qhvbll+f2NCJXDbsTu75jdWG8PTSweroZXAthjAwRbPR+5lN1OnZ8b6AJ7vJDwULlfQQ== X-Received: by 2002:a05:6214:5c43:b0:88a:342f:32a with SMTP id 6a1803df08f44-89075d1cce6mr7381786d6.14.1767636931669; Mon, 05 Jan 2026 10:15:31 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:53 -0700 Subject: [PATCH RFC v3 04/12] linux-user: add MTE_STORE_ONLY to prctl MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-4-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=2508; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=7iu0AGDmcowWfiZU7ESBith02k7QUQRf9isJWo39Au0=; b=vbCSYh9KWkv3PitmxrOhYznRIX9v4mkKzvCyvWXkCYtrno7dqUXMocBVOirwNyiocB2S9paCJ 0T/pVVcbeOECQ62/QYnTMhUY3tDSfHddMKKP5ytKf3Uhq4AFqESbNP8 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f30; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf30.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637028298158500 Linux-user processes can now control whether MTE_STORE_ONLY is enabled using the prctl syscall. Signed-off-by: Gabriel Brookman --- linux-user/aarch64/mte_user_helper.h | 3 +++ linux-user/aarch64/target_prctl.h | 11 +++++++++++ tests/tcg/aarch64/mte.h | 3 +++ 3 files changed, 17 insertions(+) diff --git a/linux-user/aarch64/mte_user_helper.h b/linux-user/aarch64/mte_= user_helper.h index 0c53abda22..afd2d6dbda 100644 --- a/linux-user/aarch64/mte_user_helper.h +++ b/linux-user/aarch64/mte_user_helper.h @@ -20,6 +20,9 @@ # define PR_MTE_TAG_SHIFT 3 # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif =20 /** * arm_set_mte_tcf0 - Set TCF0 field in SCTLR_EL1 register diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_= prctl.h index 621be5727f..5207580c1a 100644 --- a/linux-user/aarch64/target_prctl.h +++ b/linux-user/aarch64/target_prctl.h @@ -168,6 +168,9 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |=3D PR_MTE_TCF_MASK; valid_mask |=3D PR_MTE_TAG_MASK; + if (cpu_isar_feature(aa64_mte4, cpu)) { + valid_mask |=3D PR_MTE_STORE_ONLY; + } } =20 if (arg2 & ~valid_mask) { @@ -185,6 +188,14 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchS= tate *env, abi_long arg2) */ env->cp15.gcr_el1 =3D deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT); + + /* + * If MTE_STORE_ONLY is enabled, set the corresponding sctlr_el1 b= it + */ + if (cpu_isar_feature(aa64_mte4, cpu)) { + env->cp15.sctlr_el[1] =3D + deposit64(env->cp15.sctlr_el[1], 58, 1, extract64(arg2, 19= , 1)); + } arm_rebuild_hflags(env); } return 0; diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 0805676b11..17b932f3f1 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -20,6 +20,9 @@ #ifndef PR_TAGGED_ADDR_ENABLE # define PR_TAGGED_ADDR_ENABLE (1UL << 0) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif #ifndef PR_MTE_TCF_SHIFT # define PR_MTE_TCF_SHIFT 1 # define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637286; cv=none; d=zohomail.com; s=zohoarc; b=FErq7DMQ1dQ3EZEo4vnDkmEUP6HP4CkKZxKUZ0ZDqNUaon4/GFPqfo8hiQmlk80njV1VNta1ElifwEnvzjC1F8bNMU/ep6ioPqrJzaofYUwNlIc9LnkzObgLRTDUqZq3394cyVDfoqnibPbCT5h//T66JImMk1A+r0M00ez3Z9s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637286; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jHcTA6gvDp/xKck7gSYynyMsBMw427kEreNJmMaWlCI=; b=fJXzTH1ZERUsc3qFBHQlvljHKwsgp+AQJjn9pfkYMYJ9MURxR6P2JKDx/qCSAkfgT467p8j9RXwNDYLSS75yA093Yh6WgAWPWKs/l+8q7TKS0uAIcck6+72Co3nvftHjtCF38H5i/UoF4qWATEUnHtckqWno7gVtKE+YysjwROQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637286168960.6356838277869; Mon, 5 Jan 2026 10:21:26 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7Z-0001A4-Kj; Mon, 05 Jan 2026 13:16:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00015g-6v for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:51 -0500 Received: from mail-qk1-x72a.google.com ([2607:f8b0:4864:20::72a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp78-00035H-BG for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:38 -0500 Received: by mail-qk1-x72a.google.com with SMTP id af79cd13be357-8c0f13e4424so17283985a.1 for ; Mon, 05 Jan 2026 10:15:33 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636933; x=1768241733; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jHcTA6gvDp/xKck7gSYynyMsBMw427kEreNJmMaWlCI=; b=iDTlJo3/9tS3IbxYHvfZz7/Cs618fRjF1PMDUdTZuIyydWgZ+1zzUwbzdrTaSM1M0b e6e2ImcNG7Zn8VJOiu9g+5zfuAgdvfyvHON2HSkg3MkdrGplM7aiCHMFHm6lnEGke7q/ 1XnMxyfdB4mdjUfGfa026X3u2FnCGssW0c6L3kODXjNbv8rT0RoMgQKURfPpk0J3TbZU oIhRkRtqpV0MlsotvOH/GiJHOvbbMFxydrfaWdoECwgmoTZfkYDQWqFKDIGWlndYlvY4 zwrVmyBIQt6JTknAKu9qUR7onH24r+BemmscI9s19cSLdWOjRh8kSwRFhFZjXegIqlHs x4JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636933; x=1768241733; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jHcTA6gvDp/xKck7gSYynyMsBMw427kEreNJmMaWlCI=; b=YBHXANkoi+kf3DRNPBV+do+0qqqGojodTw2YxYC0vH2bUBiQAI8Ia9sws2UD2NXd15 8XGBTP20bOhhbgzSEa2+fPrFQJbC/d6qAEalScFRFp3qgz35XtAoGE35e4FuDUgz3OsC DlEVw5medW/K/i+gyu+3ZEJy0NOrdHvt79AKtmJ6S5ldWpRGpU2ygMRtpU0Uu8naGaPS VVTGOfRCyVttS815MGs1k10tLp+L50JPL2d0tmfxkuctMA89sAqym4VVVkGCkiclWIBt cCRiq9iBhvfDpUmOcK1tZRsiI6juMMHVW2M7niG1lBwPV50+kMVgn0xL3TyUscMk0zDm 9z4w== X-Gm-Message-State: AOJu0Yz9Eoja3tF4hjiDX7PbdOi5t+B4VcyW3Rogbrkavk87tqdgY4vT HBelfi1pFWletVL0AASt7lf7sTzr5qeKGLcM44yX0ub6m3KKxJ0rqAUE X-Gm-Gg: AY/fxX5CrYjU02ZXzhhJLtXZfF+4lXMgHfY4GSoz22g3rHRNVn7KIf9uA5A07N02XfL XE9r21DD9KDdcrsZtx2LXTsUDdVDMAp9qm68dbaz0iDtorVnWTkjXs6XDnvofpH8tHe0B9HQAii 2OQ9CGwUhMpWgk4y/RGpkEorxFu8WpjhbD2kAb6WIX9DWU6D9UtEzff7crabWKbRAvzipaoRBEM zrMPeJZJFDNtTD7eXnoRd3gzx5Qi7g4m4K9p7UrwuFRJ3nO4yHIMBQjk/bg+qI1aWW/3rtEydMf /YfZbG+R0H5tUsbGmNFsgfhUzJZwRcufhqor6SCQCn1GoyHl2+qnEtH1Wa0hbL5U9s1v4oqL3S2 h49D1Foo/X1xj4Ja04ivsPIAJV5Dl0bAxoNl+MVjBzqnhdcruwO4nfJ9ZYYhZC6VeZL5ipkzRx8 4FfXRslyQ8ihcW+k1m7HHD83DN X-Google-Smtp-Source: AGHT+IGIubFrjaDstDhy2HP0AvVgIuVu6sOCYDgkatRaaxDLLIIQsVe/1hGcWjayX1w34wXl5JnI9Q== X-Received: by 2002:a05:6214:2d42:b0:888:8088:209e with SMTP id 6a1803df08f44-89075e29387mr8275936d6.16.1767636933005; Mon, 05 Jan 2026 10:15:33 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:54 -0700 Subject: [PATCH RFC v3 05/12] target/arm: removed TBI bits from MTE check logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-5-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=4186; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=vOLU69w4oknJyo6gD2D8xBaLfCFyetC8olb1OJPcJpo=; b=2kr95j6I9M2WDVhFoE/v1Eu39vFnmhb5EFZ1ctSdedVzZl+ncM6v7GecktttoQPjVvIFXX3Dc K7NbWvpiZCcBAEtqhMfdzuA8cZdFDyKJhhifLZeJZsn2H2s0lM3uN2z X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::72a; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x72a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637287550158500 Previously, the TBI bit was used to mediate whether MTE checks happened. This dependency isn't described in the ARM ARM. See D10.4.1, Tag Checked Memory Accesses, specifically. Decoupling tag checking from TBI is required to correctly implement canonical tag checking, which must function even when TBI is disabled. Signed-off-by: Gabriel Brookman --- target/arm/tcg/helper-a64.c | 9 +-------- target/arm/tcg/hflags.c | 11 ++++------- target/arm/tcg/mte_helper.c | 10 ---------- 3 files changed, 5 insertions(+), 25 deletions(-) diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index ba1d775d81..f64025925d 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1050,20 +1050,13 @@ static int mops_sizereg(uint32_t syndrome) } =20 /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA bit means we need to do MTE checks. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) { int bit55 =3D extract64(ptr, 55, 1); =20 - /* - * Note that tbi_check() returns true for "access checked" but - * tcma_check() returns true for "access unchecked". - */ - if (!tbi_check(desc, bit55)) { - return false; - } return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } =20 diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index c4696af5d8..80d7ea9349 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -405,15 +405,13 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, - * 2) If Tag Check Override, then all accesses are Unchecked, - * 3) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, - * 4) If no Allocation Tag Access, then all accesses are Unchecked. + * 1) If Tag Check Override, then all accesses are Unchecked, + * 2) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, + * 3) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid - && !(env->pstate & PSTATE_TCO) + if (!(env->pstate & PSTATE_TCO) && (sctlr & (el =3D=3D 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); if (!EX_TBFLAG_A64(flags, UNPRIV)) { @@ -439,7 +437,6 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 942bd4103d..f0880991b6 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -819,11 +819,6 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, bit55 =3D extract64(ptr, 55, 1); *fault =3D ptr; =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { - return -1; - } - ptr_tag =3D allocation_tag_from_addr(ptr); =20 if (tcma_check(desc, bit55, ptr_tag)) { @@ -960,11 +955,6 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint3= 2_t desc, uint64_t ptr) =20 bit55 =3D extract64(ptr, 55, 1); =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { - return ptr; - } - ptr_tag =3D allocation_tag_from_addr(ptr); =20 if (tcma_check(desc, bit55, ptr_tag)) { --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637085; cv=none; d=zohomail.com; s=zohoarc; b=m6e6EHFofhnmqOVzH1FaDZmwUXN9tw7wfd6WJ18QXt1JzbKZC8VaniMx+JMa7y6iiKVfE9c3+5dwRrGFWz3BBZxFPpiHW601/XQI9M54HQA4Ie9d6VBv+H/DpwRwWA30yvvkShgYxyEr9no+HOvBjfJINFba9HLri3rwMwSX0jo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637085; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Ml7un2JYan4JZ2DqFFqoRcBOVZLlzSMUuwc+EQI1f+k=; b=UKWnw8PF/zgo30B/XfCTFBkYhAJ+/q7CQM6vbC4s/zybv9YQJ9QJiUZVhzPdD/QNhCXVLOWukajNJcFBN93mv3r3O8XLpv3eLBWE+BiXych5y76HoVN7iVmGEJ5C/bQWGxbkm4mtnq0gEQfvtCc57XfHxRfdcdkksPrIn3S37uo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637085857737.556996330237; Mon, 5 Jan 2026 10:18:05 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7a-0001AS-F9; Mon, 05 Jan 2026 13:16:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00015a-73 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:51 -0500 Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp79-00035q-NQ for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:39 -0500 Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-4ee257e56aaso2309611cf.0 for ; Mon, 05 Jan 2026 10:15:35 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636934; x=1768241734; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Ml7un2JYan4JZ2DqFFqoRcBOVZLlzSMUuwc+EQI1f+k=; b=BmSIoYKHZ11h9uRRVEEqRFavpEHotqqcEx/RTcCnZCJ5TwDyRnd70u8RHO43ieA6aX TatOU0ZmtXVVzLcNgcvX5PgKImwdSZTUdXNW04Un+Ox9ORLP1g6TIEJjKX5AzDHp4m/T gISy8ddmR9ijry+84jEc1oIRGKYna2msYWKn+3RX94F/s6uibCy0F2agU6aNgCU6x4QK CLf3v1viGAfyfSJKlHmIz2FyeVRN2snE2kmg37vZvrIT8ZeQq73f+AQ0xZWD9zJPmCeD fR7J+GWwtXaToDDYXDQ5mjxVZs4eXzMg9Zm/EMeRpuou7jFC3739DYTc2hBtEu0eyllQ on4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636934; x=1768241734; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Ml7un2JYan4JZ2DqFFqoRcBOVZLlzSMUuwc+EQI1f+k=; b=cmAapLrkDBXLJkUrFrNLh3oTkCSrKaDT3nLyrdmk/Cc/ap//qc8ICjOXX9hMoxyBvk DHMujOlp1TG/fz1HND51O1ZyPwpHad+Dwx2InZ8UhFXpadHomS+zcq7Jf0yCOhOEam1p 2pvq3rSOhwEWD1beFx91upgqfkvXRow3gzhDb0IoFOeS8nYd9F664qXXmVmgNohvcxfD aSNm+MVEXP5I78nCXK282l0CSRLRsAZf+vFvF8ZNBlLGXiRZm6kr2fGq+uvdGNudIp9N kJfsU/sS7k++PlsqpsLpGWTsMA8EHH9G+3lWDUNdkRfXFmOoX0EV9HewK15a9lZB2XnV XyyQ== X-Gm-Message-State: AOJu0Yw+PZ+EQr/d6SWVNvl5/BkLnS8k7wd9G9GupNhebSrCqGPBg3Gg r9FRl3OOeUJ2edYxiP9PCfk/rDz/9wFktMQqGFTPtQfO/1fx/0RKfkWN X-Gm-Gg: AY/fxX4BW1yLcpYzAAgKu25Qk2uV0Kl/fdqm9L9Eoc06IBBCuvlOLPTlt61ak9mDaGA KsryCGskNaFGxbZZI1CNE1XhR2VV39OVzrXIt8cONtICqMGs6MILeTdpnAOPAiGzHrBTFwKHsl+ 6TNgdT/Ae3g59xBA7S3DNiPukj8qvbFyRAgi7JuR8+yG2/BWkC36idyr1B5W1cAaiJO833Mq3Tg Nm/qZh1CrgXe8Xqz2hj0GbWkT/gT5ExyO+IO2MicNB50tctHbS/AsuhxqIg93HOtr29+Y3NKbE+ ofzHAeLo811QCsX/k6YcwjcWPKUYW9DnVpCn99T2FN4rVWEidtcV1ydd0iaZ4BA8GznLRQXnQQa P4aCcYcVqsxP7Aq72maKleatzzaVj5cSoh40j4ym4ziiZnKwsUIqxWzwnWw4nWwx+zBn9o3dOPi Tn1le0cqpMGJXDo2aXvWervldH X-Google-Smtp-Source: AGHT+IHr+x/IjT0QIT2CbklXqqMp8ADrlLfoRgJchHV/9VmUJ6XIgdqXs0tTLRVjaAcV9bbl8Nk/iQ== X-Received: by 2002:ac8:5fc6:0:b0:4f1:b362:eed7 with SMTP id d75a77b69052e-4ffa854b3e4mr606101cf.42.1767636934288; Mon, 05 Jan 2026 10:15:34 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:55 -0700 Subject: [PATCH RFC v3 06/12] target/arm: add canonical and no-address tag logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-6-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=3168; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=tIJl4Lc02rje7QgPc8RjqQ13vUOzyLWd41MME0JFBQ0=; b=/LQio/HGOHXTZjTFlmqyPvTkg0cmfFCRKQ/AzQEYUXMR7AT5ArmXBp3R6dd0eH89Fk5lbqwkO KQeuXP7eVHSDM7pg/QlMOIqdZB6MHItzkK0J/kjaApGjCzVFvakhgvy X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::829; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x829.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637086696158500 This feature causes tag checks to compare logical address tags against their canonical form rather than against allocation tags. Described in the ARM ARM section "Logical Address Tagging". Signed-off-by: Gabriel Brookman --- target/arm/internals.h | 29 +++++++++++++++++++++++++++++ target/arm/tcg/mte_helper.c | 20 ++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/target/arm/internals.h b/target/arm/internals.h index 9cd4bf74ef..31d37b80fb 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1633,6 +1633,35 @@ static inline bool tcma_check(uint32_t desc, int bit= 55, int ptr_tag) return tcma && match; } =20 +/* Return whether or not the second nibble of a VA matches bit 55. */ +static inline bool tag_is_canonical(int ptr_tag, int bit55) +{ + return ((ptr_tag + bit55) & 0xf) =3D=3D 0; +} + +/* Return true if mtx bits mean that the access is canonically checked. */ +static inline bool mtx_check(CPUARMState *env, bool bit55) +{ + int mmu_idx; + uint64_t tcr, mtx_bit; + + /* If mte4 is not implemented, then mtx is by definition not enabled */ + if (!cpu_isar_feature(aa64_mte4, env_archcpu(env))) { + return false; + } + + mmu_idx =3D arm_mmu_idx_el(env, arm_current_el(env)); + tcr =3D regime_tcr(env, mmu_idx); + + /* + * In two-range regimes, mtx is governed by bit 60 or 61 of TCR, and in + * one-range regimes, bit 33 is used. + */ + mtx_bit =3D regime_has_2_ranges(mmu_idx) ? 60 + bit55 : 33; + + return extract64(tcr, mtx_bit, 1); +} + /* * For TBI, ideally, we would do nothing. Proper behaviour on fault is * for the tag to be present in the FAR_ELx register. But for user-only diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index f0880991b6..6827d030dd 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -825,6 +825,14 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, return 1; } =20 + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is MemTag_AllocationTagged. See AArch64.CheckTag. + */ + if (mtx_check(env, bit55)) { + return tag_is_canonical(ptr_tag, bit55); + } + mmu_idx =3D FIELD_EX32(desc, MTEDESC, MIDX); type =3D FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_= LOAD; sizem1 =3D FIELD_EX32(desc, MTEDESC, SIZEM1); @@ -961,6 +969,18 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint3= 2_t desc, uint64_t ptr) goto done; } =20 + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is MemTag_AllocationTagged. See AArch64.CheckTag. + */ + if (mtx_check(env, bit55)) { + if (tag_is_canonical(ptr_tag, bit55)) { + goto done; + } + mte_check_fail(env, desc, ptr, ra); + } + + /* * In arm_cpu_realizefn, we asserted that dcz > LOG2_TAG_GRANULE+1, * i.e. 32 bytes, which is an unreasonably small dcz anyway, to make --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637703; cv=none; d=zohomail.com; s=zohoarc; b=nCVzj+P2ZwWERq00TjuuOtXsR9I5NDfaAaz652bBKeM68WNmHdsiELc3CR/vC69a/6M9mGNed93LUNQEDuOMAQnuWqL1lEA66IP5cgv2LTLhgTneR0aCuzO1cNG8GLC2poXXltwPh3Zm5DgNHbgqlTFT8IY0WohGeK4h7+oS1WM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637703; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sxmWOzIuS7iVVisp5U0jb8AqsMyDZln6Qiom5QmVA/c=; b=bLbc83y5pqG01LdxQHFirQZbB0/6f3aXMaOs9dr2d9fDs/WpHG2DACsZ9MChRt2MGH+nd5jtpXpkY8ZDXGj+g83Al0MwM5zv6P8UsmBZAp7SLmiu3Goi+a/WAhvqQ5GmA05PsnHG/IfVyOR/5vgJvcmvzvs2CnVN1GLgvCT77BU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637703255388.4836953748945; Mon, 5 Jan 2026 10:28:23 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7Z-0001A1-3u; Mon, 05 Jan 2026 13:16:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7T-00017O-P1 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qv1-xf2a.google.com ([2607:f8b0:4864:20::f2a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00036G-E9 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:54 -0500 Received: by mail-qv1-xf2a.google.com with SMTP id 6a1803df08f44-88860551e39so1144686d6.3 for ; Mon, 05 Jan 2026 10:15:36 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636936; x=1768241736; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=sxmWOzIuS7iVVisp5U0jb8AqsMyDZln6Qiom5QmVA/c=; b=VEzRtqm2WvqX9SuMMEMoYSdV0PUPECIvcktJ7RLOdw7d2AAZuX/zaq3u7cItfjdKSr Gk3AxOwIleS7XJ6XtKklI2TsfDLgqW1ffTWGFLSegTDmOm9GwoqotdXy9jKmk+W0UvlJ vkakIURzB/ykPJglWvSmXGYZBB3TfBEXU3VKyiMBFwABn2sHgKRCPFuTHKUGdKot5pie CWBcTXT752LQArSpZQCT8B98FjEoDkndmnm+IGOPT9CFj0+FnyXU5+DVdP0qMpEPccGr vjyJVD4/ykfXDLqN+0eRh08kMoHEnqxvYXkVNROI4KWnc2+IFbTGlUKj0XVvikTcmxUo t5jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636936; x=1768241736; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sxmWOzIuS7iVVisp5U0jb8AqsMyDZln6Qiom5QmVA/c=; b=B5GS/Or0UO26EQBJnKNGJdKuB1aVGoYkreZTHDvvjewV+Wq4h8cJvrnvAxL//QXlRU zuIw1lJWgFUKIxSjitxMoJ464lBvTwQuwUfQfTp90KJUSpGwvBCZqyXj+54usLvXHNLy P1Hrc3JElak3+99lJjkvDV5UG3AuigTpeetIap+5YK5FG41otzPgH5zX1DYEhPrPSZDw DAG3uyIzE4pRQ8Md1qEWJAKwuQA98mFhEzIbO2HCMllxN0mg09jsVT1HSqG7+sWVVN94 wtxEbpav9rcvjZivNG0ET+5qXWT8NJmU8pN5qBBhoxmriT8pFcNftRawXoPmcbKYjRHt Vl3Q== X-Gm-Message-State: AOJu0YwdnzMIUeGqRq0PlXF5gYGeHynuGQ5rSuyO2NyhU55v95lEPurc kebulcxiZOZ7NZvBC995erNvYnld1aX+RBj1jzE/PoCDtztNWw/sC2cKvop50g== X-Gm-Gg: AY/fxX5mK9Or3Uvv6ttvQ4/BVBEbW6j2S3+NZu7tajMZ1uItKbYmYgY1HUlbRAub4Ed FJLreVJfZz6yqnh3lIMnYBqk0fqnXPVv8G/s30WdqdDuVczinROflmcXHi9az6jdl7WUFvKxvGW j/CpKHX5QmAh74Pc9Ndagup/byaU1HW1oXO+VY7AW3WkTzrdGM+GwHeSQormG8C3bcF+1pfOenp lCLkKOTYPhLsezYZwzcxA/CCiMfNdydhODqlaHN2AWCWQyD/5KjVMraVYDoz3DIGE8BMFGVPf3s FwMtdKR5g5I+ypT96LKQNWzX68wMjPJMiCxBunUS/0wy0NVfqXKyFb6TNta2YsJdROVwsZfqf4+ LJ6ADtZWpwkRC3zIHtt4jvXzLg+PZOyfGYm5JHO/v9Ts6f9RlEUeSbjHMQObMJaICctaANsk13m 2NEJey3F/1t0Y9g+wAXsDmeyHB X-Google-Smtp-Source: AGHT+IHRr6WLlgnCzO9QYqt0pvynJC6ksLR5wXMj7GzpWFM9bnE8AUEjslEfz75SIKmHlaUbP8zSPQ== X-Received: by 2002:a05:6214:21c7:b0:890:65ee:115b with SMTP id 6a1803df08f44-89075ce89aamr7899386d6.5.1767636935635; Mon, 05 Jan 2026 10:15:35 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:56 -0700 Subject: [PATCH RFC v3 07/12] target/arm: ldg on canonical tag loads the tag MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-7-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=2899; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=tbFNfZyKp+1ZA4wXWb9GVCgQ0bgmepo0KgHb03QDkaY=; b=DBg52ZEmwdB093txQCKZWyPSQ5+B0B1+YXDPeTxxaTXLNCqajMRpMMc/RY1NCpFxMrcxZPE8q GSwaANEvQGmDlLFpdgxjctAklvHCH25zyK8wJuRSDsTev7O1A21r4/d X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f2a; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf2a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637705678158501 According to ARM ARM, section "Memory Tagging Region Types", loading tags from canonically tagged regions should use the canonical tags, not allocation tags. Signed-off-by: Gabriel Brookman --- target/arm/tcg/mte_helper.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 6827d030dd..795a5ad20b 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -310,9 +310,14 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, u= int64_t xt) mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD, 1, MMU_DATA_LOAD, GETPC()); =20 - /* Load if page supports tags. */ + /* Load if page supports tags. Set to canonical value if MTX is set. */ if (mem) { - rtag =3D load_tag1(ptr, mem); + uint64_t bit55 =3D extract64(ptr, 55, 1); + if (mtx_check(env, bit55)) { + rtag =3D 0xF * bit55; + } else { + rtag =3D load_tag1(ptr, mem); + } } =20 return address_with_allocation_tag(xt, rtag); @@ -463,8 +468,10 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) void *tag_mem; uint64_t ret; int shift; + bool bit55; =20 ptr =3D QEMU_ALIGN_DOWN(ptr, gm_bs_bytes); + bit55 =3D extract64(ptr, 55, 1); =20 /* Trap if accessing an invalid page. */ tag_mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD, @@ -490,19 +497,35 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) switch (gm_bs) { case 3: /* 32 bytes -> 2 tags -> 8 result bits */ - ret =3D *(uint8_t *)tag_mem; + if (mtx_check(env, bit55)) { + ret =3D -(uint8_t)bit55; + } else { + ret =3D *(uint8_t *)tag_mem; + } break; case 4: /* 64 bytes -> 4 tags -> 16 result bits */ - ret =3D cpu_to_le16(*(uint16_t *)tag_mem); + if (mtx_check(env, bit55)) { + ret =3D -(uint16_t)bit55; + } else { + ret =3D cpu_to_le16(*(uint16_t *)tag_mem); + } break; case 5: /* 128 bytes -> 8 tags -> 32 result bits */ - ret =3D cpu_to_le32(*(uint32_t *)tag_mem); + if (mtx_check(env, bit55)) { + ret =3D -(uint32_t)bit55; + } else { + ret =3D cpu_to_le32(*(uint32_t *)tag_mem); + } break; case 6: /* 256 bytes -> 16 tags -> 64 result bits */ - return cpu_to_le64(*(uint64_t *)tag_mem); + if (mtx_check(env, bit55)) { + return -(uint64_t)bit55; + } else { + return cpu_to_le64(*(uint64_t *)tag_mem); + } default: /* * CPU configured with unsupported/invalid gm blocksize. --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637160; cv=none; d=zohomail.com; s=zohoarc; b=fnp/NSPExMfx8aEXY3yVGrnqHPc1rdVxGHdRjnsx2tA1bhnzS2Np2/FRCa56yMo11nZIUn/K2uU9EEs75lSBP0qiz9is/vqRoikcmFDj7YqUOk8fboGoXD3UDsiamjlmoxGpCGCx/g2T2KPhUR1R6u7l6a1uyrrGmu2FPjuWYaU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637160; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/9Fx5rLfzSRK3bLfXlACPoaE0s79Ml+6B18vzxJguro=; b=XKVXWIJkmD4QsZ8JsRHQ5josK9+NlcS4YaZ1CwhJ7Aj8cKKNHsxeAVqBVgCIiz9bql+GW75W57Rh0awZdPQbA5o36LJn8NaO9cUk4HQ/ou07LFT9Zr32y0l409ugNnP/qE4p+o9oFLSG4tfOQBZA/vxQ3jrVTDOQZxPBlh4f+C8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637160840510.4172458871734; Mon, 5 Jan 2026 10:19:20 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7a-0001AY-FU; Mon, 05 Jan 2026 13:16:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7U-00017S-24 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qv1-xf35.google.com ([2607:f8b0:4864:20::f35]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00036X-F9 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:55 -0500 Received: by mail-qv1-xf35.google.com with SMTP id 6a1803df08f44-88a35a00502so1459246d6.0 for ; Mon, 05 Jan 2026 10:15:37 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636937; x=1768241737; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=/9Fx5rLfzSRK3bLfXlACPoaE0s79Ml+6B18vzxJguro=; b=RFFkaQwSYDSlkqo+gKhVj6PFok1mcNm9H00txbhy/W5K6Hw+l/EsgSc4FXiqF2kZps r2adOtMYG7qovn2RQMhmZDHc+qWQf1hyVgvFoGUZz+2+JzQKiE02UXjT3p6hHDut6tAo kWEffeej7sLByWs8DGUlZaBDD9NQWeFKI72+xwmES/pj3yiI15hwwhc8dQNOInmjn36y 3nvraUANT8lIqEkCqF8zBfLtor2coB/I10g2brftwwRjqW04re5zLIqOnpXxZCJRXIb1 llZuvee2QPl/muYBpRZVqyFQmPThXV6Isw8K/0+5KMANsOwpGHCy7vwRYbMm0+4gcAjq njrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636937; x=1768241737; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/9Fx5rLfzSRK3bLfXlACPoaE0s79Ml+6B18vzxJguro=; b=M9s24XpwqTJSAvbs2g3AGeimsRcF70GzyU1se/0qK2ITzmZR3zseOKs2X0eX/S4Nwl /Mo7TNhE0ZR9ACzgpj7i+4qd34fGjXZF8XxKJEI9BD4zWxzzbxguQEtZSFJ65AU/W89h NTHlYf8ayaFHTgQj28p8FhNKVn597FvVKK3qjdRv7kg47bHtkSwpEZXkifdm2zaeTs5n dZZws3EH5dx0DrXXv/E6oqsSZfwViPzDO0kEZTxiJskxGMC7Ap38PgKZRv2V5qkF2bUJ B5bKDVa4rj7vJNs9cRyXjD2syU4svaEVhMz7iKICNE6igktKWuahFBDOA8pHN04LE1x7 RvCA== X-Gm-Message-State: AOJu0YxsVkKSHNCKgR32RLrb50I8BjZuNyvlGhURs1GOPzht1kGYuvXP lo4DmQAyulrn8bxr9icqAoy1m/0X5fSKBARcchraVfQNTdgq/A4sRKrK X-Gm-Gg: AY/fxX7dhZyjZDHRE4w0pdjzRB+cYtdpXK5mnQCMrJf6iEV+m3HulBOcy6uPHSyU9PI 2HagIVHQKQDFA5fzkhtql7Nnxq+No6sU33IxWksz5D7IYRBPphvzb3Q6omX4Zu9grpVBHT7QJxM 3EiJojnFtCP68WN0elWVRZlDBSbpuqGQcOQOdf69DTufe0iZk4GHmw5UtWM+0qETFYlQWTpJstp nwfSdqArxLS+zZgCpvhisVFL8PwI1UNfhVWt4FN2IhSD6tnH7fjgELJ8hY2O0jXUBeI2esKjqJ7 4BodH73htJUfdBLFlQTvVcQx6A/vWPW8i6PG6FXNzBWd+BEgUGiC2kG/+A1RtnOpCaivUCCLXCI SDUy9zN4gxFj004E2hIzpEZFmSih3Qb+5FBD9pmqZ9iPgS7993YXuMY4Yl1paUo3aTkLmAWl4i+ tqbJZCiIXD7X/nUDShaMyIZKXn X-Google-Smtp-Source: AGHT+IGH0yXr0l71SERYlH3uPyirXQAI7liNy2+TqYI4q0I2pPz76zhuNWbwN83FnL+DB/uz4WD+3A== X-Received: by 2002:a05:6214:1306:b0:87d:cad9:ccba with SMTP id 6a1803df08f44-89075ce86a4mr7720336d6.14.1767636936937; Mon, 05 Jan 2026 10:15:36 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:57 -0700 Subject: [PATCH RFC v3 08/12] target/arm: storing to canonical tags faults MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-8-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=3655; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=CcVL5fRovpSirzVToytYO4z5WjM+viKj7dzMRsgL4n8=; b=L3eBBGvMSl3dbAJ47+QpgN+q6PinoV2TJRj5h3VA4xv2vaoatW8f0+18BKcnj8F5mEJu+hoXv fam2POjTgaBArYmdd30LJxysWvUOoHws02jKLvNFwYN2bmQUqQDg/Rj X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f35; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf35.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637162991158500 According to ARM ARM, section "Memory region tagging types", tag-store instructions targeting canonically tagged regions cause a stage 1 permission fault. Signed-off-by: Gabriel Brookman --- target/arm/tcg/mte_helper.c | 44 +++++++++++++++++++++++++++++++++++++++++= +++ 1 file changed, 44 insertions(+) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 795a5ad20b..8f06ed3162 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -227,6 +227,20 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, #endif } =20 +static void canonical_tag_write_fail(CPUARMState *env, + uint64_t dirty_ptr, uintptr_t ra) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(arm_current_el(env) !=3D 0, 0, 0, 0, 0, = 1, 0); + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, exception_target_el(env)= , ra); + g_assert_not_reached(); +} + static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -363,6 +377,11 @@ static inline void do_stg(CPUARMState *env, uint64_t p= tr, uint64_t xt, int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + check_tag_aligned(env, ptr, ra); =20 /* Trap if accessing an invalid page. */ @@ -390,6 +409,11 @@ void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + check_tag_aligned(env, ptr, ra); probe_write(env, ptr, TAG_GRANULE, mmu_idx, ra); } @@ -401,6 +425,11 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, int tag =3D allocation_tag_from_addr(xt); uint8_t *mem1, *mem2; =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + check_tag_aligned(env, ptr, ra); =20 /* @@ -449,6 +478,11 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) uintptr_t ra =3D GETPC(); int in_page =3D -(ptr | TARGET_PAGE_MASK); =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + check_tag_aligned(env, ptr, ra); =20 if (likely(in_page >=3D 2 * TAG_GRANULE)) { @@ -548,6 +582,11 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint= 64_t val) =20 ptr =3D QEMU_ALIGN_DOWN(ptr, gm_bs_bytes); =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + /* Trap if accessing an invalid page. */ tag_mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE, gm_bs_bytes, MMU_DATA_LOAD, ra); @@ -594,6 +633,11 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr= , uint64_t val) intptr_t dcz_bytes, tag_bytes; uint8_t *mem; =20 + if (mtx_check(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + /* * In arm_cpu_realizefn, we assert that dcz > LOG2_TAG_GRANULE+1, * i.e. 32 bytes, which is an unreasonably small dcz anyway, --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637310; cv=none; d=zohomail.com; s=zohoarc; b=fmxgPu7uN3qBsqiX7l5r1N573NKL6A5mpz8Yh3ARmJ5j6LzEWnhNuOlJmBLSliQuxCjvxQRyL4GmWcL72arhQY38FWECR1HF+vX0zrX+kVXt4iNEau0ibPazcRJEnBIm0sS0poBHsjhsANzbUwVNAa+PM0yYfxDFbJflEeKHjfA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637310; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=K1wY6K4tRJI0JdX7e3qGoxLV7SdshDJLqi/7D/etC/8=; b=DX3VTzNapVCEAT7WtMA1qGFZbv5p7ea/XPO9JeyJNoSXf1ew8D1rC670yGBpUC7/yFv0k0bG5D/R4qpZDAz3JFvISaDCxTMwGXDu6EWgBEP8ag3rGDAFRGggIUACcIGeCytIY4+89yRwy3XU1yPEbcnPdye08HBLCaSG6t1vfF0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637310864542.690487566307; Mon, 5 Jan 2026 10:21:50 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7Z-0001A3-HM; Mon, 05 Jan 2026 13:16:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7T-00017L-K5 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7O-00036p-Nd for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:53 -0500 Received: by mail-qk1-x735.google.com with SMTP id af79cd13be357-8b144ec3aa8so18119885a.2 for ; Mon, 05 Jan 2026 10:15:39 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636939; x=1768241739; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=K1wY6K4tRJI0JdX7e3qGoxLV7SdshDJLqi/7D/etC/8=; b=MBMpY++6eUtNy4bW2jPjejI9aIJk9nLUzi72FcD5SdqBPIyUKfSBpQNFsyEsKoGtvG yHgt/XBf5Oh9GxZn0LaRpC+zb2c0nx56XwYhmA+ihl6/KEjul8q/RvuzUovvY59+o6iG 5kNNkQBiWm5TWHuT037sUHuDtTCVw6YgbDtjaCWxjD5fEC2U/W8S35PVSGiMvUGpLFX1 q/v+dZsUfzvu9LKdNv05MsRn7Lfv65qTaOUtyWK/33mM/m9+8Srx8S034ZpEBPpuvKX9 McOwKQWdTvMt8PjVbNWKz1Mr0hw8CvtuwqE/a+rXcaDpijMN+ssKD/YGZKE4t1DOp5+1 FHSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636939; x=1768241739; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=K1wY6K4tRJI0JdX7e3qGoxLV7SdshDJLqi/7D/etC/8=; b=I7mYDng/cGmaMbO2BNbbpLG0z3isI7OvU7amn1AclgrjfRh2RQrZhZ9I3QPJWSojE5 9fV0397SPjlkGPFN9G/aSyitNu0eujV2uLsDewht5HLZVoa/VGLjh7M4d2niDK02ATaO FRFQzramqcK55qE9Z2pY0vNoFRPIiBUhuex5KShlPkXNeLWEjJIvP0y8DyIOLNZzRA4V zmh2//TDYpaqJhro6P9TcYAz9lwJAHeNElZ/4026liTKuXhFfxmNzpPXyWalF21BXtNX jR8EVuwR1kqVccpBjiLq7zBaZdXCLLVxFS5P6oMYnyg/ZBHvM4b0VwqF0iAtL6a6JKNK 7ENA== X-Gm-Message-State: AOJu0YxpBKWpaW1vlHe4lxF2zqE71LFLYBhNidZSYMlFXUY0kM1BvZAE M2UDDRQvXKVkzcZvoOv8TmNZrTnOKXz6KJxbUdk5PyOQQ4Zsiw1i4ETH X-Gm-Gg: AY/fxX4o6Z6P4QbbtaFrxckGgv3f293YLvaoZEP9xVhn3R0zZK7tEXeCXksp+7Wosw5 wChP6WtQIRVQQPK846OvZsTNaQqHxztnJ6yyUmS/WBtWdTCB6IjwG1UdgbM9zk/GCP1sTgmzV3v 60sNMK1VnvIsII8uQj9CKXV7ZfPVH2wPsQ/lNiRunSeC1gASBAQMHAsV1SdQOJpg1Nb8c3uvIWH TDf758teswSR3+wREfvGCTiYTFDehsBCiGdAZ1tydx05d+zT87Wy24dNNmySkbH30UqfSYFNbdb AxqB7uxIehNMXvw47U5IRRh4AhyOdoCwJulwOs1OwQrD05fLyxl2M9AEfrs8uGDaZ/ZwXkN1TTi 2QVEGUqN3FVXEvp1ll+DwLCsprETqGX4RGBFP+nXity23PefSQA6/TpjoZisDqLFLDKMTqRq97Z EBqxc0xWLkmG/5zg8nfJPn7a0M X-Google-Smtp-Source: AGHT+IHu4Z0N0QvrVyu3+3zXUr8imkbQtAqNuzklhU5BCVSRMP+UIRmcQkpjkNCjnmFEOD9FaTMIqQ== X-Received: by 2002:a05:6214:540b:b0:880:5279:98eb with SMTP id 6a1803df08f44-89075ee422fmr6137026d6.44.1767636938361; Mon, 05 Jan 2026 10:15:38 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:58 -0700 Subject: [PATCH RFC v3 09/12] target/arm: added mtx to translation logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-9-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=5998; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=zAdkFwmk5od3EWhS9syG704jByQ4Vosg39i2u0hIl5o=; b=+yhPulw8RtzISRacRkwfr5ieKJ8Ggx22lAf+XU5bThizmwSlyF/fYLsCQxqDnUZgMuSuD4zjL X7o8Z12kJmlASzvMuMf5HNz8WcIfoSP5rS2f3gmrXFvoai9sEaoaohL X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::735; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x735.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637311582158500 Added translation logic to ignore canonicity mismatch in tag bits during translation step if canonical tag checking is active. Signed-off-by: Gabriel Brookman --- target/arm/helper.c | 16 +++++++++++++++- target/arm/internals.h | 2 ++ target/arm/ptw.c | 28 +++++++++++++++++++++++++--- 3 files changed, 42 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 4086423b6f..5e8b5b1bc5 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9579,6 +9579,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { @@ -9703,7 +9713,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, { uint64_t tcr =3D regime_tcr(env, mmu_idx); bool epd, hpd, tsz_oob, ds, ha, hd, pie =3D false; - bool aie =3D false; + bool aie, mtx =3D false; int select, tsz, tbi, max_tsz, min_tsz, ps, sh; ARMGranuleSize gran; ARMCPU *cpu =3D env_archcpu(env); @@ -9740,6 +9750,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ha =3D extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu); hd =3D extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu); ds =3D extract64(tcr, 32, 1); + mtx =3D extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte4, cpu); } else { bool e0pd; =20 @@ -9755,6 +9766,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 12, 2); hpd =3D extract64(tcr, 41, 1); e0pd =3D extract64(tcr, 55, 1); + mtx =3D extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte4, c= pu); } else { tsz =3D extract32(tcr, 16, 6); gran =3D tg1_to_gran_size(extract32(tcr, 30, 2)); @@ -9762,6 +9774,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 28, 2); hpd =3D extract64(tcr, 42, 1); e0pd =3D extract64(tcr, 56, 1); + mtx =3D extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte4, c= pu); } ps =3D extract64(tcr, 32, 3); ha =3D extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu); @@ -9861,6 +9874,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, .gran =3D gran, .pie =3D pie, .aie =3D aie, + .mtx =3D mtx, }; } =20 diff --git a/target/arm/internals.h b/target/arm/internals.h index 31d37b80fb..e3e36300f8 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1395,6 +1395,7 @@ typedef struct ARMVAParameters { ARMGranuleSize gran : 2; bool pie : 1; bool aie : 1; + bool mtx:1; } ARMVAParameters; =20 /** @@ -1410,6 +1411,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 9f864fe837..f95034a2a8 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1939,7 +1939,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1T= ranslate *ptw, * validation to do here. */ if (inputsize < addrsize) { - uint64_t top_bits =3D sextract64(address, inputsize, + /* + * If MTX is enabled, bits 56-59 aren't checked for canonicity + * during translation, since they will later be checked during + * the tag check step. + */ + uint64_t masked_address =3D address; + if (param.mtx) { + masked_address =3D deposit64(address, 56, 4, param.select * 0x= f); + } + uint64_t top_bits =3D sextract64(masked_address, inputsize, addrsize - inputsize); if (-top_bits !=3D param.select) { /* The gap between the two regions is a Translation fault */ @@ -3487,15 +3496,28 @@ static bool get_phys_addr_disabled(CPUARMState *env, if (arm_el_is_aa64(env, r_el)) { int pamax =3D arm_pamax(env_archcpu(env)); uint64_t tcr =3D env->cp15.tcr_el[r_el]; - int addrtop, tbi; + int addrtop, tbi, mtx; + bool bit55; =20 tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx); + mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); if (access_type =3D=3D MMU_INST_FETCH) { tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx); } - tbi =3D (tbi >> extract64(address, 55, 1)) & 1; + bit55 =3D extract64(address, 55, 1); + tbi =3D (tbi >> bit55) & 1; + mtx =3D (mtx >> bit55) & 1; addrtop =3D (tbi ? 55 : 63); =20 + /* + * With MTX enabled, bits 56-59 are not checked according to + * AArch64.S1DisabledOutput. + */ + if (cpu_isar_feature(aa64_mte4, env_archcpu(env)) && mtx && + access_type !=3D MMU_INST_FETCH) { + address =3D deposit64(address, 56, 4, ((mmu_idx) && bit55)= * 0xF); + } + if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0) { fi->type =3D ARMFault_AddressSize; fi->level =3D 0; --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637662; cv=none; d=zohomail.com; s=zohoarc; b=W1v0S7sbw3N21dJ47U3hNccIBqPV90ThefLj35gPUidJoNpsuluK4eyUp/eXy0O3sSHk3m4o2E3BLqqHSgU4EoxYkty+D0q487xrtWxAmo/1V/HMjZwBqxR4T1RsA1Jv8HHjj215UgyDF+/nIgNzY5q/Ky2DmWH+ErlOADXP5wM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637662; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=udHcpN8ZZZt21zmciD7G8BASxGfZmLICDSByJJQKjAw=; b=ifvsjbGMluum718saPp8VAkFeSvThsKpwUyH2PwtHn4gOozH4vpRDH+k/WQjb3QA2uxdcr3cEUhEV0lnjOqQh0oXOOWn4pf4ILo7Y8joGvq1ttxrai3ye+jJxB9pBGYu6wl7kitNNE0nW2IyOkVMxpcRHzx7TrfFMcwlpoMHcIY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637662783176.98420819691626; Mon, 5 Jan 2026 10:27:42 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp8V-0001mf-S0; Mon, 05 Jan 2026 13:17:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7T-00017N-M0 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qk1-x72d.google.com ([2607:f8b0:4864:20::72d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00037B-Dd for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:54 -0500 Received: by mail-qk1-x72d.google.com with SMTP id af79cd13be357-8b1e54aefc5so15053785a.1 for ; Mon, 05 Jan 2026 10:15:40 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636940; x=1768241740; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=udHcpN8ZZZt21zmciD7G8BASxGfZmLICDSByJJQKjAw=; b=VViVQYq1/5eOSa2IUEdWOvF5imujBC8PLtJfF6ibqMalmjYQm1JXpMRU6j0xV91APS RqKxTsHueCq6OpbhroQlxjtV+s0Kn33PrDUljnH7Mf4406iD953mPUrJF47a1hYseEY9 g9NcqO4dcST7oU/x7ZOywNeCFuMv1EC60IsNRFpSE956uC2wgZwm4xy54rfl63eGPoyv LYChPrmDVsyjtA6omZ6IMa7KV3DgKo/HWQ2hPpYTqeKiJZ/TSopkSyFsOPh8a2HT35/k rOR5v1dfgT3tSl+J2WHf5q7/cBZmV5n15rHqxXiIxb+RC/+kXMwqkmvi7+v7SncGiHQw f6zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636940; x=1768241740; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=udHcpN8ZZZt21zmciD7G8BASxGfZmLICDSByJJQKjAw=; b=t88JL9NWnXejsZ+Jn3VGpYiCGsHxLbMnWV/EmPnQjDq4u3coHhsQT7KP2v0LT/MzVl VxBGNhJufRfmT+uNAFKOm1jGkgzyeOYUMmC/bOaR0KG5xlbTHD692xqDw39IjBdIVh1v ULVqBVHKj5r82YjLs5nOV7VG9G5n0o2e4Tb+Pe2Gw03Zzjn+VvQzr2wkZRZagCpwCwUK SPPsN+EwMLv+tHAqAh9iEAEii2AqWX+5X/asheVV7cedMQXsS0pO7QKNRcV3s/bjsLcx tWzTcjV4uH40CgZnhMlPUAnhTnnX/h8sT8xkvV32tNkLV50od3sb1CuAHwrChxZE7wQy mAMQ== X-Gm-Message-State: AOJu0YzUTrCPuTCIZ2McvtfBhD8vUPeoAKsvwRUQ6rUqX6sU3QE/RXkq 2Riw/kLpp+I7mQKINPd+PybkdybHA1RcE2DxGSssHhR7d4QmMzYMkWS2 X-Gm-Gg: AY/fxX5du4yD1JZXat+UShznJVK3NC3s/J+bs34I3bUPn46MnQT4CUaLiFWunEf6bep 44TxIjnyqTGF5pB7l8poSb5wHYbLtk8qjWjeuFlQJ2PO14o7K2hLLzuakC5AL1PxBYaRErf1EOZ jzX2b0lxSJbdy23kQuJK8WfhIWqIJoxCFhFuCFjLFQCCTVISB8JU4z2EeqwNXTLS7SlW5+RXAMU 99ZG47tonqZ13fgUUJPxVmF3AAMClCFM+GWqJB8M4xrc+CsOJ1UtKR54FPmLpu7VdSvwI7SuU/S ynlZLxA3Y0OR5guYCVkObNENZwG6p9L8fSa3FLqo/pKhzrGzkLt9n3dZOH37ndX5TIogaZociBG nEUuG6t2vYYmzgl0LROONSWNxbg3+5HGu1m/b/O26YZJLnSqvyokP9V8QINbS3jOl9k2nAhTBjb EzZhWTeyS/j8vG0y9nx1zgIHvW X-Google-Smtp-Source: AGHT+IEH1q73W2xEmNCuPVoyRXFU7CwblIqnnjCeffn+13De9y7qMnrq+Z1Usj1DLFFk8Oq3949RtQ== X-Received: by 2002:ac8:5e0d:0:b0:4ee:24b8:2275 with SMTP id d75a77b69052e-4ffa769a0a5mr6418201cf.1.1767636939776; Mon, 05 Jan 2026 10:15:39 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:14:59 -0700 Subject: [PATCH RFC v3 10/12] docs: add MTE4 features to docs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-10-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=2273; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=DsmbxIwUBXC/gS0c7G0YS6d9ziseoKdUCW31wFQg4u8=; b=7hq6iEvTw/7SdRedRqlvPiN7gXImWHLziKMoojuFus0lGNbf1qb1QAjzwnRwFSfrvYKkEVybz ixarxY83VGVDFVqdLBO1SeR2wLoDOvp2mHrJqMq0OfkviO3gECE5gVO X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::72d; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x72d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637668491158500 The implemented MTE4 features are now present in docs/system/arm/emulation.rst Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- docs/system/arm/emulation.rst | 5 +++++ target/arm/tcg/cpu64.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 31a5878a8f..12662189fc 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -106,6 +106,11 @@ the following architecture extensions: - FEAT_MTE3 (MTE Asymmetric Fault Handling) - FEAT_MTE_ASYM_FAULT (Memory tagging asymmetric faults) - FEAT_MTE_ASYNC (Asynchronous reporting of Tag Check Fault) +- FEAT_MTE_PERM (NoTagAccess memory attribute) +- FEAT_MTE_TAGGED_FAR (Full address reporting of Tag Check Fault) +- FEAT_MTE_STORE_ONLY (Store-only tag checking) +- FEAT_MTE_CANONICAL_TAGS (Canonical tag checking) +- FEAT_MTE_NO_ADDRESS_TAGS (Address tagging disabled) - FEAT_NMI (Non-maskable Interrupt) - FEAT_NV (Nested Virtualization) - FEAT_NV2 (Enhanced nested virtualization support) diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c index 917db5bb09..4ba126f4f8 100644 --- a/target/arm/tcg/cpu64.c +++ b/target/arm/tcg/cpu64.c @@ -1281,8 +1281,16 @@ void aarch64_max_tcg_initfn(Object *obj) t =3D FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */ t =3D FIELD_DP64(t, ID_AA64PFR1, NMI, 1); /* FEAT_NMI */ t =3D FIELD_DP64(t, ID_AA64PFR1, GCS, 1); /* FEAT_GCS */ + t =3D FIELD_DP64(t, ID_AA64PFR1, + MTEX, 1); /* FEAT_MTE_NO_ADDRESS_TAGS + FEAT_MTE_CANONICAL_T= AGS */ SET_IDREG(isar, ID_AA64PFR1, t); =20 + t =3D GET_IDREG(isar, ID_AA64PFR2); + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEFAR, 1); /* FEAT_MTE_TAGGED_FAR= */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTESTOREONLY, 1); /* FEAT_MTE_STORE= _ONLY */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEPERM, 1); /* FEAT_MTE_PERM */ + SET_IDREG(isar, ID_AA64PFR2, t); + t =3D GET_IDREG(isar, ID_AA64MMFR0); t =3D FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ t =3D FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1); /* 16k pages supporte= d */ --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637025; cv=none; d=zohomail.com; s=zohoarc; b=GFGiNKFgJLqjO6xsVVx3EE39i+b1wS3CpizL6pkSRMe2F8YMm/PNDWP/5XF+PKyS5bQ61y6o4IMemLvrjTm+yYBpxGHl3wSeXdxMU30BFxSg67fnHXRLlVxuWe9jLl5/y9nceBnoVLucp4hjscnERNQflmn+PViVfl8rMdBCkGQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637025; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=lbW4GQH1mxEd/al3I9iqeKJWn+CUaihqo1OFhN10w4WosJk/QR26XujHz2X3BfznFzDtujntS80EPxlFaNGmDPQKWbts4aZCfUvoH37pe0NVWdU5yB5qw1NEzxwz5khMDyVdVikYM3gMYV5QF+RP1k0U551Y7FHhd/IK+jpd9b8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637025175960.6578404254423; Mon, 5 Jan 2026 10:17:05 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp7a-0001AQ-C4; Mon, 05 Jan 2026 13:16:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7T-00017K-J0 for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qk1-x731.google.com ([2607:f8b0:4864:20::731]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00037O-CW for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:54 -0500 Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-8b2d6df99c5so224234785a.1 for ; Mon, 05 Jan 2026 10:15:42 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636941; x=1768241741; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=QYBj3sKBj4n/ggZ3VSWGe+OtphBUK3uPgU9hVO778IDKczsI1f1QFsv+EIormiJ0g8 24U7WpfHbjrKhtaXb1pa6zdyc+oJp9jInecQ2FV/JwLFqo16E4PuaNhER/6NIzRQpe5h +4E9/ZY3E67Pqlx579Ai01KFYq3mFv5C5KvtpGosPrXoLhBHYg2GcPTreqFnZtAenWKI spV8HoLYu0MPMSGu14R5AXiRh7NaPy7M1nxJA1BHfkjTC3ogmTFjqZkTosCTt3Mg4gUQ fDk9wy7abBUjqucLizakpdZMhfTEQ7Uq6lpUU7XU4bycWGb/YLB95Tt3vYlED1JMmHBF Tr/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636941; x=1768241741; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=D2Q29O69kmZvapRADfMiDz7qVHFRNCI/aCU7deDnHIuKkxzB73tZr+aJf2IKXE1DxN +muZqRLLa6cFjJGERZYxI/ZfMY6Uum2PSjgbHAHX0+95S+qLVEjLK8vCek6mirg0KRaY Z7M4yAYjY+bIhncpuNh7aKPxhWOK9SVITFDxQUXuOK2mXvLIZEgoNoIaN8a/eK09Lqa5 ui0I6OtRYxLCWbBC5fkcn8jc9duxUsJfNUUGRVtYCqwERRaVKBynTooXEpm+aNayml/Y SdguAhavi9b6/rd8+OTIZs/IXFvDxN/vQBOQsl11qEDbKRGE9+xwHAkAvYzBrhh7j+/3 eZGg== X-Gm-Message-State: AOJu0YywxKV0wxwEVJxADh1CxvQKsbVJ+ZImnLgONQDtdjRKe/XXoUZV N+bIUDAiq1EnjQdraZLluPEgzO4SdxxxIIn4XsvEM0T3H9zFzdri76ba X-Gm-Gg: AY/fxX4uIQXA64bwktLwpOjtJ9Yi4OwyntLu/0yJVRkHfLWxne7Djs4CMA9iYLYA2GE 9cLqfImo+wFj8Eo0TaQej5XBuB/i/e1gXPiXnbRAOTGKBx/B+5gvyfkDFR0Rs1tjGSnbdf9Wloq fAitodeD6KznJR5Md7ZKG7ZRaF1iJIZb25MydW1gKKvtr7QjKoEqHEG1C+GWTOEcFBYN8iIG8KI YU0UPRUAh0WwSKM6JmTqdZIWYjsmhV0FPZWU/xxJQ6jfU/jp4O8R5lgKTr41e32Tkl9O5p9g/ze 4YXjrbeKBMg8KsD06MQQr5r7JTAYFQS2IH7HJJG6xSmE6i4LWkCsxsjMhAW1O/nWVgnKf3raNmj 9IfAEXYrlDbjIhT/cr4ssYWiFQ6fyCTrCsD7f32yNEY0KSXy2KPHgueMxlOK+rIwlZSNNSS/szp n8krMW2lrJXZfhCQ6F2GP7P8SB X-Google-Smtp-Source: AGHT+IHauq1L/g3mk0vi3UtS1CQgEx2X0Yl7WmRuvwfGIG6cn649R5xeuMnWC/5DCaHaD2kSFfnMzQ== X-Received: by 2002:ad4:55e4:0:b0:888:7c40:6bfc with SMTP id 6a1803df08f44-89076992cd9mr772276d6.4.1767636941239; Mon, 05 Jan 2026 10:15:41 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:15:00 -0700 Subject: [PATCH RFC v3 11/12] tests/tcg: add test for MTE FAR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-11-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=2355; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=9H3S2yi32msQiijkL2anIOhzD686SvaCB6f4b0JzVdc=; b=w+dWMJzzOkLssHJVULkEuGKinX4cxjnS+YyLTk3hYQH3uCCcJr6n2Yda6NbqIeQg3e42ogV/E 4XFTBOvD2QLAlTttC/zJtL4k6XSIEUxHveex/CDyILr4kAg6/N74nXN X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::731; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x731.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637026412158500 This functionality was previously enabled but not advertised or tested. This commit adds a new test, mte-9, that tests the code for proper full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx report the full logical address, including tag bits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-9.c | 48 +++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index 9fa8687453..b491cfb5e1 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-9.c b/tests/tcg/aarch64/mte-9.c new file mode 100644 index 0000000000..9626a90c13 --- /dev/null +++ b/tests/tcg/aarch64/mte-9.c @@ -0,0 +1,48 @@ +/* + * Memory tagging, full-address reporting. + * + * Copyright (c) 2021 Linaro Ltd + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +static void *faulting_ptr; + +void pass(int sig, siginfo_t *info, void *uc) +{ + assert(faulting_ptr =3D=3D info->si_addr); + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + *p1 =3D 0; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + faulting_ptr =3D p2; + *p2 =3D 0; + + abort(); +} --=20 2.52.0 From nobody Sun Feb 8 14:59:42 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1767637068; cv=none; d=zohomail.com; s=zohoarc; b=Kve5mlvcYRasAOmoeViJ11cWv0KWDneg2EmQ+tu+TZ0vfcHFPCVLlK/holpaRZUVVq+Vjv+tLswwsemiFceKdM9JxsehL9frgsHmBkZLncYQhSxdjf8xa8E/QCGyDffxUpfxZ52dVV+5oMY5f+ukSOXPLrrQGP6OH9XhbpPkO3c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1767637068; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=lBg62OAX3E08F+RaLpGGmFy6a2bx4DIQS0r0gGCTy2k=; b=aplym7Y/J5FAvIzTMPhqymTAiLcj368ODw5UKarjvPcQb8zIMM0nOudprhBFOxEv97alPIVmOE7kopUC9W5CJgKCjtsla4pwJQMTU8RN5kXyQIOtgaSFBBymJt08MSi6H9BR/HErfay3+ndEDJW+cc4deWxO88I7rv9HXBHKKJU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1767637068044938.8390703448391; Mon, 5 Jan 2026 10:17:48 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vcp8d-00021Y-GG; Mon, 05 Jan 2026 13:17:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vcp7T-00017P-Ol for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:57 -0500 Received: from mail-qv1-xf33.google.com ([2607:f8b0:4864:20::f33]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vcp7P-00037b-Eh for qemu-devel@nongnu.org; Mon, 05 Jan 2026 13:15:54 -0500 Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-88a35a00506so1803356d6.2 for ; Mon, 05 Jan 2026 10:15:43 -0800 (PST) Received: from [192.168.1.204] ([185.213.193.254]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8907540e24csm3855706d6.25.2026.01.05.10.15.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 10:15:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767636943; x=1768241743; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=lBg62OAX3E08F+RaLpGGmFy6a2bx4DIQS0r0gGCTy2k=; b=Oaxtex+uZmeiOPRD4ckzCxLMZ8DZpRF/3Ar8Lt6G2bYRxOFJtnuf03XI135oJdQRCh kxSG6qQ9wBaRH6gOincCdlAoehtGOIM+UuFsn+cGvpNL5O1zQBGb991g7HHAWOJFcjai 7pmq1jM9fCO4XfnxJawEMTUw9zP+HkOksjZBKzQFggheePLjVrkMzC2gDtDwl0Q++Zpn lZS2GOFpQFcN8ZwVm+ar7ghQKxLsHQ0u0X1aGNL+IAaD+OqryHFI23T4x6jhCJo+HO7r Lwz9+9oz1IrXbpGtJKPW89szX4Ponvwj2rjMLMfURlzoPhbyWILIO8+vOQBI4Q0Kj70J 2z4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767636943; x=1768241743; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lBg62OAX3E08F+RaLpGGmFy6a2bx4DIQS0r0gGCTy2k=; b=gRmA36N2E7pB1MTUz1m7K0FotuhYXScjKWPFvFzfJUv+SWZUng7+1yfumYXrtkI9ay 91nP7UMlNaCsDEHZJRtNqiJsUQd73LC06I7DCGP6Iv8stNbRggIYCk6rOQGh8Ha2h5m4 yxO25aDKabScckpuLEJxZdgZjm3Dc8ashgthUoguT84oF9lqXvyseZRiXrO3/Nl8Olcq SEKwGmKFt/O2Uo4ema6eZFseyuRaSeagr5FqWAV9qtVz9JYX/SaUaz9nVIC9jX2SQw5G bOk6uj0p5UPjCF6Fbj/kk0QIA1sjpHe3txHMWwzVUW+rMPAeyPMZ30w+EoCePJdfKJz7 AKyw== X-Gm-Message-State: AOJu0YwulcIz6hylTCGM0J1jLdbqhBJO7WzYqP01jwnBIh60i16vh+7f NsEiwoaH+5KYpuAgbayOcmuKlkPydG/Uy/AiPLZBlEX7Wvui9g7iPpip X-Gm-Gg: AY/fxX5pqCNR/vKbaozm8qrL9av68qBg0r17bQoiOBoNDNgkIza+4vKPnh0BMt3qSGk SOHhbk4ofp1y4E56lpWBJpFkUngk8kDcyK1TX1tdJjGlonkPuW/7gYKVAAqlPVhmdXFYxHEN6nn p5aRvgsiaLSuGYcy5WvKEUtjcXTWXEzmcpv/sauNCivBaRcJrrW0PoR/XvpDWEnDlZafVRCZabk VLG7Eu4WMHwGNIolF7ThBhIn6spQobckmS6hsJjJG99OXnRip8sMqHkve7KOijy95QGtJN3WyhX DPFXVuAuM7OYnRg/qSL4qvpEKupDRrK8UEjFQBxIRaRsFVG8Z7Oyrf+suZMOZ2kTaUzzZ93edZa +iEV/YMjtDtxiHR7hu0NE2F8UByGi/RoUGPh+gkqhPWqoazoRZEkBX1u1oKrcyuJ3akFnPx4PV3 9TyJ4rh6n4qVUsqInzbrOy3LPWFaN7MHE1++E= X-Google-Smtp-Source: AGHT+IFSWUmtIxKZzzNjbqPG+nDQzGZsxjqb2s6uprhNZrL37pnDxgqdxVvNUQ6d9D755CvXg4LbZw== X-Received: by 2002:a05:6214:212f:b0:888:4930:82ab with SMTP id 6a1803df08f44-89075ef0f8amr6808826d6.71.1767636942550; Mon, 05 Jan 2026 10:15:42 -0800 (PST) From: Gabriel Brookman Date: Mon, 05 Jan 2026 11:15:01 -0700 Subject: [PATCH RFC v3 12/12] tests/tcg: add test for MTE_STORE_ONLY MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260105-feat-mte4-v3-12-86a0d99ef2e4@gmail.com> References: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> In-Reply-To: <20260105-feat-mte4-v3-0-86a0d99ef2e4@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767636923; l=3012; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=oP1ODAPtwy+eL+2EWDk5uY7d+uGhjgcod/Aq0fXi/cA=; b=a8vIto7Ubr6PS+0Ic34wh8gRwf+dBz5gqURjRVqu8iQ/nCVyvGVOlZr4JIzQHgLjLRXKeBOXj f2OB2HY3CjUCF0MpP2KiqpOzMyTK1sAG/YvK+2zRWXxguY4WtoPcJdS X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f33; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf33.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1767637068572158500 Added a test that checks that MTE checks are not performed on loads when MTE_STORE_ONLY is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-10.c | 49 +++++++++++++++++++++++++++++++++++= ++++ tests/tcg/aarch64/mte.h | 12 ++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index b491cfb5e1..6203ac9b51 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 m= te-10 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-10.c b/tests/tcg/aarch64/mte-10.c new file mode 100644 index 0000000000..a6495e4bf4 --- /dev/null +++ b/tests/tcg/aarch64/mte-10.c @@ -0,0 +1,49 @@ +/* + * Memory tagging, write-only tag checking + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +void pass(int sig, siginfo_t *info, void *uc) +{ + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte_store_only(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + /* + * We write to p1 (stg above makes this check pass) and read from + * p2 (improperly tagged, but since it's a read, we don't care). + */ + *p1 =3D *p2; + + /* enable handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + /* now we write to badly checked p2, should fault. */ + *p2 =3D 0; + + abort(); +} diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 17b932f3f1..1d3ebf8696 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -51,6 +51,18 @@ static void enable_mte(int tcf) } } =20 +static void enable_mte_store_only(int tcf) +{ + int r =3D prctl(PR_SET_TAGGED_ADDR_CTRL, + PR_TAGGED_ADDR_ENABLE | PR_MTE_STORE_ONLY | tcf | + (0xfffe << PR_MTE_TAG_SHIFT), + 0, 0, 0); + if (r < 0) { + perror("PR_SET_TAGGED_ADDR_CTRL"); + exit(2); + } +} + static void * alloc_mte_mem(size_t size) __attribute__((unused)); static void * alloc_mte_mem(size_t size) { --=20 2.52.0