From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093725; cv=none; d=zohomail.com; s=zohoarc; b=QjHLLK15dfXAcEx3cp6wTAYQJaknphA2AZ/mTXpjcBrVS0PSBwCkPVzxGg3U6DVSmTtNikrkfieKTZpzmhi6ikyN2EH9yHP8jS8+6YQowD6WfDFItvunIv/8uLhZnooANBkMU1NRu+YkuY45uqoSd+Wq5jvKpDA/8W1vSQ9lvbY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093725; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=saxPVdNzQrCkohNF8gWwgcPyB3i+BYvE2L0q+VhSlxg=; b=WJhVJldN+PaYZt2QetVXSuyMfnD2v4fnjJLsr4fsGbT0COgNFH6+rG9DB94FQeKIunSGdKG4Y13pXKmkARGXFAguXJvH4LtZfkcePcX2HFFnciVMZPbnNItsmPIgajAMPhqht9pqspLeNg1fttZUXKaPG8+00mGebUMhDV7EcA0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093725253490.2882405780226; Mon, 9 Mar 2026 15:02:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziem-00033A-0f; Mon, 09 Mar 2026 18:00:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vziee-00031D-Lz for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: from mail-yw1-x1134.google.com ([2607:f8b0:4864:20::1134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziec-0004Vr-U7 for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:48 -0400 Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-79860421382so115560077b3.0 for ; Mon, 09 Mar 2026 15:00:45 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093645; x=1773698445; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=saxPVdNzQrCkohNF8gWwgcPyB3i+BYvE2L0q+VhSlxg=; b=DGH/Fpopl2ys1b2wxSJO6Aowddnj2SRAY90JLiYyM8y2TmZutngXdakFQ2Fr8pA6oi 2/B5liK1Qmzh7NEt36z3aDYRgV2fz4LY61Yedc7ZNbtr3f8IcrS0HFl2YV9D3KMptD0I v2OVw0wLIpAjpXxhaSn1ij+w7xQ5ChEUHv8UmF4XzHHn4XzGiByVZX9R8mJJT6S7OeN3 SbUxJoPlUh/s+v8Rn8a28GYgixb+KwBrsV8RdZZZQWuH7KwTCtVh9GrwJ/aA4NuR8CR8 lHEFJWikFXb2S9hK6NnbMsyQCxB5oZwFHw370kce7ogqecEu4ekhQoh2tp72PRkHuL8E BfkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093645; x=1773698445; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=saxPVdNzQrCkohNF8gWwgcPyB3i+BYvE2L0q+VhSlxg=; b=MjLtIqWLUtXw2DPN+eXlySaroMqRzXwhLK8rYjEOXWZGJfvnMaf9MznHpRzqa6oD4M t7lUfJsUoNN54CUx/qzo6PiD0sOWJD9HWUylgt/nVTycAFKjiUl9cLBWriQuyX1VsKr/ +cgTMjCmwtT+4Q67kVoquA/mC/BC0Pi9HKt1VN2sOEAikT7vumYSF2UdJHZeAqqWDpfv NdHOF3cygXYOr7/TUSA9y96xlhus36SCoAw8cLD9ZOFbAJ8vxaWXu+HjTyiX3NZr0vC8 cSOinx36eHITZXg8TxV/z3irzAf1uxM90RisQlVv3VSlvMbkhEYdZxi/nF4lOpzLk6X6 WXAA== X-Gm-Message-State: AOJu0Yyniw+k5q0WcIbLpfNA8BMfdbHOyLYi+oNkL7xZd2VxMHKe1pB1 HC/E1ZbZPIvnnndQnPJ1gzk3Jto9jllMp7TRJ8WQA6Hz2DJmL1GyeCQQ X-Gm-Gg: ATEYQzwvrvauIDrFhntNqKrtOSNM1sMo8WRpwrEKCGj1/VosfK5caO3VEOPYKtOZ/7e 0CEiiWbZodVRhXbGdJCY6n7IK8w4tRzABuAzcKjuAEwsB1qYzE/a8eteqhPi2j4azx9lDxETc/W 627ziipe7QJxl9hPD1PUC5HJ7E4sPXRU1U8cW+lA/BMTsTf3+Nozee7rq5+cS6qEVq/AM2xXITi 30csCirnsN//4DP83zIlCgU25NsIbyhmaJM6S9OylxlxjyWutgP4i4zhxXrY4171W/ztyfX4sB+ AJ+HaRNwdRElk/b+1zoUThdXk1kqXTjmT5JViHnvUvJGN2KoeZ+9KbunVy0ZvAcZm1LVB+Sym4W gz/GnDyDZxSfU+4Ys+GP5cUGpxM6SDUWN7W1L6x3xa+OXcpqUgBmTS1AVhyvBEIUel70T53YUig D95MRCHC3onNvVwURMAlEkZTjD1jOW62MtTH8= X-Received: by 2002:a05:690c:660e:b0:799:952:3e6f with SMTP id 00721157ae682-799095253aemr16504277b3.19.1773093644476; Mon, 09 Mar 2026 15:00:44 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:33 -0400 Subject: [PATCH v4 01/13] target/arm: implement MTE_PERM MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-1-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=4593; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=EFVy8rM6hzX0gBUkxRsGr/3LIt/4cq55D0ThmN9lXuM=; b=+RE/9QXr0zFBlm8rppv0nDYsvtcUXj1GdvqscFuM+G5yMk6TcWgQfw5cWPDzjLNDTIqxbl+Kh 5rT9XThppgABHWBFV2i1IHjhkmqgPpN+AADbpacqe3zGNguccChq6vG X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1134; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1134.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093727400158500 Introduces a new stage 2 memory attribute, NoTagAccess, that raises a stage 2 data abort on a tag check, tag read, or tag write. Signed-off-by: Gabriel Brookman --- target/arm/cpu-features.h | 5 +++++ target/arm/ptw.c | 25 ++++++++++++++++++++++--- target/arm/tcg/mte_helper.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index b683c9551a..1f09d01713 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1144,6 +1144,11 @@ static inline bool isar_feature_aa64_mte3(const ARMI= SARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTE) >=3D 3; } =20 +static inline bool isar_feature_aa64_mteperm(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 8b8dc09e72..d381413ef7 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3383,7 +3383,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ARMCacheAttrs s1, ARMCacheAttrs s2) { ARMCacheAttrs ret; - bool tagged =3D false; + bool tagged, notagaccess =3D false; =20 assert(!s1.is_s2_format); ret.is_s2_format =3D false; @@ -3393,6 +3393,18 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, s1.attrs =3D 0xff; } =20 + if (hcr & HCR_FWB) { + if (s2.attrs >=3D 0xe) { + notagaccess =3D true; + s2.attrs =3D 0x7; + } + } else { + if (s2.attrs =3D=3D 0x4) { + notagaccess =3D true; + s2.attrs =3D 0xf; + } + } + /* Combine shareability attributes (table D4-43) */ if (s1.shareability =3D=3D 2 || s2.shareability =3D=3D 2) { /* if either are outer-shareable, the result is outer-shareable */ @@ -3424,9 +3436,16 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ret.shareability =3D 2; } =20 - /* TODO: CombineS1S2Desc does not consider transient, only WB, RWA. */ + /* + * The attr encoding 0xe0 corresponds to Tagged NoTagAccess and is only + * valid with FEAT_MTE_PERM (otherwise RESERVED, constrained + * unpredictable)). The presence of this feature is checked in + * allocation_tag_mem_probe, where Tagged NoTagAccess has its effect. = See + * J1.3.5.2 EncodePARAttrs. + * TODO: CombineS1S2Desc does not consider transient, only WB, RWA. + */ if (tagged && ret.attrs =3D=3D 0xff) { - ret.attrs =3D 0xf0; + ret.attrs =3D notagaccess ? 0xe0 : 0xf0; } =20 return ret; diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index a9fb979f63..4deec80208 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -58,6 +58,27 @@ static int choose_nonexcluded_tag(int tag, int offset, u= int16_t exclude) return tag; } =20 +#ifndef CONFIG_USER_ONLY +/* + * Constructs S2 Permission Fault as described in ARM ARM "Stage 2 Memory + * Tagging Attributes". + */ +static void mte_perm_check_fail(CPUARMState *env, uint64_t dirty_ptr, + uintptr_t ra, bool is_write) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(0, 0, 0, 0, 0, is_write, 0); + + syn |=3D BIT_ULL(41); /* TagAccess is bit 41 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, 2, ra); + g_assert_not_reached(); +} +#endif + uint8_t *allocation_tag_mem_probe(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -117,6 +138,15 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, } assert(!(flags & TLB_INVALID_MASK)); =20 + /* + * If the virtual page MemAttr =3D=3D Tagged NoTagAccess, throw S2 per= mission + * fault (conditional on mteperm being implemented and RA !=3D 0). + */ + if (ra && cpu_isar_feature(aa64_mteperm, env_archcpu(env)) + && full->extra.arm.pte_attrs =3D=3D 0xe0) { + mte_perm_check_fail(env, ptr, ra, tag_access =3D=3D MMU_DATA_STORE= ); + } + /* If the virtual page MemAttr !=3D Tagged, access unchecked. */ if (full->extra.arm.pte_attrs !=3D 0xf0) { return NULL; --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093741; cv=none; d=zohomail.com; s=zohoarc; b=IVMwh3h7qFvscXkCmSeT28+1czKz0tLlTyHiHfUcy8osZCgeSJEYrSAFwjhmgl1blm0PQC3z+I8M8VOtctgKfKBno2avqEnWQ413YVxqFFkSvUfrJGNWRxW4VwxeADLP7UP22agM9IDKIF3LB+BMBG2pU8p+H8HHNZuIHz5qml8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093741; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=R2GTUkTK3syvRsV4aCl7iuHoNdAbim4meKGMTmPdsDw=; b=D8fq2H9g7yeUyAFcGD0fSlT+FqY5bgTn7rNSWGoMyuosK1La7E/ijLhba03+YthyAogKLhx6cTeHoU8DsO4yBzuIHyhPdtMesaor2nY+tGjqAFSgp/+Qll5KZPCWoIpKhMoZkVoq/GEwwQBWM5PWQR+xvHjza9Oh0ySQzURlJik= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093741555310.60655048616945; Mon, 9 Mar 2026 15:02:21 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vzieo-00035w-ND; Mon, 09 Mar 2026 18:00:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzief-00031G-DW for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: from mail-yw1-x1131.google.com ([2607:f8b0:4864:20::1131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzied-0004W1-0K for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:49 -0400 Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-7986e538decso120237297b3.1 for ; Mon, 09 Mar 2026 15:00:46 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093645; x=1773698445; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=R2GTUkTK3syvRsV4aCl7iuHoNdAbim4meKGMTmPdsDw=; b=C1j6PdCJpzbqciJ51l89fY090KIQVW0gUE8anuHF56dvUgdi1MQepuUHjkq2gUejvU JqOWzmLqxAoPmcpoC06IAIL9Fd5qlnb3LtTFXRM3GjRM03KTU9Fe8N2PBEXtd8vDKUHf aEPDUXnAMBqoix0/wXZxdnFS2nXNVS5UlKRwRnizFTbKVcieB5sB2uc7dPkrI4dTpNQP GdW6p2GsdF1DNmw8dxPfJPvsItGIu+TMTnw6B+npkn+zUM8tbB1AkrjdtSNtyNZn3Bq5 fIUOMgu4nhFrJe12AFN7WQGDIeKce8HEOgqBiKb+CSQozw5QprFx0B+qMdjPB2VWaLbQ 3Y2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093645; x=1773698445; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=R2GTUkTK3syvRsV4aCl7iuHoNdAbim4meKGMTmPdsDw=; b=pIoTwEj/AwYjuwlwleXVoU5g2snalLuub/twyeh6tF56caac8y97ec6ieA05C7UchH eJWmzoLVoKb4AmRU3qw9zMmjaYP1EOyObk7Ltu5x+Y/tWJoAhWwW6Bc2iiQvOLxFvCfY l9gw9V+UB3fzGiEncwy8r4B8Lv6To5O86CnWO7+BXS6tVmCWCDRPk7qKA2TypAedMWxa bUqv0Hru+azaf5q2I1au6VFWqCoaASZQk93M1Lkqtc0E/0TSYhYwWV9w2fZu1uHUYa9D Nmi7mvAbpw5G3ZHtq5pVrawzxn2T6SpGRSRd6S3KQOLynCMnKeepIzNkkEEdNXVNHK0X riBA== X-Gm-Message-State: AOJu0Yxk9O7OtCTzjUrY40gz3rnwHY62Yw+K9ukR9kWhGBA7dZehWyjH AoLpDE5AbfLmeL4u+WRYjcargYuDzTzTSfLM3HyQBsCVTDQqHj2vSTwM X-Gm-Gg: ATEYQzziRoowEaxT7/7g7RmD6Jmjkjg3WcwQn8Ofry7P6rOsqaUNnRY0GTbZC2cWJXI z2nmgHwQsm/76YDWja6JLeyj606IkboeVsGyWf/h/JNKCzEP3FQHTLdoU2l9XLovIPt7cdlKlM2 DYxL60Y2k8xYvgCJpG9Wl9FbTxFvN+Mt0VhSfvNW3dfbPxBzeNhYK3ec4bcn9/pKyIMeXiSFSDS dxUYgacjGBILuoxXuirMACrCCH9yKNzhamKYoIpmdQLITy3vGqQfeUBUhYXFw0PFSfXvSyChgMC V+EC6tgcEvCKmjNDAV2HuiII+TV9onXpFTmqhRCWJ1b45j3hnv+ikY3oD5PSYlB+K+KPhBtizyH S3EkKgPdYPLSE4YOVBxtRKU3hagX+HvzBufbC/Cip2JwAy3CznbSlYexliTtyJB2/wHvr/2L8w4 YIfGBvKbyovBqds5MKOhvmN5HIzbjCKCNpYAawsm2RFbpLyw== X-Received: by 2002:a05:690c:64c2:b0:797:d462:e39 with SMTP id 00721157ae682-798dd6cffc8mr124704257b3.26.1773093645338; Mon, 09 Mar 2026 15:00:45 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:34 -0400 Subject: [PATCH v4 02/13] target/arm: add TCSO bitmasks to SCTLR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-2-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=3045; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=UYcYUXzYZV9LI6IlwZhtwtfFLmx7bEI5iNrJRDIRx2Y=; b=gEgRKjfHMPUyF5bjCXMFsSP/Cd5GpkzuPNXJTm57mHCTSgSFzDEmN9f8UkAgb8eylzsAnH+yT 6We9ms3HxPaD6pisIjgTXxYof3G8NDYnXf6xpJzfP9TJpMO8H7Tzf43 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1131; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1131.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093743434158500 These are the bitmasks used to control the FEAT_MTE_STORE_ONLY feature. They are now named and setting these fields of SCTLR is ignored if MTE or MTE4 is disabled, as per convention. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 2 ++ target/arm/helper.c | 20 ++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 1f09d01713..38fc56b52e 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1149,6 +1149,11 @@ static inline bool isar_feature_aa64_mteperm(const A= RMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; } =20 +static inline bool isar_feature_aa64_mte_store_only(const ARMISARegisters = *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 657ff4ab20..677ac18f6f 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1476,6 +1476,8 @@ void pmu_init(ARMCPU *cpu); #define SCTLR_EnAS0 (1ULL << 55) /* FEAT_LS64_ACCDATA */ #define SCTLR_EnALS (1ULL << 56) /* FEAT_LS64 */ #define SCTLR_EPAN (1ULL << 57) /* FEAT_PAN3 */ +#define SCTLR_TCSO0 (1ULL << 58) /* FEAT_MTE_STORE_ONLY */ +#define SCTLR_TCSO (1ULL << 59) /* FEAT_MTE_STORE_ONLY */ #define SCTLR_EnTP2 (1ULL << 60) /* FEAT_SME */ #define SCTLR_NMI (1ULL << 61) /* FEAT_NMI */ #define SCTLR_SPINTMASK (1ULL << 62) /* FEAT_NMI */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 7389f2988c..987539524a 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3351,12 +3351,20 @@ static void sctlr_write(CPUARMState *env, const ARM= CPRegInfo *ri, =20 /* ??? Lots of these bits are not implemented. */ =20 - if (ri->state =3D=3D ARM_CP_STATE_AA64 && !cpu_isar_feature(aa64_mte, = cpu)) { - if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA); - } else { - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | - SCTLR_ATA0 | SCTLR_ATA); + if (ri->state =3D=3D ARM_CP_STATE_AA64) { + if (!cpu_isar_feature(aa64_mte, cpu)) { + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA | SCTLR_T= CSO); + } else { + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | + SCTLR_ATA0 | SCTLR_ATA | SCTLR_TCSO | SCTLR_TCS= O0); + } + } else if (!cpu_isar_feature(aa64_mte_store_only, cpu)) { /* not m= te4 */ + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~SCTLR_TCSO; + } else { + value &=3D ~(SCTLR_TCSO | SCTLR_TCSO0); + } } } =20 --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093756; cv=none; d=zohomail.com; s=zohoarc; b=iScntynQjLduocLImU8mw/1hGEbu1Y/LZ8ZIPjnA10Md5BkG9KMC6nWUEBTyU37EjEy1UXaFux1oSuZ/wFYNJUbW68M4Qvsqie14FVWe6iMWJQ+Pwn61InzohlPacVu4SfyXO2McWhQUN7Jo6USNvwz40tf3HpIxatk217186vg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093756; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jgcwa0yWIQXzfZ6W1KbFQLwbNji5JkMYnF9BGfpw40I=; b=MispFo7gpB+ZO4FLCdDGgUZAEez6OV0E9oiQVmKbSZYa8UNqQdkOCggRnYEd9NZY83swC592LU+XUJa82kc5BXf1IAwEgjs1+t0arDR151FMvZeLZqXCHkbXOUnZko/aeX6GtOmy3Stz4n/t2Bk9SuQltz/tLAdZubiOir7hU3k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093756250574.1258375464423; Mon, 9 Mar 2026 15:02:36 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziep-00036d-Ie; Mon, 09 Mar 2026 18:00:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzief-00031H-JP for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: from mail-yx1-xb130.google.com ([2607:f8b0:4864:20::b130]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzied-0004WH-EV for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:49 -0400 Received: by mail-yx1-xb130.google.com with SMTP id 956f58d0204a3-64ca1ba0089so11206730d50.1 for ; Mon, 09 Mar 2026 15:00:47 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093646; x=1773698446; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jgcwa0yWIQXzfZ6W1KbFQLwbNji5JkMYnF9BGfpw40I=; b=FhoZSzONOMPSIboRC9rGSPoLWKi3n5U8tioZkk8qj5dImlBWwVX7CjdlBL24B5JTc3 UNpSmsJhXcx3k7XDVJ1riOyAheoJqVBbiwqLkzngx0XvZ7jZIXUKSbYpNjwAEGgZ8/St WnAFrhQnqzBwRPI9MUf21vChC7czqNFKC1dSTVruePi61zTulAJwCV8LWM0KJyRD23iz KfZOvj3Jt873/B/H8W8dkjTyxAaS75zMtRUGeTHWyU8QhDGT1n0BJmPvs8bZpPi7Lruk QUQwfU+IjE0TYChr1vWDHQT/69QcKLlvuQwF7/0GUjGXwxaUWqWQbwioqoB8NrrQOU4B Hrtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093646; x=1773698446; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jgcwa0yWIQXzfZ6W1KbFQLwbNji5JkMYnF9BGfpw40I=; b=hJFwiypLmDYkDgGtSx4wp0+mA4CW8hXLBirF3xbD6/V29PNC1KVEnK5xwLSUvCOvFo THH/niEAyfvQ8pFpAjWxSdoy4DwHd9+W6goXuJ4mURQO9pRTIDAElHKNogdawj6Qq7Uh 4ydE/cToy4X5vzAxIBw/n8OVrZ4w+YWS9QF3C6D9br8gLggdw0lWHqrDvi9WZKXoAieq xX8MFEaWbCfkGZVLtWlExybOnYIGfHU33HhetxmlW/a9/rX/67POdvTjrtlt4A+5LG7p doUjpvU/NHN8PKv0nxlaRr8eysPuzyFk9DX3Yhqzg7jtnqtbU6RiPTuFoQFDy27sDDhv md+g== X-Gm-Message-State: AOJu0YyCq3DHgAUnRN1S0WlZ3R58MXgeKopgpt4+SrY1nG6bKCDSqScz 6sa4F/0z4RpObtrPLHVK484w1PkJ5Mv+aQJUjwet/M6K9z4Qp1KZB3ha X-Gm-Gg: ATEYQzyRyPYH+80v660KF1h/QQUjLeFo0RBDycWyAV71mhEv9ipfbNhVeImBkrRYj1Y wsjAjI97OCQWMgZ4gXZpeUMMp6eafrWlDJ9st+KJ0KOhiT0qHnc/iCeh8OwWSli78W4VINN2gT+ MPQM5E1qjSUq60FrdIgjVrQXvM03/2TWGMjZGLaDciq6zBhyokZ/wlp0QDT4/u2mZ8oZwCmhhk7 gUYnRL1s1o7Z2aP8FABTbpXOwljcWxoZOpXNJAQxytJqhOFjylWc6260zte1GISocXobRem6NLe 5QsBSDPz3+b4/wQ8K4xhP19NTnjsueXfo9UjvzEcHIz9AV/jEwl/kwNTTZkbSl5cb4KfnqBOxZr CTMr1EOAfDVhWfHN5khB92HIUFI5r7rH/7QBN1yP+IbT11d3akbkmHDw/9Z9WNvfwmL/24yji6U JFThJHPukbOuRqcbYD7+wC8BjFPOAGpqVDhTw= X-Received: by 2002:a05:690c:498f:b0:798:5fab:8f09 with SMTP id 00721157ae682-798dd7d0303mr120627417b3.59.1773093646284; Mon, 09 Mar 2026 15:00:46 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:35 -0400 Subject: [PATCH v4 03/13] target/arm: mte_check unemitted on STORE_ONLY load MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-3-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=4489; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=Pc5+zDEDvypPiBruXS4oDhDpK0/vb94rXRcJo+SklaM=; b=C0tF2Q2XkRpKWcPpGhPfmysyIy7na5/XgjITCJ8m1lZoQgGGKx0Ckoo1JipRV7V3CWqELSVqm baJXYNaepU/DFGH7iUkQ2bbSPMAs/Y7YwFtqn+u0oj6RZV2Ii0jGpc9 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::b130; envelope-from=brookmangabriel@gmail.com; helo=mail-yx1-xb130.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093757377158500 This feature disables generation of the mte check helper on loads when STORE_ONLY tag checking mode is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 2 ++ target/arm/tcg/hflags.c | 12 ++++++++++++ target/arm/tcg/translate-a64.c | 8 ++++++-- target/arm/tcg/translate.h | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 677ac18f6f..7911912c3e 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2525,6 +2525,8 @@ FIELD(TBFLAG_A64, ZT0EXC_EL, 39, 2) FIELD(TBFLAG_A64, GCS_EN, 41, 1) FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) +FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) +FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 7e6f8d3647..75c55b1a6d 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -423,6 +423,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, */ DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); } + /* + * Repeat for MTE_STORE_ONLY + */ + if ((el =3D=3D 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr) { + DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } + } } } /* And again for unprivileged accesses, if required. */ @@ -432,6 +441,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + if (SCTLR_TCSO0 & sctlr) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } } /* * For unpriv tag-setting accesses we also need ATA0. Again, in diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 5d261a5e32..874174a15b 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -301,7 +301,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, MemOp memop, bool is_unpriv, int core_idx) { - if (tag_checked && s->mte_active[is_unpriv]) { + if (tag_checked && s->mte_active[is_unpriv] && + (is_write || !s->mte_store_only[is_unpriv])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -333,7 +334,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr,= bool is_write, TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, bool tag_checked, int total_size, MemOp single_mop) { - if (tag_checked && s->mte_active[0]) { + if (tag_checked && s->mte_active[0] && + (is_write || !s->mte_store_only[0])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -10696,6 +10698,8 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->ata[1] =3D EX_TBFLAG_A64(tb_flags, ATA0); dc->mte_active[0] =3D EX_TBFLAG_A64(tb_flags, MTE_ACTIVE); dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); + dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); + dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 3e3094a463..74143161f4 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -140,6 +140,8 @@ typedef struct DisasContext { bool ata[2]; /* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */ bool mte_active[2]; + /* True if v8.5-MTE tag checks disabled for reads; index with is_unpri= v. */ + bool mte_store_only[2]; /* True with v8.5-BTI and SCTLR_ELx.BT* set. */ bool bt; /* True if any CP15 access is trapped by HSTR_EL2 */ --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093770; cv=none; d=zohomail.com; s=zohoarc; b=E212Axllryw6x00c2VT0rv3lt0zfaSdLoy2bF3mEnIH11LRJ2/MQm2wEE4BfL0z6ISf0ZBUqX6cisS6rCdb10PYhvuLA0/Rf8cQZPX0KfT03IWLUUGRPhlWlpUnNn7z08mEi7tHIN0Dhn5F5M4E2kD+GOWchcsoDqXoFuXkUbv0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093770; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ujPltNFffjQeUE4ux4AuUGJOXMAqpw9+nvQB2HyqhjQ=; b=lBv4JQ36JZ4VoYW9iCXU9jBz0yHXK0XgGMMtTsfLdDz1BOl8N2TrjZJamx9woXVw6W9GX0pyF1H0F9WTZ+cP8uwF3FVntajbF/LhOLfpNZuGPntWk3kkQNuEXApIFNezwlSUXE4vzBut3LFd0pdd+uiEraX5zjVKEZs1I9QuRms= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093770089410.79917002743673; Mon, 9 Mar 2026 15:02:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vzies-00038V-Kx; Mon, 09 Mar 2026 18:01:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzieg-00031K-M7 for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: from mail-yw1-x112a.google.com ([2607:f8b0:4864:20::112a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziee-0004Wm-JO for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:50 -0400 Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-79853c0f5b9so99759697b3.0 for ; Mon, 09 Mar 2026 15:00:48 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093647; x=1773698447; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ujPltNFffjQeUE4ux4AuUGJOXMAqpw9+nvQB2HyqhjQ=; b=k6LnQdGio4NC8W0voli9gj+KpPpVBrIxPvWlY3emjTHodxF35GyvfRmfapyU2Qaqfp J1fkJp/RneOSf0x9haMWEmRYe+RqSF5AW4qE8aWZInM+MnsA297rOtl31ueFtsGCrlpd ipf+HFZGtKLCpf5VTisBWmHlM/qsTAV+idpVZRUA1oTDfmAY44oLUjyihauqE2X+wtA2 TTs2HcVeMjQWfnaf/jneyUoBMkkKLz/zUCICMyegOG2DvVwVTHWD2vmd5ZqK1/fc++qO ZzEHLLa2yliYWxyVTWFuaMdYLo0x8IafxjxVlEWExvXvimw50nOiRdR8Ws8zVhsQ4PLb GuFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093647; x=1773698447; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ujPltNFffjQeUE4ux4AuUGJOXMAqpw9+nvQB2HyqhjQ=; b=QC89cCXbEK05JIo8b+DYMXNmf6rbCkbrKgvoGItjfmcppyrJi0qUtwnZcSlZD2Prkr A9/N8SkRJ3yc5Y5pQztyJ5s3D3MVpm9cOP/ltTI7QDv5Xn7JjYtXJGgjX//wWf9B5jed sxc2Un1myj3KV242xwD7l/60HVAOOJXV7CuC8t642clHZALOq564PuqpR2BHKzg01Mab /yfXynbRp0VW2xm7jSJYdTvmdbK/lxJB3//G4rwZe/BqEfaxbzHBGs+MsxCy+QQXNzlV Mu31plxI5s2yTHL+axLAEZbBQxDFxX2jGV6j9/ZeBBoErTVrFSDLlSIpb4BR+fN1ariX zmow== X-Gm-Message-State: AOJu0Yx6c4ZvvqVsDXaLOyJlspVhgbUCFiDeofcA+qbyrWQCB5ZBeRQU fdjEbUNuQUgs6CYeGuWKcVTArUXS74anWKO9iXa1JM08WnHHjEtV2UKR8nTdW2Nh X-Gm-Gg: ATEYQzx5BCkPdLtCNV0Q/23OlbWt2OxywtFnlFu0fgt0VxEopVyJT19Fal+7HXHXE27 DFQ6yDa0XI89jVKw0wRJXGwQdO4itou6sZ/DCwHOGCoB0NaUxGhugkH1Nrkj+FcmabcYts7tlnD GI1r+VcgTJjKjc/un4QF7UAfsIIUtxDEzj3JHxkVUTrDPiDNkn9zm3twnJed0i23NTetcOt1tsb zoUrlaAhJtO0lG27vopZJTnr2RSps96hs5/J8y+l8fSBIAkV+WJ/ExXlv7q1JRvLAulCXO2WLzF bEDk84/GpbzKGsNw0uTLuEfTsMHCJOvRYNrsYwWWIGRNQbcdbnjFAk75t5GL66dAKwUmgQ2sfEP I5rtYAMM9ZP1/WdsKJdFlfE1WUh6C28HTvaw++SZCPqzxCcc3ErhqaJYRVFsHSDpVLqPrza/3W5 2KfYOavacBAmO5k7tbMhnOorI8tT8+icG0HJs= X-Received: by 2002:a05:690c:f08:b0:798:3efa:6036 with SMTP id 00721157ae682-798dd756691mr124504177b3.35.1773093647236; Mon, 09 Mar 2026 15:00:47 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:36 -0400 Subject: [PATCH v4 04/13] linux-user: add MTE_STORE_ONLY to prctl MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-4-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=4879; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=qTNWWgwzs5nbevga6YuVxpSCsqyxLBjC/93+JoZ5eqE=; b=pTRRZ1zMhCwnPviuv/voAtwnOrr/ocMKDgUpE7eus7qnYAhtYHsGLKq7gqLyk8fE0bqfdP39X lmymNrTqq3yDPyQsOnshX9TpJ4eLXXVphm4kIzQHsFoKcuyIl9eBE2P X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::112a; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x112a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093771637154100 Linux-user processes can now control whether MTE_STORE_ONLY is enabled using the prctl syscall. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- linux-user/aarch64/mte_user_helper.c | 11 ++++++++++- linux-user/aarch64/mte_user_helper.h | 14 +++++++++----- linux-user/aarch64/target_prctl.h | 6 +++++- target/arm/gdbstub64.c | 2 +- tests/tcg/aarch64/mte.h | 3 +++ 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/linux-user/aarch64/mte_user_helper.c b/linux-user/aarch64/mte_= user_helper.c index a5b1c8503b..b5c4dafcda 100644 --- a/linux-user/aarch64/mte_user_helper.c +++ b/linux-user/aarch64/mte_user_helper.c @@ -10,7 +10,7 @@ #include "qemu.h" #include "mte_user_helper.h" =20 -void arm_set_mte_tcf0(CPUArchState *env, abi_long value) +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value) { /* * Write PR_MTE_TCF to SCTLR_EL1[TCF0]. @@ -32,4 +32,13 @@ void arm_set_mte_tcf0(CPUArchState *env, abi_long value) tcf =3D 2; } env->cp15.sctlr_el[1] =3D deposit64(env->cp15.sctlr_el[1], 38, 2, tcf); + + /* + * If MTE_STORE_ONLY is enabled, set the corresponding sctlr_el1 bit + */ + if (value & PR_MTE_STORE_ONLY) { + env->cp15.sctlr_el[1] |=3D SCTLR_TCSO0; + } else { + env->cp15.sctlr_el[1] &=3D ~SCTLR_TCSO0; + } } diff --git a/linux-user/aarch64/mte_user_helper.h b/linux-user/aarch64/mte_= user_helper.h index 0c53abda22..8a46f743f4 100644 --- a/linux-user/aarch64/mte_user_helper.h +++ b/linux-user/aarch64/mte_user_helper.h @@ -20,15 +20,19 @@ # define PR_MTE_TAG_SHIFT 3 # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif =20 /** - * arm_set_mte_tcf0 - Set TCF0 field in SCTLR_EL1 register + * arm_set_tagged_addr_ctrl - Set TCF0 and TCSO0 fields in SCTLR_EL1 regis= ter * @env: The CPU environment - * @value: The value to be set for the Tag Check Fault in EL0 field. + * @value: The value to be set for the Tag Check Fault and Tag Check Store= Only + * in EL0 field. * - * Only SYNC and ASYNC modes can be selected. If ASYMM mode is given, the = SYNC - * mode is selected instead. So, there is no way to set the ASYMM mode. + * Only SYNC and ASYNC modes can be selected for TCF0. If ASYMM mode is gi= ven, + * the SYNC mode is selected instead. So, there is no way to set the ASYMM= mode. */ -void arm_set_mte_tcf0(CPUArchState *env, abi_long value); +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value); =20 #endif /* AARCH64_MTE_USER_HELPER_H */ diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_= prctl.h index 621be5727f..d91e75d60d 100644 --- a/linux-user/aarch64/target_prctl.h +++ b/linux-user/aarch64/target_prctl.h @@ -168,6 +168,9 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |=3D PR_MTE_TCF_MASK; valid_mask |=3D PR_MTE_TAG_MASK; + if (cpu_isar_feature(aa64_mte_store_only, cpu)) { + valid_mask |=3D PR_MTE_STORE_ONLY; + } } =20 if (arg2 & ~valid_mask) { @@ -176,7 +179,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) env->tagged_addr_enable =3D arg2 & PR_TAGGED_ADDR_ENABLE; =20 if (cpu_isar_feature(aa64_mte, cpu)) { - arm_set_mte_tcf0(env, arg2); + arm_set_tagged_addr_ctrl(env, arg2); =20 /* * Write PR_MTE_TAG to GCR_EL1[Exclude]. @@ -185,6 +188,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) */ env->cp15.gcr_el1 =3D deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT); + arm_rebuild_hflags(env); } return 0; diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index b71666c3a1..3d24c09ccc 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -684,7 +684,7 @@ int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *= buf, int reg) * expose options regarding the type of MTE fault that can be controll= ed at * runtime. */ - arm_set_mte_tcf0(env, tcf); + arm_set_tagged_addr_ctrl(env, tcf); =20 return 1; #else diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 0805676b11..17b932f3f1 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -20,6 +20,9 @@ #ifndef PR_TAGGED_ADDR_ENABLE # define PR_TAGGED_ADDR_ENABLE (1UL << 0) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif #ifndef PR_MTE_TCF_SHIFT # define PR_MTE_TCF_SHIFT 1 # define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093709; cv=none; d=zohomail.com; s=zohoarc; b=SRXi4cMN6d8g84ufNFueSEgBskkcQbWi4hmcStPEBn/5AshB8L2aOs+KjhAoQOXLsbhD3CPvxXHJS5PMdFGj1fMiOv2vnqPLiRiIs+4BH4aPdrrs5sUi5VsWa9iG2CZYVl3UxG2SvyxqYdQQjC8K4wp1duIFRo2jY0TfYPfp7MM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093709; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=O2wD4jjOup2pu4XAtQtAoP+ZT1vD3Nez690bv2gJQuc=; b=ius/aZr6V4qRu2BvsmLsjwIw2GCkNrBvlOlGrPbJBCa42k84wUw4/loZ12pF5guCcNPE/rVY4L9LbTByEywNU0PfOv7zfwOiXvn+NgdjZCM/xyHM2Ezr5ZOKolOI81sM1WZpK0DgcDRFhnxAFQ8uamzVcIMKjv28MJ7B905XktI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093709185766.3662323650318; Mon, 9 Mar 2026 15:01:49 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziep-00036y-Ld; Mon, 09 Mar 2026 18:00:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzieh-00031M-CJ for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: from mail-yw1-x112b.google.com ([2607:f8b0:4864:20::112b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzief-0004X7-IT for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-79863ab8478so113964587b3.3 for ; Mon, 09 Mar 2026 15:00:49 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093648; x=1773698448; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=O2wD4jjOup2pu4XAtQtAoP+ZT1vD3Nez690bv2gJQuc=; b=GOGUCpetvdCu0WZiVXE4G816QcgCX240nGmSbBsxP3i/OG8FYA0epfqyxy3ZsbZpCI 6r9fL0a4xg+SyJbyu8+hmeSiKeilmqmPBjIpI9WEXcZ+rTySZRIwu6m6YqsOH0IKeTm3 Y1MmJK30ZFxnbWvpawn5La0BOgpRTAW+bPKjZZgYWNT8F9JdvlYL6E2sgaqLYK6KQpkb lk3ZbK8kAFxu50S4UTGwt5FGgyWTBaO/6wlQ+TBlUvfC+oYM5a2Wawu4DTb+74FfFSmY UUWTUjvRxvzqNg88x7O4phsmISMGyG0lzXEZAAWgTRApxZuNOH9B+rX9ax42pENOuRQ3 NxHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093648; x=1773698448; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=O2wD4jjOup2pu4XAtQtAoP+ZT1vD3Nez690bv2gJQuc=; b=bYIXEO5WTWmv/dPYubPjmQFgL5QdgKEl9NfflSvi6maNt0iLgJRpjPEKb1+NvjgI22 /mlqidyqCCkraDyCyvRzDQWBJASYhgNzvPLCFt+xqx2OpIyyYsPqejreVAfEauSXA8e9 32sEHW7Jg1Vr97AlclPITOglB5OEiN4aUH9swupP9sySADcZcwaavAAPuc7bvG6/tCnl riQrdyvA06EagRLUJujfHnVlDXoUZEA9QhzvlHmhjbwjUqWnIZujslurWCIxE2rNXu1f h2ntuiN2gOfGVY+URE8mdWkNici4edthQ4dqX+ozdraTbsxjwKbLapbRdoUNDjjbdHH5 b84A== X-Gm-Message-State: AOJu0YwnJswV0nPlXYGEQzvzJCzbq+J5zkfGrcyII1PJnkzbtly3tB63 js1AvVZiAKf2PwjQkfI8wXF4e1LDh2O5rlC4tC9fEMAcJiKapXNGiwxF X-Gm-Gg: ATEYQzx2oZFpMNRmAZiDo354ZhIkkI4MSyPRgSZ7rLqSoROsButTifB8ofXZiHwZ7Kh 9aEe1WUJuCRmuz9OeaPF81M17AvoUktFXEJIRcyjQBS+VDEl5U4PUOXo9UXp7gB7upUgF9t11PE Bh0U4q4luzJMaITgMbjEhx7ngVoKgoC8yVHUAZ0scwGPJr1hj1wQZJh9dnkDJ4wKc6OWsUZKbt+ 1Oug/S2M9i3NLSZ5nbIgdPMVESLWipfKUKJWZ3Tk5p51ejqOMXSmh/GJp54SXHUHQGKHUZX8l4g wrRQgdu6u8juhGdziDw2XG8jR7t5fNp5gmYNNtltYHP9jFJPxHoesNx7VIK1vJIklTYqiwO9xcF rHRU9Sp+KMUZmPAcin6qkHlFqtf1/D9qjBC+S3Tfv+owxXX9ra2cplhbATIcIxRjA8lTodO90YF uN2xB5jhmNTt9D7DdafagP46WOKFezS2IXh7eDE8bJDA8OIA== X-Received: by 2002:a05:690c:c4f1:b0:798:5333:ce0d with SMTP id 00721157ae682-798dd6735a3mr121144487b3.4.1773093648151; Mon, 09 Mar 2026 15:00:48 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:37 -0400 Subject: [PATCH v4 05/13] target/arm: tag check emitted when MTX and not TBI MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-5-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=7132; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=CvQdHFZlrw02ARvaH7I9xm2g7R5bSAJQDhaj0sc+Ih4=; b=yGlZLynh66TNZDUJR5znUhIZHxIrPzjrs1tfbSKKxy/VmG86dq4Xsiv87IMSL1QHtBFwEUK+q Z6FSmNE70+7Ce6ASZ1BHm8F2woOu+H0x92PNcZWyuQ/4eWvmy6f31YM X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::112b; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x112b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093711176154100 Previously, the TBI bit was used to mediate whether tag checks happened. With MTE4, if the MTX bits are enabled, then tag checking happens even if TBI is disabled. See AccessIsTagChecked. Signed-off-by: Gabriel Brookman --- target/arm/helper.c | 10 ++++++++++ target/arm/internals.h | 10 +++++++++- target/arm/tcg/helper-a64.c | 9 +++++---- target/arm/tcg/hflags.c | 9 +++++---- target/arm/tcg/mte_helper.c | 9 ++++++--- 5 files changed, 35 insertions(+), 12 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 987539524a..56858367fd 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9613,6 +9613,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index 8ec2750847..a45119caa2 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1411,6 +1411,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); @@ -1546,7 +1547,8 @@ FIELD(MTEDESC, TBI, 4, 2) FIELD(MTEDESC, TCMA, 6, 2) FIELD(MTEDESC, WRITE, 8, 1) FIELD(MTEDESC, ALIGN, 9, 3) -FIELD(MTEDESC, SIZEM1, 12, 32 - 12) /* size - 1 */ +FIELD(MTEDESC, MTX, 12, 2) +FIELD(MTEDESC, SIZEM1, 14, 32 - 14) /* size - 1 */ =20 bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr); uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_= t ra); @@ -1622,6 +1624,12 @@ static inline bool tbi_check(uint32_t desc, int bit5= 5) return (desc >> (R_MTEDESC_TBI_SHIFT + bit55)) & 1; } =20 +/* Return true if mtx bits mean that the access is canonically checked. */ +static inline bool mtx_check(uint32_t desc, int bit55) +{ + return (desc >> (R_MTEDESC_MTX_SHIFT + bit55)) & 1; +} + /* Return true if tcma bits mean that the access is unchecked. */ static inline bool tcma_check(uint32_t desc, int bit55, int ptr_tag) { diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index 2dec587d38..5f739d999c 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1054,7 +1054,7 @@ static int mops_sizereg(uint32_t syndrome) } =20 /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA, TBI, and MTX bits mean we need to do MTE check= s. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) @@ -1062,12 +1062,13 @@ static bool mte_checks_needed(uint64_t ptr, uint32_= t desc) int bit55 =3D extract64(ptr, 55, 1); =20 /* - * Note that tbi_check() returns true for "access checked" but - * tcma_check() returns true for "access unchecked". + * Note that tbi_check() and mtx_check() return true for "access check= ed", + * but tcma_check() returns true for "access unchecked". */ - if (!tbi_check(desc, bit55)) { + if (!tbi_check(desc, bit55) && !mtx_check(desc, bit55)) { return false; } + return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } =20 diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 75c55b1a6d..e753124c4c 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -245,13 +245,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, uint64_t tcr =3D regime_tcr(env, mmu_idx); uint64_t hcr =3D arm_hcr_el2_eff(env); uint64_t sctlr; - int tbii, tbid; + int tbii, tbid, mtx; =20 DP_TBFLAG_ANY(flags, AARCH64_STATE, 1); =20 /* Get control bits for tagged addresses. */ tbid =3D aa64_va_parameter_tbi(tcr, mmu_idx); tbii =3D tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx); + mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); =20 DP_TBFLAG_A64(flags, TBII, tbii); DP_TBFLAG_A64(flags, TBID, tbid); @@ -403,14 +404,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, + * 1) If TBI and MTX are both unset, accesses are Unchecked. * 2) If Tag Check Override, then all accesses are Unchecked, * 3) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, * 4) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid + if ((tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & (el =3D=3D 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); @@ -436,7 +437,7 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid + && (tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 4deec80208..1484087a19 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -819,8 +819,11 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, bit55 =3D extract64(ptr, 55, 1); *fault =3D ptr; =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + /* + * If TBI and MTX are disabled, the access is unchecked, and ptr is not + * dirty. + */ + if (unlikely(!tbi_check(desc, bit55) && !mtx_check(desc, bit55))) { return -1; } =20 @@ -961,7 +964,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32= _t desc, uint64_t ptr) bit55 =3D extract64(ptr, 55, 1); =20 /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + if (unlikely(!tbi_check(desc, bit55) && !mtx_check(desc, bit55))) { return ptr; } =20 --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093752; cv=none; d=zohomail.com; s=zohoarc; b=QfrHxBaxbA7b1pBzSh+sbU6bY0r1cCaLi5qEJSootlysQguU550ENsBFfDXqTh6QnqxttiaM4GM5CDWGJ3SAPGcK+yMvzvCWJylVLYaBqhj7YwPeV7p9bJrUDrlXI/xHbDr808R1Eg2EjjOFZVsYeqO3KHCX7yJie5pmEoqlG80= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093752; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=hY60D7v/rxDcBw9h5eZwOSrkKI4gGjyHlv1OUyQA2c0=; b=SGATkaVAoDAh/Y319+5QSqX5dxRw1U0sH/W1gl/BasGT066i5F40pZiC18oMFq0fYAnNEM/7JuABeP3cK/6tpkx7xfvWUQIeiPiVK6aE+xeeMXJYlCJ5/psEaiMENBDIvcJUghuUZ9ikZ9gho3jjg5CXvjmMSWLw0Bh/aIgR32E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093752934888.7173180443265; Mon, 9 Mar 2026 15:02:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziep-00036Z-Cg; Mon, 09 Mar 2026 18:00:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vziek-000332-1K for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:55 -0400 Received: from mail-yw1-x112e.google.com ([2607:f8b0:4864:20::112e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzieg-0004XV-3V for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:51 -0400 Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-79885f4a8ffso97379427b3.3 for ; Mon, 09 Mar 2026 15:00:49 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093649; x=1773698449; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=hY60D7v/rxDcBw9h5eZwOSrkKI4gGjyHlv1OUyQA2c0=; b=kGk2vRkdMN1AWbqPDUDuLVnakRymI4HTufqQLgFRkv5uuzicCwtE3x6CbexM2Qdg1e 9goU0+qOCLk2+4xheEpW1bLNZ3JjURH4GDS/9Sj6B9AEMsIPTzFVxqkFDAJ0FDF9SVOK RpABgtsom/VyeyotMaC955vOjv0N5ZDBGsPaZUo++4zlANNSyFy5hORd1eDfp+88G3ij BiPzHtyzt5PtzIy4gPElz2ODzzxIJYDWIgAXuW9j4YuKjwz2NcMCvyfqrOTmqigRiyTq AbzzrxgMOHOdvpXuwwe+j4qPE7XJOEyCK5/kt13brwZsABB3AGCDaqlkq7dVSGbtosmO 9D/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093649; x=1773698449; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hY60D7v/rxDcBw9h5eZwOSrkKI4gGjyHlv1OUyQA2c0=; b=Sfmc0FySH7kJeltVIcL1BIa68toSNqOaCfnBjNjBHB0YQdmS1EOnTnzBzaaEP3HDDQ SXQUf0WVyi1qKbzfqQ9V+ILHFyceHZ2a0b0tjsTolAHDWsmO4fRnedVi7NiLO7ph5hyh vCeCYavK78ruNvonHc5lNmyP9x3G/rwfpfgIRNEoQTsnkmnGOdw6zRk8A3MxVEkQ6Gat pi+4VKVfoARW5b83X9aer77MRpOlBoo/4uOav013nVE4Sw5PDmpIPeKG7dDb1ZdGmMxU G36Ls1mjCs/F2JZNfnaY4sLQGfNCfN8bpk0EW/OpIUkRWWf69KGm3NsHWYs9jvxNGS/S FM/Q== X-Gm-Message-State: AOJu0YzJ/nQWeYNBTS+TSi7PfMOJv/1+AX/SXCj3PKrjHz33X4HU5xtZ OCV/kPme8n7ZoRg/tEdUl5fYS7gymibx9jTTCZI5K6d6HpwIYaCweurV X-Gm-Gg: ATEYQzwN1nKCsvutwA8bhZVhGRmieytpWIVt5Dq4SPLkFa87JN9+620jRhkJMYasEMe +6IaooWLGffL8bqYt9MwMNJc4UddlfTs6jthkqjOf6fKt8jnv3xNN0Zs7+GPrnl+pwcTG5y2IVC hIgEx90lgMWu7x38bXxeYnxVfC1m5EaZSGdl7BdoDUmOLoN2e8NUMvVC2gKjcE6ynpJ74fe24C2 PzBx7JWl3/3VSaI0T+6f10AmoPmf1b//rvOcDX6EcIQvHR9UNTJzz7ZQiS3V2HdsvuOjejfO+oT 456O3mdwNKcH4dWTxm5TMEEMClC7jfFs8BD03tK0visbAtV0oewnzUlQ4LoEu1nlVhhir//QOBy xvOFP54D1B6uZZYvzbu16cL+qKOAicyNpLWjvzMDNOlrdvTsPYev5WCc8EMmYvg76g7MdkQPo/f 5U5SQN5f1l5E7T76OjJvNeJtzHZmEih5gRbGQ= X-Received: by 2002:a05:690c:698b:b0:798:6f0b:86ba with SMTP id 00721157ae682-798dd6a6ea5mr114092527b3.23.1773093649017; Mon, 09 Mar 2026 15:00:49 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:38 -0400 Subject: [PATCH v4 06/13] target/arm: add canonical tag check logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-6-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=10551; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=NvQWtYV+wKv0KzfOcoI/k2J4z6Cnibpsfzwdnk4YB6k=; b=Ez45Ab2Lkg/oULqCDPCVkHgIW3W96Qo0+8LKrcO4IPzL2rdjJw8syfMG0rXneFJa+l7cBDIfI /kUMX1KfoCkAqpNRU8LtA4ULYA8h95484V06sbXnRTtgxzyhF3ocqNQ X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::112e; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x112e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093753356158500 This feature causes tag checks to compare logical address tags against their canonical form rather than against allocation tags, when the check happens in a canonically tagged memory region. Described in the ARM ARM section "Logical Address Tagging". Signed-off-by: Gabriel Brookman --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 1 + target/arm/internals.h | 31 ++++++++++++++++++++++++++++++- target/arm/tcg/hflags.c | 4 ++++ target/arm/tcg/mte_helper.c | 21 +++++++++++++++++++++ target/arm/tcg/translate-a64.c | 7 +++++++ target/arm/tcg/translate.h | 1 + 7 files changed, 69 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 38fc56b52e..5e3dc5256f 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1154,6 +1154,11 @@ static inline bool isar_feature_aa64_mte_store_only(= const ARMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; } =20 +static inline bool isar_feature_aa64_mte_mtx(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTEX) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 7911912c3e..1f33c0d163 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2527,6 +2527,7 @@ FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) +FIELD(TBFLAG_A64, MTX, 47, 2) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/internals.h b/target/arm/internals.h index a45119caa2..52597a351c 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1630,6 +1630,12 @@ static inline bool mtx_check(uint32_t desc, int bit5= 5) return (desc >> (R_MTEDESC_MTX_SHIFT + bit55)) & 1; } =20 +/* Return whether or not the second nibble of a VA matches bit 55. */ +static inline bool tag_is_canonical(int ptr_tag, int bit55) +{ + return ((ptr_tag + bit55) & 0xf) =3D=3D 0; +} + /* Return true if tcma bits mean that the access is unchecked. */ static inline bool tcma_check(uint32_t desc, int bit55, int ptr_tag) { @@ -1637,11 +1643,34 @@ static inline bool tcma_check(uint32_t desc, int bi= t55, int ptr_tag) * We had extracted bit55 and ptr_tag for other reasons, so fold * (ptr<59:55> =3D=3D 00000 || ptr<59:55> =3D=3D 11111) into a single = test. */ - bool match =3D ((ptr_tag + bit55) & 0xf) =3D=3D 0; + bool match =3D tag_is_canonical(ptr_tag, bit55); bool tcma =3D (desc >> (R_MTEDESC_TCMA_SHIFT + bit55)) & 1; return tcma && match; } =20 +/* Return true if Canonical Tagging is enabled. */ +static inline bool canonical_tagging_enabled(CPUARMState *env, bool select= or) +{ + int mmu_idx; + uint64_t tcr, mtx_bit; + + /* If mte4 is not implemented, then mtx is by definition not enabled */ + if (!cpu_isar_feature(aa64_mte_mtx, env_archcpu(env))) { + return false; + } + + mmu_idx =3D arm_mmu_idx_el(env, arm_current_el(env)); + tcr =3D regime_tcr(env, mmu_idx); + + /* + * In two-range regimes, mtx is governed by bit 60 or 61 of TCR, and in + * one-range regimes, bit 33 is used. + */ + mtx_bit =3D regime_has_2_ranges(mmu_idx) ? 60 + selector : 33; + + return extract64(tcr, mtx_bit, 1); +} + /* * For TBI, ideally, we would do nothing. Proper behaviour on fault is * for the tag to be present in the FAR_ELx register. But for user-only diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index e753124c4c..40a934a8af 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -460,6 +460,10 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, } /* Cache TCMA as well as TBI. */ DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx)); + /* Cache MTX. */ + if (cpu_isar_feature(aa64_mte_mtx, env_archcpu(env))) { + DP_TBFLAG_A64(flags, MTX, mtx); + } } =20 if (cpu_isar_feature(aa64_gcs, env_archcpu(env))) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 1484087a19..b54fbd11c0 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -854,6 +854,13 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, mem1 =3D allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, MMU_DATA_LOAD, ra); if (!mem1) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTag= ged, + * otherwise it is Untagged. See AArch64.CheckTag. + */ + if (mtx_check(desc, bit55)) { + return tag_is_canonical(ptr_tag, bit55); + } return 1; } /* Perform all of the comparisons. */ @@ -867,6 +874,12 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, ptr_last - next_page + 1, MMU_DATA_LOAD, ra); =20 + /* If either region is canonically tagged, do a canonical tag chec= k */ + if (mtx_check(desc, bit55) && (!mem1 || !mem2) + && (!tag_is_canonical(ptr_tag, bit55))) { + return 0; + } + /* * Perform all of the comparisons. * Note the possible but unlikely case of the operation spanning @@ -974,6 +987,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32= _t desc, uint64_t ptr) goto done; } =20 + /* * In arm_cpu_realizefn, we asserted that dcz > LOG2_TAG_GRANULE+1, * i.e. 32 bytes, which is an unreasonably small dcz anyway, to make @@ -995,6 +1009,13 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint= 32_t desc, uint64_t ptr) mem =3D allocation_tag_mem(env, mmu_idx, align_ptr, MMU_DATA_STORE, dcz_bytes, MMU_DATA_LOAD, ra); if (!mem) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is Untagged. See AArch64.CheckTag. + */ + if (mtx_check(desc, bit55) && !tag_is_canonical(ptr_tag, bit55)) { + mte_check_fail(env, desc, ptr, ra); + } goto done; } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 874174a15b..366830f7f0 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -311,6 +311,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(mem= op)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, memop_size(memop) - 1); =20 ret =3D tcg_temp_new_i64(); @@ -344,6 +345,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr,= bool is_write, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(sin= gle_mop)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1); =20 ret =3D tcg_temp_new_i64(); @@ -3002,6 +3004,7 @@ static void handle_sys(DisasContext *s, bool isread, desc =3D FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s)); desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); =20 tcg_rt =3D tcg_temp_new_i64(); gen_helper_mte_check_zva(tcg_rt, tcg_env, @@ -4872,6 +4875,7 @@ static bool do_SET(DisasContext *s, arg_set *a, bool = is_epilogue, desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, true); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); /* SIZEM1 and ALIGN we leave 0 (byte write) */ } /* The helper function always needs the memidx even with MTE disabled = */ @@ -4926,11 +4930,13 @@ static bool do_CPY(DisasContext *s, arg_cpy *a, boo= l is_epilogue, CpyFn fn) if (s->mte_active[runpriv]) { rdesc =3D FIELD_DP32(rdesc, MTEDESC, TBI, s->tbid); rdesc =3D FIELD_DP32(rdesc, MTEDESC, TCMA, s->tcma); + rdesc =3D FIELD_DP32(rdesc, MTEDESC, MTX, s->mtx); } if (s->mte_active[wunpriv]) { wdesc =3D FIELD_DP32(wdesc, MTEDESC, TBI, s->tbid); wdesc =3D FIELD_DP32(wdesc, MTEDESC, TCMA, s->tcma); wdesc =3D FIELD_DP32(wdesc, MTEDESC, WRITE, true); + wdesc =3D FIELD_DP32(wdesc, MTEDESC, MTX, s->mtx); } /* The helper function needs these parts of the descriptor regardless = */ rdesc =3D FIELD_DP32(rdesc, MTEDESC, MIDX, rmemidx); @@ -10700,6 +10706,7 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); + dc->mtx =3D EX_TBFLAG_A64(tb_flags, MTX); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 74143161f4..846e383c70 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -82,6 +82,7 @@ typedef struct DisasContext { uint8_t tbii; /* TBI1|TBI0 for insns */ uint8_t tbid; /* TBI1|TBI0 for data */ uint8_t tcma; /* TCMA1|TCMA0 for MTE */ + uint8_t mtx; /* MTX1|MTX0 for MTE */ bool ns; /* Use non-secure CPREG bank on access */ int fp_excp_el; /* FP exception EL or 0 if enabled */ int sve_excp_el; /* SVE exception EL or 0 if enabled */ --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093735; cv=none; d=zohomail.com; s=zohoarc; b=B+Q4sMWwHeCCbe+Yq1kpisY8lC4h1VbTYikJtL8xT1z7FfOextEYWDS82M9URgHfP3JnMsfCtil1Uqjh/8fljaNrMxUuJVuOFzYg4We6qkBDggyYgw4SYeLUcY0sbk5KkbmPDPrQ0BZoM86GCXW/go4n14/PwkxzjLfUeJQ5IfA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093735; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GQQEc0WUkn1kST8uqeyTH9y+WEy6NEvoOvEkjAHa9Bo=; b=dZ+hKvy4NZp/lv/tmqpf75AOBWeHa292q7PkDC9eQfpf4uVKtLaezgz4Tcj8NQspXNa+TwMXby6+DboNsDdvQLkEOmAxhc+SLUoBohihlb7e/3/XnEF/kiakmcwmz8M907r8xwmLXF5pFxj3OGCBoP1To1zb74ntDk4ytE0U5jA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093735093308.42606568421115; Mon, 9 Mar 2026 15:02:15 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziet-00038f-3z; Mon, 09 Mar 2026 18:01:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vziek-000331-1K for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:55 -0400 Received: from mail-yx1-xb136.google.com ([2607:f8b0:4864:20::b136]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzieh-0004Xv-5p for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:52 -0400 Received: by mail-yx1-xb136.google.com with SMTP id 956f58d0204a3-649278a69c5so10334379d50.3 for ; Mon, 09 Mar 2026 15:00:50 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093650; x=1773698450; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=GQQEc0WUkn1kST8uqeyTH9y+WEy6NEvoOvEkjAHa9Bo=; b=gk5TW6RFG0HWj+5yDzH7BH5hSQyOusWqPAwL58JUIGEF3gqOstQW66MuJvqKcOqNvj PQFY2V0EiqIlyuO7nFVH9Zn1LNnhsRPvdxGJJv/J/v73XlY4Ft9awqcyQeuWZ5B9IDmJ 6zTW7eIBG3UvNjmrbyug6fzEFpfV9r7lHPmtuT2gsTPSTTkykamvNZdyGok5Fp13Vmzr KffinaX7gNStBqYRuZWMR5tLY/PLmqFlflGIj3K5uwLeAq3dmuQxPyb6Tiuh2QDCGsJ2 AuU1IRmz/LtZPW4VtFdowjTIw7BD52K3P/hAxH1cKWDKJlVW5+1VhuD/HZslfdgnINM0 qzsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093650; x=1773698450; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=GQQEc0WUkn1kST8uqeyTH9y+WEy6NEvoOvEkjAHa9Bo=; b=MvhenvxjMoQbCm/7yEbDv6fbi0l2qkbSPfYdtKav3fd1bht+YveXV0bqlYa7U/0e4k n1WoX6c09AZOMRHILB99KlZwetYGkBnhFeUtWZsP5eGWIyPvp25JTey+4KAnf03jFxJh 4PeTA3fiTarQBqgaqvYFS9hg+tiDJ///zAMH+4TL+jl5w/41MaCWVzL9dOeRUPWy7QAm wRp4NWaTx21GxRyGSJwYFjhDmxR+/gWjQNLXhxul8rwBMYwevZLFv2xdgSdNMQn+JNxp zFyZBzxTy0Ox6q4vIFI8W1X1wjnMp9gf5Tt7fMuVxuVhDkzMAwRcRhx5HAjJBUwG5Jjr aLYg== X-Gm-Message-State: AOJu0YxFZuSyWOvLj90p5wkc3wmBG82bdLgZqwgDdicUZv3mj5cci//Q SRxMIBWb+/cZ34m/+Ij97MT0iCPd6QmYIXZWfa3FuepUI4YxBFYKrqQ2VpxBavSc X-Gm-Gg: ATEYQzzfpEkZ4QZTmpvA4TThodosUQqD0SNeOQlGJYKRrLl8AfyPHdgEokihsASvhnm yJLeGKBp6AltVU2tz16UkVnkt+rVMjhALoUz1VOdWh8QqaMGjAdBnmeyuqZ9fyhfjA14INfWA22 x3+eRhGT8iXKDm3yKcuGeVVEDSugTAFbqLiq5kcFMD7kdY86Z+wDSzmcr5Zps1N2t0JKtrJdrP8 y6JxNgSRnKv0zKjZ8qdZSRAEkZiPxnELnLNQhAk55HOxlI2acl6WFwsHQNhRTIh0vRM+6sbf19l lZqob48MvVQ1BWi4Gsna1E2sqvRvMqGfDFuyh7F18A76MdqcyzbOlvr0SXJE8XoPw0g9QVl4lQO adb7+5fFrGzIJLth6tArLfsH0gSHY7SNbcs/dbFP2Rjf6xGAIKuZW9axltP1uzCuj05Ex958iOI T4VeA1xKextaxZomoxbXCqHcc4UcMSG/ToPSk= X-Received: by 2002:a53:b44f:0:b0:64c:f871:6524 with SMTP id 956f58d0204a3-64d14350b6cmr9031651d50.81.1773093649959; Mon, 09 Mar 2026 15:00:49 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:39 -0400 Subject: [PATCH v4 07/13] target/arm: ldg on canonical tag loads the tag MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-7-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=2624; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=LIQLbnOi9t8oJGXDiTdEoadrMQhotgUGSWP3ejz82kI=; b=gkb8ojaplKj6LJ0PS7Fm3XshQONlr2JmX3LD2TRbny7CkKRHXA9oRapoN4qFs3sp/AromSCJ1 OMUnpfz5i0MBiTK72zIbq+9J971/D1mAZImILhlpMCSosjYW03zbHDb X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::b136; envelope-from=brookmangabriel@gmail.com; helo=mail-yx1-xb136.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093737317158500 According to ARM ARM, section "Memory Tagging Region Types", loading tags from canonically tagged regions should use the canonical tags, not allocation tags. Signed-off-by: Gabriel Brookman --- target/arm/tcg/mte_helper.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index b54fbd11c0..07797aecf9 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -313,6 +313,11 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, u= int64_t xt) /* Load if page supports tags. */ if (mem) { rtag =3D load_tag1(ptr, mem); + } else { + uint64_t bit55 =3D extract64(ptr, 55, 1); + if (canonical_tagging_enabled(env, bit55)) { + rtag =3D 0xF * bit55; + } } =20 return address_with_allocation_tag(xt, rtag); @@ -463,8 +468,10 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) void *tag_mem; uint64_t ret; int shift; + bool bit55; =20 ptr =3D QEMU_ALIGN_DOWN(ptr, gm_bs_bytes); + bit55 =3D extract64(ptr, 55, 1); =20 /* Trap if accessing an invalid page. */ tag_mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD, @@ -472,6 +479,34 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) =20 /* The tag is squashed to zero if the page does not support tags. */ if (!tag_mem) { + /* Load canonical value if mtx is set (untagged memory region) */ + if (canonical_tagging_enabled(env, bit55)) { + switch (gm_bs) { + case 3: + /* 32 bytes -> 2 tags -> 8 result bits */ + ret =3D -(uint8_t)bit55; + break; + case 4: + /* 64 bytes -> 4 tags -> 16 result bits */ + ret =3D -(uint16_t)bit55; + break; + case 5: + /* 128 bytes -> 8 tags -> 32 result bits */ + ret =3D -(uint32_t)bit55; + break; + case 6: + /* 256 bytes -> 16 tags -> 64 result bits */ + return -(uint64_t)bit55; + default: + /* + * CPU configured with unsupported/invalid gm blocksize. + * This is detected early in arm_cpu_realizefn. + */ + g_assert_not_reached(); + } + shift =3D extract64(ptr, LOG2_TAG_GRANULE, 4) * 4; + return ret << shift; + } return 0; } =20 --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093733; cv=none; d=zohomail.com; s=zohoarc; b=N8s4WVIw9SouF8hdJoPfmy7RIYCMKpkqV81ENFbKrnAfM8pnZbfdgmcHoigMgWe2zXp745A9U2CWrkCFOKmt4LKxzoUftlw+6FYp78ubsnFyzWppJNnJn3u6VRAGV10/6YnUIA1320Hd9e0Vhl9H76ev680NnL0+6JWpUxZ0tOY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093733; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=MO2Djzr1JLwBmOPoyAzlXv33IlnjPVuTeb4Lvd1vOdk=; b=Joazk1XV6hw2011CZxKOm5KZczgvjrFgjC3/6slW+EtWX0chnIkV60iJm+Iy0iU+pZou7lOdXupUyn5NTO2QUcs/GmCiiLhMwJsHF90qMw1dcaPaVRjGAcsMKaYAqssdQs4BGRkPNAq6aB05hiV3Xyo4eGq6t0DJuURgK4Bdblk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093733980815.3186228619129; Mon, 9 Mar 2026 15:02:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vzier-00038R-UJ; Mon, 09 Mar 2026 18:01:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzien-000346-9D for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:57 -0400 Received: from mail-yw1-x1135.google.com ([2607:f8b0:4864:20::1135]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziej-0004YR-QB for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:56 -0400 Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-798578e2918so111752897b3.2 for ; Mon, 09 Mar 2026 15:00:52 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093651; x=1773698451; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=MO2Djzr1JLwBmOPoyAzlXv33IlnjPVuTeb4Lvd1vOdk=; b=N9L6xZOwnbZWmEOD/F6txeuHyRM0YxHIL0HGcAVvFJMOSnPGzSm7cafn+PTCWwa3Z2 ahzqCvSgn1cpUmcYwnzlrsfspmAjXBtaSGlFLRcwNz/CMAp/4cFgwvXbnx0lsZGnQMdl n1AA0Ye+lhjDkbyZ7mNdF9fDP8r42VZwnK0U3YGf9dSsJ7d6oVG+gxRzsGyBdLKCZCHm mLqLLgKlIzCFoDx/VyeSSAmatiC3mUaPbbiNF+a8K42/EfbyYUU2X//xsh/yTCxrP+5P l0QQ5hr5VsewrpX0DfqusSuH3pLnZ49cNDm4L2lgve0GGhbWb75yLlzpl/DNHbIP+u2j g1Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093651; x=1773698451; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MO2Djzr1JLwBmOPoyAzlXv33IlnjPVuTeb4Lvd1vOdk=; b=KuhepqPQm/6+gmL9y6wgn6YWd3bDzhXxK3+xgtDAiwC5KI5tKHQInKFDpWpGNynOHS AY5GS9PrzdLDGJa31iZKVdRBo0PF1YTGYj9GlWM5XhpBY8SMhI+tjVIYSIlCNj+v1mgQ j3aKHgbyi8L/I0kRqnxJ4ajxgdFdTNdjWflLFC76JrlGbClCAYYDMShMsvvkAL5RJxRD mVmbMmSEt0UTtkGD7TGUgjqmkbGT4dIvtTc8M4XMeoYNIUl1Tp7XR7yXr98+hScqZ7ZC r1TpBe2jPLhG4rbmnuHj8whP7guIvsaIvYKoBit2nACup1rYvM267Wgb/rCPNwcijGOQ sPqA== X-Gm-Message-State: AOJu0YwabCeVlv6uI/RQwFII71GgChMmVQbP0QNqNM3tqegbu+vnBfjx xWbu5I5eahxF1r+mgHrmH7z+jd+tFq89WiIM45O1ljoR8G2GOaUz0Ppx X-Gm-Gg: ATEYQzw6oSvXahH4cIbNn6nD8gS+gzv3zGasba/YsKpo5yrB5yT5CTOxLXFGVHXantV Ne+RNOTJEUNfULLg21Nr6uOhicDRKe/kCeFpdJdG5mOpBMC5bIe2Bpz9Air/OA9BzVrr9Kbjp6Q xusNyHTh2FeeKsUiSQ4vZ+n5J7kot3GLhJHjiqppvBYbkK692riuY7MnpmDQ+Nu/YkoAUtIjeap GCw54YQQt4hSnDkFDdx+TTqNUQ2dKV/5/WI3OpP2zcm3dvnAIQhXAKvvJU/M+6Vl7dvB3/i0Bvx 5m8VOUtjHCOfMYpot8AY7fEZimTUsnXJhqV9Fk1apyrJX7ycrg2EVsfeUxMe5TGXFkwxjmV7iaM nvShRgYcSHZzXl5/kXJttK4z7JsEttFyFwQeC8FayQcg5Vah1rRTXIicFRw3NatHKddrHiFhj4S k85UTf/rs6Yudsgpl0rfasmmqXEt8kjeHw23TagGaSk9HIjA== X-Received: by 2002:a05:690c:6891:b0:798:3051:2f25 with SMTP id 00721157ae682-798dd7bee25mr138310997b3.59.1773093650909; Mon, 09 Mar 2026 15:00:50 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:40 -0400 Subject: [PATCH v4 08/13] target/arm: storing to canonical tag faults MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-8-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=6244; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=r+Jq2DBcuUbHGiYmeILo/OAcI8m4Vy793dYTMR+04ds=; b=/qRj40FXZ2y/Atn39esRgXnraH+Rb5n8gvZCHDN8BIZ9XUpWaTGBUkbqWcIpxQ8yDZ0P8Ns9a xE8nbQjsmHZBCiC4UfUZzcJPkaFggbEReyFF/RvdcImwMQmpuU+Cjxk X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1135; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1135.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093737097154100 According to ARM ARM, section "Memory region tagging types", tag-store instructions targeting canonically tagged regions cause a stage 1 permission fault with MTX enabled. Signed-off-by: Gabriel Brookman --- target/arm/tcg/mte_helper.c | 69 +++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 69 insertions(+) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 07797aecf9..ddf4ffc51b 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -227,6 +227,20 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, #endif } =20 +static void canonical_tag_write_fail(CPUARMState *env, + uint64_t dirty_ptr, uintptr_t ra) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(arm_current_el(env) !=3D 0, 0, 0, 0, 0, = 1, 0); + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, exception_target_el(env)= , ra); + g_assert_not_reached(); +} + static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -372,7 +386,11 @@ static inline void do_stg(CPUARMState *env, uint64_t p= tr, uint64_t xt, /* Store if page supports tags. */ if (mem) { store1(ptr, mem, allocation_tag_from_addr(xt)); + } else if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; } + } =20 void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt) @@ -389,9 +407,19 @@ void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); + uint8_t *mem; =20 check_tag_aligned(env, ptr, ra); probe_write(env, ptr, TAG_GRANULE, mmu_idx, ra); + + /* If we are storing to a canonically tagged memory region, fault. */ + if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + mem =3D allocation_tag_mem_probe(env, mmu_idx, ptr, MMU_DATA_STORE, + TAG_GRANULE, MMU_DATA_STORE, true, = ra); + if (!mem) { + canonical_tag_write_fail(env, ptr, ra); + } + } } =20 static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt, @@ -415,6 +443,11 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, MMU_DATA_STORE, TAG_GRANULE, MMU_DATA_STORE, ra); =20 + if (!(mem1 && mem2) && canonical_tagging_enabled(env, 1 & (ptr >> = 55))) { + canonical_tag_write_fail(env, ptr, ra); + return; + } + /* Store if page(s) support tags. */ if (mem1) { store1(TAG_GRANULE, mem1, tag); @@ -426,9 +459,14 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Two stores aligned mod TAG_GRANULE*2 -- modify one byte. */ mem1 =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE, 2 * TAG_GRANULE, MMU_DATA_STORE, ra); + if (mem1) { tag |=3D tag << 4; qatomic_set(mem1, tag); + } else if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + /* Writing tags to canonically tagged memory region: faults */ + canonical_tag_write_fail(env, ptr, ra); + return; } } } @@ -448,6 +486,7 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); int in_page =3D -(ptr | TARGET_PAGE_MASK); + uint8_t *mem1, *mem2; =20 check_tag_aligned(env, ptr, ra); =20 @@ -457,6 +496,29 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) probe_write(env, ptr, TAG_GRANULE, mmu_idx, ra); probe_write(env, ptr + TAG_GRANULE, TAG_GRANULE, mmu_idx, ra); } + + /* If we are storing to a canonically tagged memory region, fault. */ + if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + if (likely(in_page >=3D 2 * TAG_GRANULE)) { + mem1 =3D allocation_tag_mem_probe(env, mmu_idx, ptr, MMU_DATA_= STORE, + 2 * TAG_GRANULE, MMU_DATA_STORE, + true, ra); + if (!mem1) { + canonical_tag_write_fail(env, ptr, ra); + } + } else { + mem1 =3D allocation_tag_mem_probe(env, mmu_idx, ptr, MMU_DATA_= STORE, + TAG_GRANULE, MMU_DATA_STORE, + true, ra); + mem2 =3D allocation_tag_mem_probe(env, mmu_idx, + ptr + TAG_GRANULE, + MMU_DATA_STORE, TAG_GRAN= ULE, + MMU_DATA_STORE, true, ra= ); + if (!mem1 || !mem2) { + canonical_tag_write_fail(env, ptr, ra); + } + } + } } =20 uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) @@ -569,6 +631,10 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint= 64_t val) * and if the OS has enabled access to the tags. */ if (!tag_mem) { + /* Storing tags to canonically tagged region: fault. */ + if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); + } return; } =20 @@ -619,9 +685,12 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr= , uint64_t val) =20 mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE, dcz_byte= s, MMU_DATA_STORE, ra); + if (mem) { int tag_pair =3D (val & 0xf) * 0x11; memset(mem, tag_pair, tag_bytes); + } else if (canonical_tagging_enabled(env, 1 & (ptr >> 55))) { + canonical_tag_write_fail(env, ptr, ra); } } =20 --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093781; cv=none; d=zohomail.com; s=zohoarc; b=Z5FiEepwtcHO7+FP17oStYxbVv5apfXH+LwgVFCytDXn2ZqRwWLzPlBmnaAGGjRmNn4su5wYv3SqIWzpSj7HYY6DKSddzdx6Teal1jBZN+61iKVHRHxT9FsgOMEkYmD3Px1ySJtvKfuatW7d6uyWCw/8Oijq98ekUEF6Bn9oL54= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093781; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=f0cSdpBLxPbmGMgvkaOnNCGqIDUbCYxrFo7c36qodk4=; b=Rab+QudgGEK9WwOURN9dPZprWqs79RSzmDtP/b9YsT0gW2KP8baAak70lXRkgobDELG346DOR4IuWRl9q9g3j/HLltxs2yK2o6isvZZTeoBfpKylDqtU+stGNLvJ6WPqHsf5G+s8H+0gsJmQh5x8GjGMlawQrPUnrzbBO9xFWr8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093781433422.91759265186613; Mon, 9 Mar 2026 15:03:01 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziet-00039P-Mk; Mon, 09 Mar 2026 18:01:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vziem-00033q-26 for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:57 -0400 Received: from mail-yw1-x1134.google.com ([2607:f8b0:4864:20::1134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziej-0004Yc-Pz for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:55 -0400 Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-79868cde1eeso132686787b3.2 for ; Mon, 09 Mar 2026 15:00:52 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093652; x=1773698452; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=f0cSdpBLxPbmGMgvkaOnNCGqIDUbCYxrFo7c36qodk4=; b=fTG17XXw9qyj2qIS0Nac+9Fjra1Rt6QUH1vq4qRvWuikEQjYjyVS8QjNfD8KB+3XPk nFWuuU+/i61kvDqhUVa7LQCGP1eS7QMUuMoIGO4/ZKuB3TsdCY9ge4SfwGET9vTDd5Tq dDksFRdYNjpnrcKuOVTDcvRBfXJYhHdfory/xnLcAWAhfCxuec1+MeixUrQytxaDbL51 K5Jy6f0uHJVuBiRMrEPJHQw/H0l0uy8OnAacYmjtRjERr3UM60HYXo8oJQUZWN5Tbrhv aqv38AaZdnPRJ9qHoC2cc2Msfa903IcUZPytp4L4FQaH+w+lyWY9QRdjy6Tqx2alx2mX Sfiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093652; x=1773698452; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=f0cSdpBLxPbmGMgvkaOnNCGqIDUbCYxrFo7c36qodk4=; b=mFTMCc7p+61X0uduQyvk8fAqYrI5EmjEKCE/yPxNb1GCJgXtiJ3kffcnypdw2iFFDz muXjfdGmuo5JZu3fm6FbAKOmy4tmvAHPdpmB5mJf6j+W7gZKbT6a4+2grzt6hTDxFet1 ypAiZeRyVlCtcrlbNOeounpIWPSI1egF+rbDP6isxvQi9BGVy3H0ix0Rzg8XzucDHQlI T3ZbNxTkqF8/98LXBI9P01C2CjhwIM+l2jGz/9vTOqL6Cc8bgw1PlzKOauG38YroCMn4 rWo2MevCupk81vF+/W5uxKkIjCVbhfSvZ7/XfZQbgf2HAHPv/n5kijCU1JdbR1b2Z4ju eEWw== X-Gm-Message-State: AOJu0YwtpnNUv5iOZLR2JCdW1Uw9RevH9+C4a6+eVBd+PCpM2/C1fsWh /v9ET5+2VWgl4kSRr3kiSjqlLVIVHFSzr+MS5596TnG3pnuC+f41Tbvq X-Gm-Gg: ATEYQzzyABtE+i6rmhvM+iNhYEc2iou/ElyUw5nGiraXajbBXapjOzuJSzTVt3etKNd UezTZxzmZVYP1W7LY6HRfW9n3dtAnfkf4GLOgXr/wmMV0+ArCvdqhVyg0ZnnNaOznEmS942a5aP WjbPd1WjkNXJ5uOpCtSU8j0MFnHsfuQYGwExlcGipZcf354MQ7dhAj9qVgmbmB+CvHgjEAsgvK5 yJUiOJKmqFOOkE1tXDZws0+YVTldclVf8VqWFy4IRPIaGYjxfBgMn1tjTxrBwtxTO5K5Bq/OhgA OB+iNUzR0UdHnH0y7LiZRhR0HTWrTMrT4T3vhQ4raFBScPBWW9LTMstsvM8cWkBSKTDDlcWOvRQ 1DoPt0c6mLdOhUGM5dUbCrUYJhWbCEgY7jDv6L5oPE+TRJzHPp8zH+tC71DZQMO2QCo6nIbxh9X 7I+g6LnWqzQd2hDHDeHppcdNr/Ie6ktKx9tI0= X-Received: by 2002:a05:690c:6e83:b0:798:769e:ec44 with SMTP id 00721157ae682-798dd79453amr111610677b3.54.1773093651891; Mon, 09 Mar 2026 15:00:51 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:41 -0400 Subject: [PATCH v4 09/13] target/arm: with MTX, no tag bit bounds check MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-9-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=5011; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=g+DPdAhyY+UIYOMM9CEaKmfl8VqevdmlMc/7aUSAHfs=; b=/nzqKf6VfiU7+i9VaZ0+3BtRx+Qbt6K2v2Rf+RC7uizOcI+exHeP22yAYf5iYL6sCrY7cH8cK vqMNJDQrKW3De/r37ZdmWJH0Fm78miSs40TDpQqQecE3wfS0dufJqCS X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1134; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1134.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093783659154100 Virtual address canonicity checks should ignore mismatch in tag bits during translation step if MTX is set. Signed-off-by: Gabriel Brookman --- target/arm/helper.c | 6 +++++- target/arm/internals.h | 1 + target/arm/ptw.c | 28 +++++++++++++++++++++++++--- 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 56858367fd..a61944dedd 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9747,7 +9747,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, { uint64_t tcr =3D regime_tcr(env, mmu_idx); bool epd, hpd, tsz_oob, ds, ha, hd, pie =3D false; - bool aie =3D false; + bool aie, mtx =3D false; int select, tsz, tbi, max_tsz, min_tsz, ps, sh; ARMGranuleSize gran; ARMCPU *cpu =3D env_archcpu(env); @@ -9784,6 +9784,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ha =3D extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu); hd =3D extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu); ds =3D extract64(tcr, 32, 1); + mtx =3D extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte_mtx, cp= u); } else { bool e0pd; =20 @@ -9799,6 +9800,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 12, 2); hpd =3D extract64(tcr, 41, 1); e0pd =3D extract64(tcr, 55, 1); + mtx =3D extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } else { tsz =3D extract32(tcr, 16, 6); gran =3D tg1_to_gran_size(extract32(tcr, 30, 2)); @@ -9806,6 +9808,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 28, 2); hpd =3D extract64(tcr, 42, 1); e0pd =3D extract64(tcr, 56, 1); + mtx =3D extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } ps =3D extract64(tcr, 32, 3); ha =3D extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu); @@ -9905,6 +9908,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, .gran =3D gran, .pie =3D pie, .aie =3D aie, + .mtx =3D mtx, }; } =20 diff --git a/target/arm/internals.h b/target/arm/internals.h index 52597a351c..2c4369cc16 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1396,6 +1396,7 @@ typedef struct ARMVAParameters { ARMGranuleSize gran : 2; bool pie : 1; bool aie : 1; + bool mtx : 1; } ARMVAParameters; =20 /** diff --git a/target/arm/ptw.c b/target/arm/ptw.c index d381413ef7..e31b3085f8 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1929,7 +1929,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1T= ranslate *ptw, * validation to do here. */ if (inputsize < addrsize) { - uint64_t top_bits =3D sextract64(address, inputsize, + /* + * If MTX is enabled, bits 56-59 aren't checked for canonicity + * during translation, since they will later be checked during + * the tag check step. + */ + uint64_t masked_address =3D address; + if (param.mtx) { + masked_address =3D deposit64(address, 56, 4, param.select * 0x= f); + } + uint64_t top_bits =3D sextract64(masked_address, inputsize, addrsize - inputsize); if (-top_bits !=3D param.select) { /* The gap between the two regions is a Translation fault */ @@ -3481,15 +3490,28 @@ static bool get_phys_addr_disabled(CPUARMState *env, if (arm_el_is_aa64(env, r_el)) { int pamax =3D arm_pamax(env_archcpu(env)); uint64_t tcr =3D env->cp15.tcr_el[r_el]; - int addrtop, tbi; + int addrtop, tbi, mtx; + bool bit55; =20 tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx); + mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); if (access_type =3D=3D MMU_INST_FETCH) { tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx); } - tbi =3D (tbi >> extract64(address, 55, 1)) & 1; + bit55 =3D extract64(address, 55, 1); + tbi =3D (tbi >> bit55) & 1; + mtx =3D (mtx >> bit55) & 1; addrtop =3D (tbi ? 55 : 63); =20 + /* + * With MTX enabled, bits 56-59 are not checked according to + * AArch64.S1DisabledOutput. + */ + if (cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) && mtx && + access_type !=3D MMU_INST_FETCH) { + address =3D deposit64(address, 56, 4, ((mmu_idx) && bit55)= * 0xF); + } + if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0) { fi->type =3D ARMFault_AddressSize; fi->level =3D 0; --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093736; cv=none; d=zohomail.com; s=zohoarc; b=A6041ttgtytQwEs0uEd+N3ocv289vhhyQMAWInqhaz6+XpW3OwXVyXsZfG94l4KJUOdRpJlg6zmc78lFVH7KgyXVeJ4oWJgGMJI+5r/cUpwz92KRnbw7c7Ucx3T01jHsItpBe1lwmOdNwEeIR719uEEaNyrrP4qwG+2p88/kd38= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093736; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jcqshWK0PF72SFSXYPEg36r5bTJvD4+18bCR7YlbW8c=; b=XvdpY0H6bXhJWqs2S8cvGXHMw0IZGUpJMXUw9L7a3IjrRLPqwjQ7YysA8KJ5iQPHJguveD6szpWbi5CcwNX8rZiZRGDT/G3iO5fLRsz/LofiLH7CNleCtuqRF+RattD3mMjQvnB0FUtm9amQdkxuvsTDv2MQOTtDvW9p3pt/+Ko= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177309373624878.42438492955557; Mon, 9 Mar 2026 15:02:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziex-0003Ap-QI; Mon, 09 Mar 2026 18:01:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzien-000343-2B for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:57 -0400 Received: from mail-yw1-x1133.google.com ([2607:f8b0:4864:20::1133]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziek-0004Yk-6A for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:56 -0400 Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-7987531082aso118073847b3.3 for ; Mon, 09 Mar 2026 15:00:53 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093653; x=1773698453; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jcqshWK0PF72SFSXYPEg36r5bTJvD4+18bCR7YlbW8c=; b=ArlZQQYeXAYZpL3SmDFGDACd9BVV2VrGEKWx2MRNd/BzvkZPAvdngSsBjhO9V3H/ux Zf8MBN+EVACO813CJm/E6l5CsCfaPV1OOAa/EZTkPJcElTPMFuIX13B0zbRB/4YeQ0EZ 0nrku1OjBV3FmcN2FbTA9KEqUTDDN9YarMoJrB9IpLpkegQhl4dB+Rf4tAupCXwotcWD 1Dx/a3DErmlMBaGCqVmq82LKvtNZPNawaTmIwowznyxS1t99Ac9d0hvCtgxBTCS0zZMZ j/6bN5RnwAl2T/UOsVzbzvq7PYXzyZ/BfYhw1vM2Upb3C9DNLMDTYlwe4XtyMaVXj/uK 31CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093653; x=1773698453; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jcqshWK0PF72SFSXYPEg36r5bTJvD4+18bCR7YlbW8c=; b=uK1g7HxPrhs0syvbC4mBpUY5CHm3Etd9vzv7FOgV61ikYhcbokPa5pkTNzsuxb8zYv 9Jb3+vjuNdXkg1P4aX2icFKTOhqzFvCHIrgaJLszwjtVEgiq6VWZSxFQsMZFzIHRDmHE oKdBmiK+J9fW/jEEDGgBmTZKS6k53eXFcJgG6DxepKdRWdMOOYRdsMJ3V6P6JDAsezw+ D72krnCBjTBVgW0d21r1MjKp25XBzyEzdftwt/lFPmb3pDTt1Spr4dxvMVqm28KNAPac Rz7oCBb9HkJl31dFt8baqVDZlCZTUo6Rfugl7gjBqHV3/a5C8P8M/H7S6NIGob/d4mxX 7sLQ== X-Gm-Message-State: AOJu0YymQ+VEezWtgOV0CLkVVjFZDjI0Ng/p9fa3VrdpxUQyiqEq22c0 pkNV/63sc68xJibWjXqYzKYci/Z4EEjzKLqxBLDvUpMBWGVqgtVqEmKi X-Gm-Gg: ATEYQzwJXnWQOZgu3kvTBFygy+r/qwTJ2kozpVsjEbn0kWzvjJBvJndvTagxbP22XhA 7OjIMangTGxOsAKM4GM9rXCTj5yQ3w/5NtGkSw3YFlDS57VmcX/McDPLBpAnaiMGbshSYXxZ6sK 0l9iakrP3h3+Z9C36O2vdoGv6K5v+fu+Jwd5U7e6/1dvTV3R+9K1Hk2V2TEJeZEzM8YhxtE1eR8 6mykfJmJqygnO052Zf0MwuOH1iXVpMZkUQP6L6akuA8+Uq4o1yCfYE2cJZTLunuXpnHXEwEbMXv tMFvIv1RAe62CPNmxkhkNX4VNRJiHueiqijnYcBlwQpfhAgFn0/4Ztw0kw2FBhBF/PvR0OfP4ns SsfFiUTOu6Xuqj78k3e8zsKiuosz1TlYhezJySUKin3c8K12JlnRcH4jTfYdblHa+rxXwIKLnOY WBCzy/dpzSKtdMJ0ch5qFk/7HLdTEM1zyeDVI= X-Received: by 2002:a05:690c:6e83:b0:796:6df5:4840 with SMTP id 00721157ae682-798dd7aa08cmr118886057b3.59.1773093652734; Mon, 09 Mar 2026 15:00:52 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:42 -0400 Subject: [PATCH v4 10/13] target/arm: with MTX, tag is not a part of PAuth MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-10-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=2858; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=+dUMv/5Rue52GZFtWN1V4EyVvStVLMNVxeKC+0+OyjY=; b=zkMRguuEE/vuWFYkp8xiTmRtRqKhMNBRH/yEUpWpKMSvy9ymScZnmMMaxkLQHPTlbzlgHxlzx Ljpbo4K+N44AnTwc9/GTZxjyCHX4QKqXfIsQYM3OrffLmyZ+8vJ4Ult X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1133; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1133.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093737056154100 As described in the section on MTX, tag bits should not be used to store or compute the PAC when MTX is set. See also Authenticate(), InsertPAC(), and Strip(). Signed-off-by: Gabriel Brookman --- target/arm/internals.h | 5 ++++- target/arm/tcg/pauth_helper.c | 14 +++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 2c4369cc16..71d8b419e2 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1820,7 +1820,10 @@ static inline uint64_t pauth_ptr_mask(ARMVAParameter= s param) int bot_pac_bit =3D 64 - param.tsz; int top_pac_bit =3D 64 - 8 * param.tbi; =20 - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); + uint64_t mask =3D MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_b= it); + + /* If mtx is enabled, second nibble is not part of PAC */ + return mask & ~(-(uint64_t)param.mtx & MAKE_64BIT_MASK(56, 4)); } =20 /* Add the cpreg definitions for debug related system registers */ diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c index 67c0d59d9e..08dd230614 100644 --- a/target/arm/tcg/pauth_helper.c +++ b/target/arm/tcg/pauth_helper.c @@ -342,9 +342,12 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, } =20 /* Build a pointer with known good extension bits. */ - top_bit =3D 64 - 8 * param.tbi; + top_bit =3D 64 - 8 * (param.tbi || param.mtx); bot_bit =3D 64 - param.tsz; ext_ptr =3D deposit64(ptr, bot_bit, top_bit - bot_bit, ext); + if (param.mtx && !param.tbi) { + ext_ptr =3D deposit64(ext_ptr, 60, 4, ext); + } =20 pac =3D pauth_computepac(env, ext_ptr, modifier, *key); =20 @@ -377,6 +380,11 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, if (param.tbi) { ptr &=3D ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1); pac &=3D MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); + } else if (param.mtx) { + ptr &=3D ~(MAKE_64BIT_MASK(60, 4) + | MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1)); + pac &=3D MAKE_64BIT_MASK(60, 4) + | MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); } else { ptr &=3D MAKE_64BIT_MASK(0, bot_bit); pac &=3D ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit)); @@ -424,6 +432,10 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t = ptr, uint64_t modifier, cmp_mask =3D MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit); cmp_mask &=3D ~MAKE_64BIT_MASK(55, 1); =20 + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if (pauth_feature >=3D PauthFeat_2) { ARMPauthFeature fault_feature =3D is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC; --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093770; cv=none; d=zohomail.com; s=zohoarc; b=HouPsgl6dTDQJNdWdFwsf4ucfwww/rulYO/x8O/0SIo4Evzs1hkFACh4h7QhcQ7KXbuAmYFST8qRGCkqA/EfDrRDqMSOA9UaHM6v/hLw8rXtTdp2kdkyEBm9mydWbBE0PAAXaMhlqPQ9Ix5qJx1R3WGqoEpzTBAhmE2LFHmprQo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093770; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=HuKa+5wJp5vlnvtkVWzlsoBzIs1CAqcZV5v+8zXp2z0=; b=mkZo1WqAEyWJQ7EfuDZxYFntOb2cFGYDSxjL9vfK9pxw1P4O0uX2D/rbe2Rqc3E5CuHcDTiRYRAs0v5/6XNmsh+AMl37fG1MVF+wwH5hKA4TJA9E88rapKomfADdkKa4FUiAT9JbiKHPgt7I+ziGx/zPb4iZbGPDEVexX/2clUI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093770795854.3394068653985; Mon, 9 Mar 2026 15:02:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vzier-00038Q-UV; Mon, 09 Mar 2026 18:01:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzieo-00035r-J8 for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:58 -0400 Received: from mail-yw1-x1130.google.com ([2607:f8b0:4864:20::1130]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziel-0004ZD-OO for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:58 -0400 Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-79906e5c7f1so9975307b3.1 for ; Mon, 09 Mar 2026 15:00:54 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093654; x=1773698454; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=HuKa+5wJp5vlnvtkVWzlsoBzIs1CAqcZV5v+8zXp2z0=; b=SheNSUS1SVY8VhKD3YPYDMrHmZCTPhlLLaAMk1B3abO0OfPJq0CjwkKjKs4IDdJK+M bw2KqmRj0ZkZC0eTxmKKMffBMDhunuDJ1CKK/Fn/TfOvTbOmWYsWQu7wBuACDeB3KSVw lTez4tyNqwJCUkMH3OiQU3IbN4ErpH1ETRrDRx6fbzhdz8hw6rFG7DQGtnFuhSeS2E6x ln0ZBvBPO+ozloxZNUkqoBMDpMquFiB3Nu27gnv/2QWhe/yo1BmBL3DN/+Ft6zn4M2gg PKuZVBkoTlVV/TrSgmbCtg8qoom0YOvC6Wh3dQPD5tYFHi1S1YMaALDHl3OKODaSVe4C OCbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093654; x=1773698454; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HuKa+5wJp5vlnvtkVWzlsoBzIs1CAqcZV5v+8zXp2z0=; b=uLl34JBYEEyZwAJQMLOyW9YLLbCp+5jNFAaD/gtkKo77fz/Ekwy5EqukY+RQZIqDpm UiVcVSk8rm0lkUuNmqUgCVzOee1gKk9Eo27w4fh10gkh7PY0aZcBQGOBe4Z3c43iyJau jvZeVJiQsMuuilI4RvnLMuJA04GKsWj2lpZNj6u9EpSEu+I19EOuw+JepqDBvRp8Cqud Ilyw3ytEcRk/LEfjjzX4s0uQyp6+1XAp53bIvxUJvVLu5AEeTp7ZITamEqdLTrvIQGB7 HrkdHy64k1SVwXLoXPYav79FTbMNmdI2a6mBE1NSygldhpY7mqIutyC7DgphIpoGh80A on/Q== X-Gm-Message-State: AOJu0Yy6CS/ONXgiENoUEuD8AudNEEKKU07Rn6z2EGS7/wb2td1nAoNw PZWXhuIcNXdplAF5qVuClplmeZqtsGukkp4TzQxoTOvZEjf/zGOeZala X-Gm-Gg: ATEYQzx8Zws3ygkoPMsXMejmPRtLxXqeiLGzVzwIEVNJWhqVrqDOdR3myCzCSlQXy0X b5seSSE+aKeX5x+MgI+CGtGYQOAExuIVK6iurXCihgXZ6ukrCa7rt6C9e5/h377r4dABB/cCOjP DruPVAyyFG7JKuz/TS4hkMCrPB5OV+rAozWxjyxaTcKUVK3QrdTqpB8BZHXxEtApaqTcEZcUCF+ IY0KvVLC5F15VcVzAndbimqOW8BUnMFyjw2zJeoVTiKvjNNLNFux6dwaYTam79zzPLaPFbwe8P2 bRS6acxRZrAEwY6sFXhuDlRxJb67TwuPS+P0g8dyCt9xJvoLQNU3+s2pHBZBAqr89IRZH7pK7aA 3+b59nScuAw4ePiIkKI4QrN0me4WsWPT+blyx1HMi6o2/2o6X5GDs/6snCAVtV9x2YEoYbkz9f2 BPxvK9Tq3udxZwNtDDa9cZBRehUbTxCHn03ZfWId4niAUldg== X-Received: by 2002:a05:690c:dc8:b0:799:939:e82f with SMTP id 00721157ae682-799093a04a1mr17054767b3.26.1773093653897; Mon, 09 Mar 2026 15:00:53 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:43 -0400 Subject: [PATCH v4 11/13] docs: add MTE4 features to docs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-11-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=2273; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=SKqzsgfGBjCCy0M3W5MnUoYPUiZpeZ5BL7yzFuAZ0j8=; b=8zvGzJ2A+yT2c3VP0Z73umKrnCZTZwg1+N0ThhzcQ6U2ksnjgoO6iqVF5V1nidkqa3aWpNVvr O1SPUeacE6jASOOrf5bIFHoUmgjNdRNHy48vkL3LTfXmmTY1tm74Xv9 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1130; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1130.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093771334158500 The implemented MTE4 features are now present in docs/system/arm/emulation.rst Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- docs/system/arm/emulation.rst | 5 +++++ target/arm/tcg/cpu64.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 7787691853..0f529ba6bb 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -109,6 +109,11 @@ the following architecture extensions: - FEAT_MTE3 (MTE Asymmetric Fault Handling) - FEAT_MTE_ASYM_FAULT (Memory tagging asymmetric faults) - FEAT_MTE_ASYNC (Asynchronous reporting of Tag Check Fault) +- FEAT_MTE_PERM (NoTagAccess memory attribute) +- FEAT_MTE_TAGGED_FAR (Full address reporting of Tag Check Fault) +- FEAT_MTE_STORE_ONLY (Store-only tag checking) +- FEAT_MTE_CANONICAL_TAGS (Canonical tag checking) +- FEAT_MTE_NO_ADDRESS_TAGS (Address tagging disabled) - FEAT_NMI (Non-maskable Interrupt) - FEAT_NV (Nested Virtualization) - FEAT_NV2 (Enhanced nested virtualization support) diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c index 84857fb706..7838bb52ea 100644 --- a/target/arm/tcg/cpu64.c +++ b/target/arm/tcg/cpu64.c @@ -1281,8 +1281,16 @@ void aarch64_max_tcg_initfn(Object *obj) t =3D FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */ t =3D FIELD_DP64(t, ID_AA64PFR1, NMI, 1); /* FEAT_NMI */ t =3D FIELD_DP64(t, ID_AA64PFR1, GCS, 1); /* FEAT_GCS */ + t =3D FIELD_DP64(t, ID_AA64PFR1, + MTEX, 1); /* FEAT_MTE_NO_ADDRESS_TAGS + FEAT_MTE_CANONICAL_T= AGS */ SET_IDREG(isar, ID_AA64PFR1, t); =20 + t =3D GET_IDREG(isar, ID_AA64PFR2); + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEFAR, 1); /* FEAT_MTE_TAGGED_FAR= */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTESTOREONLY, 1); /* FEAT_MTE_STORE= _ONLY */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEPERM, 1); /* FEAT_MTE_PERM */ + SET_IDREG(isar, ID_AA64PFR2, t); + t =3D GET_IDREG(isar, ID_AA64MMFR0); t =3D FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ t =3D FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1); /* 16k pages supporte= d */ --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093748; cv=none; d=zohomail.com; s=zohoarc; b=ZlZoYyJawy3Ci9q2lP72kBddN6oTKTPO4fn/hWS0Ml7uG2Xb8crSCw+KBl8G9qA7IB/UTwlGKm33gFBR6GVumM8AJOCGIhUANzyXxUISmkqTMIJNa7SCGIQIO726k8I7XmgQKKK7tPNGl+8xzLe4otqd+d+U5Iqk/47A95kSgfQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093748; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=VEe3grFTzLDB1v3SU9mNUlwn6GyVwolJViLwoSNcAh4fkjpul/vrLbyTJO321p3KZe/91dJEtIzR71NPdbdnTmZdc+e7vnadGMdwFcPOs7yCZPiGuCCckRdiRKCFNGMapKzUFdfN8ggqJFpK8v6cZSLRY78q5Ci8c8vkzG5Lq78= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093748573721.4930097534962; Mon, 9 Mar 2026 15:02:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vzies-00038W-LQ; Mon, 09 Mar 2026 18:01:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vzieo-00035z-My for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:58 -0400 Received: from mail-yw1-x112e.google.com ([2607:f8b0:4864:20::112e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vziem-0004ZS-DE for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:58 -0400 Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-7987531082aso118074237b3.3 for ; Mon, 09 Mar 2026 15:00:55 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093655; x=1773698455; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=Ca8bQ35rmXLZtBmlA6I2dMih3ovyT0ISC8PyX/2PR1bb5JQTTSQzd5bNKHH4p/f5F8 701u9WnTI4d+E4gEtVzlzQ978KQmih3c0FraiVt0BMRCsN1UJpD9T9LXObdE9wvj6K2K HI2MxRJCQGOm2bfTAOenzt6ZHRNLT6o/tH59fYn7GXDWLg30A9QQFjV6TnvHOCQHo+ON hRlmKVuq/Xhdk1HUhvRqlfqmQQyeQcBrtPyA9oQK3CbhrsW1mjqscSKqFza0ZFH2fh9D UAyxaiaARKuHAZZgL/8a7bnckmCcvIBiqn0AR7yfoxtPFHLR8vH77gUEN3ZGA2+ey+CT cEjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093655; x=1773698455; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ons3pkeG+AVih1XQoRu6SV66GeauT557hqhIckf2+cs=; b=bIhlxesiH43iw+2RtFZQQ06Kxcseq9evZgcN5s1HNMNe6Q/tA9eyFMNBleHTzFYxPe jaUkl2SZUBuM47z0FOdbY04re7xiASiASHlPQmI1+WQPbFB38NkfTFcuQfEfiJZy2TI7 ZeMOIS/mCuKtAaeXV7Ad+jgbizge2Jag2eW4sbjVywLb1Z2Q6aHx2RNYEKS9TOMUcx3j D/MLEAXI2h3rhHPNeCxWk4jAdfJcWfivr348WzPIqayEA71v/cqI6Z+vOGl4RTTLiPzp bNGp0A7p7GfisMQGr/zBigyuvQkXcBWj1ODgmfpp00BdPoOa+N76KQR9BzFqZ9Gc04TZ wA+Q== X-Gm-Message-State: AOJu0YwGsRN57m9ue5yUq2uYPpwRePunE2YNWIICGfvLeWnJs+aWG3+T oV7m06UlJ8QAcD3LrL5qcBJWyv71bqbROy1jXSYZLhoadqqJYrz+1RpL X-Gm-Gg: ATEYQzz+2MCmpPSBELfSI3Ouab3DrmxESrgoFWhgdmtwJJvojZ82i5Yz4Yu5Ys/UG8i G7JjYoNlRFmiwGE0zlnI5CI1mHHaIZGSMNJjW3UA+8aYDrdiJ2T+HAIbJormPw5N7y0OIYZaaAQ knIgJ9alANR9z+tngHhsf94FO6DNGiTEUBmQ1Tiad5vSSu0UJUZ1rZiqrcwcEpnYxs0qkLjEfpt LINYtur05uH/CAqM0C/7KrCQIFpFtaUmUeiyMgf4NiuDTOUqDFFCnN6VgWU/2SFoUQcGZVT3+2W ywDn5OAQwQS1aaLMcsMOcJMQYPskdAfVURdeEhgfLvQjLEP61bnmHv8lr740R7o8UelX+fcWoJY TLQWq51KV2LV7YnC1aLLqLaHcbgvf8ltTVnwTqE/SVF9tzZM0EARwXvDIYMjkLKs3PK4JGZOwjF iJqn84Bn1ayDq7oIAd9scNYM4Hn5MwLTrZkafRMrGAyMz/MQ== X-Received: by 2002:a05:690c:e3ed:b0:798:7281:be71 with SMTP id 00721157ae682-798dd752aabmr130832167b3.41.1773093655057; Mon, 09 Mar 2026 15:00:55 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:44 -0400 Subject: [PATCH v4 12/13] tests/tcg: add test for MTE FAR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-12-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=2355; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=9H3S2yi32msQiijkL2anIOhzD686SvaCB6f4b0JzVdc=; b=hccPwX2VbR1d0TJREpIbLnyKtTf+Q/fXtn0osOMEbhuTwYiT93x+mOiyPOWUrepfQtUcMtB8V xlCxFT5W1JiBJkGWaEV8TmpYehQQGCx09K2ZbVXC14D2Z/mGk3/KNwJ X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::112e; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x112e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093749372158500 This functionality was previously enabled but not advertised or tested. This commit adds a new test, mte-9, that tests the code for proper full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx report the full logical address, including tag bits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-9.c | 48 +++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index 9fa8687453..b491cfb5e1 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-9.c b/tests/tcg/aarch64/mte-9.c new file mode 100644 index 0000000000..9626a90c13 --- /dev/null +++ b/tests/tcg/aarch64/mte-9.c @@ -0,0 +1,48 @@ +/* + * Memory tagging, full-address reporting. + * + * Copyright (c) 2021 Linaro Ltd + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +static void *faulting_ptr; + +void pass(int sig, siginfo_t *info, void *uc) +{ + assert(faulting_ptr =3D=3D info->si_addr); + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + *p1 =3D 0; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + faulting_ptr =3D p2; + *p2 =3D 0; + + abort(); +} --=20 2.52.0 From nobody Thu Apr 9 20:27:21 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1773093776; cv=none; d=zohomail.com; s=zohoarc; b=lUdyCDfzMEh7ddA5oqAXfi9dv5tFkF8Sxt6SlGFvs6Xa0QQCbwSay6dPi7I+mZZqZbE0gCVU7jA6FQdoDveBIGw1/Ks3IfUBSZMJtd/jYmUDj9Htmw79AtxxrAq6hruaImWIXejmySIo75KuVTBArTrFUZWtSwkXjjUGsM1AK7k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773093776; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4UqJ0KkwcXgss5FI5RMGEGc98MAIzsKLiHEjZ3J/bic=; b=aa6mu0XcP5VwLgcMmBxJfERfh9fC+l+gsdMxg3D5nLAIB3v16wywoyn1iZ9gWtKbtncQ+Z5bxeL3cbbeTKj378WbkUTn4/2h69I332jRo/D8e6XPUoVhfp0DyoqeZrhduMFV55YwZ/bG/d/+VrZD9k2cjWFSweFG2rT03iWsgXw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773093776505704.8068366407505; Mon, 9 Mar 2026 15:02:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vziet-00038g-6w; Mon, 09 Mar 2026 18:01:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vziep-00037M-SR for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:01:00 -0400 Received: from mail-yw1-x1133.google.com ([2607:f8b0:4864:20::1133]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vzien-0004Zw-3Z for qemu-devel@nongnu.org; Mon, 09 Mar 2026 18:00:59 -0400 Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-79885f4a8ffso97380357b3.3 for ; Mon, 09 Mar 2026 15:00:56 -0700 (PDT) Received: from [172.26.74.149] ([185.213.193.97]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7990a54ba7csm5218437b3.19.2026.03.09.15.00.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 15:00:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773093656; x=1773698456; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=4UqJ0KkwcXgss5FI5RMGEGc98MAIzsKLiHEjZ3J/bic=; b=YBydFiaRBcUuZ9SNgYT85VtToadWqKoCHGvjSf0JZ1inzbscsHa0PWqJ1Azxj6zuSx 6jZ2G31gGwoSNa5h6jie3x+ko/MFBT6Yo+ZVHEk8Q7jujiDYEZe8JyfoKLlPXF/6qr2s gmfWL1FrYEfXBdrIfql1oazGaSdw4/xhGS2c6hrXDtlL2/iRJjjD0On8iPwmkvY2DoWe mu9W3F7MmxxMuldcMlY8PPhy0IKNplMw1UBgA8rCAuOQPi7T1MUovMUyeKoHS3tWwak0 MLOzEEpvViKqZxLfPNYj5ZjQWgd1A5OIdNmWE3VGDuqHwdD2vF/khaH1o8xesyozXJtg 7gtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773093656; x=1773698456; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4UqJ0KkwcXgss5FI5RMGEGc98MAIzsKLiHEjZ3J/bic=; b=ruzsatvmW4pq4T2VYZxK/oeCGdb3s4sPmOZPaZuCN7ee7AHtbpPSjK4P4hgcvHbEtd m9QtlqHWhhq+QkUM12EK/wwgmOw5AIu9tWOekYWJ+TLOhYMPwT0H8XZ4Ust3EV1b3sMV /HT5cp4rZafjp4gEH/y9tsOfiNI7ath5aOzcZKBo/cn1UNmvKvtMeDXVZeFsxGGaynwG b3pQH40WdHdY0NQXaM7p8svWc3oikfz8i6PWO1KNpgo4qjtOqZUoiZtiIESz57Wzds73 BJ+Z1ixMureJAW/kBTNqLY4SJ9k96mXaN+IqP8FEFRcFlVHIS0Ese2SrSXEIq7X3Wn29 AuZg== X-Gm-Message-State: AOJu0YwIr0gPF6RHzPP0ot07RLy70MS/ncryqj9pmre/1aPD3SNCkR/I 5L328EempMKVO1S6YTICykIko8swLBwuRxHjGgXeaE2O8+r8sWQIjCr+ X-Gm-Gg: ATEYQzwsqtPF04Y0X/sxg/UUjJ7U6xPhXOoCbDacK8fo7dR4M+1d9wTAaFYrKg7y66Y wQGVgcMZ7LmPi8zDH/FArPe8Y1hv2AJUDvcm7MqUwmb+FFA+a+08lCZYdYumUJTpC5/FUEVwp5u DBWfTPeBZ7xfMHOQ3HHFRGZUwKLVw9dW+aUAVEr7Peki6awVb3nvSY99nt6lmpLktupPyWKu6h+ jvP5U/bcW8LdcmfZx5CTy6BuQcx0Qr+LJKUC2rVofviUFX4IWnkY3aMgpow/5YhOUsbQZfi2hS2 WbaUIHcIDX3gcz+LzyYAe+EN0MgV0fIbVOhILByn/CGBenOyhDLQ6CmnLX9ttjg6yyv6syHEwhx l9L+0EOruYxft0aoGRwTkMjLCCZzVKXKoiVAEJKDN0V+PHKl0r8OFnn70eud4amkzdup4zEiL/o 3AFNEyQxb4aMKJFKF6yRJ4SXUn3p1RrIzm6EA= X-Received: by 2002:a05:690c:6305:b0:798:752:101b with SMTP id 00721157ae682-798dd67888dmr121753027b3.1.1773093655923; Mon, 09 Mar 2026 15:00:55 -0700 (PDT) From: Gabriel Brookman Date: Mon, 09 Mar 2026 17:59:45 -0400 Subject: [PATCH v4 13/13] tests/tcg: add test for MTE_STORE_ONLY MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260309-feat-mte4-v4-13-daaf0375620d@gmail.com> References: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Pierrick Bouvier , Gabriel Brookman X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1773093641; l=2991; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=BR2qvqK3g1qrJmisJ+SFI6LAMFWBhUqYUn2heQVrBI8=; b=STvzJdu25MkIR4UqGyc+cKtDJk+xVOeuYof3CSz/AxmgCOC6/rsNMs/bUByxcBAVdTxxgQ6vq O1jVnvR8rubD0LMJcOURPSHuEuW9DjrLiCgYOTW9rv9bJzGEdvG+N3z X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::1133; envelope-from=brookmangabriel@gmail.com; helo=mail-yw1-x1133.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1773093779635154100 Added a test that checks that MTE checks are not performed on loads when MTE_STORE_ONLY is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-10.c | 49 +++++++++++++++++++++++++++++++++++= ++++ tests/tcg/aarch64/mte.h | 4 ++-- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index b491cfb5e1..6203ac9b51 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 m= te-10 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-10.c b/tests/tcg/aarch64/mte-10.c new file mode 100644 index 0000000000..46d26fe97f --- /dev/null +++ b/tests/tcg/aarch64/mte-10.c @@ -0,0 +1,49 @@ +/* + * Memory tagging, write-only tag checking + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +void pass(int sig, siginfo_t *info, void *uc) +{ + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC | PR_MTE_STORE_ONLY); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + /* + * We write to p1 (stg above makes this check pass) and read from + * p2 (improperly tagged, but since it's a read, we don't care). + */ + *p1 =3D *p2; + + /* enable handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + /* now we write to badly tagged p2, should fault. */ + *p2 =3D 0; + + abort(); +} diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 17b932f3f1..7093b93dc7 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -40,10 +40,10 @@ # define SEGV_MTESERR 9 #endif =20 -static void enable_mte(int tcf) +static void enable_mte(int flags) { int r =3D prctl(PR_SET_TAGGED_ADDR_CTRL, - PR_TAGGED_ADDR_ENABLE | tcf | (0xfffe << PR_MTE_TAG_SHIF= T), + PR_TAGGED_ADDR_ENABLE | flags | (0xfffe << PR_MTE_TAG_SH= IFT), 0, 0, 0); if (r < 0) { perror("PR_SET_TAGGED_ADDR_CTRL"); --=20 2.52.0