From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909936; cv=none; d=zohomail.com; s=zohoarc; b=BkKjAcZvITJzsad64+jNYPAGsq4YeBRBskF0eCLTvtwc5+43O23SdQwbGGERjtv0y593gv6IEgqAeik3RFuWRvb0Ja618CTHsbS+1WwvkdQkRbqzf6DRd6FgG2aYj1xul/G3RdOziF/8NMXw69pwO+hCsulYvw0xKT0nPanDZfc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909936; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=JUfPR3DjYgqYV/pHwWpNda6f5sDlnU1W0T/qSKzuPj8=; b=CnFfZxaMJIyoLy7dsWG6geym96bCqiyjYmpNtf6g1hZSGec5GvIcKZYizNpBnhGZNYN2ZTU0fNcCXcLOw9qnb+5fspWs9ZLUfMzePIcLt4a4fPvIP+spWzza54kqi1Hl91gkpqSKicnD4l5pH6VcYulyazHlZa/z4+n3NBIq82U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909936691432.75577051998675; Mon, 4 May 2026 08:52:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZk-0000t8-72; Mon, 04 May 2026 11:51:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZi-0000s6-9l for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:14 -0400 Received: from mail-qt1-x82d.google.com ([2607:f8b0:4864:20::82d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZf-0006Al-4l for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:13 -0400 Received: by mail-qt1-x82d.google.com with SMTP id d75a77b69052e-50fc496c8baso38594741cf.3 for ; Mon, 04 May 2026 08:51:10 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909870; x=1778514670; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=JUfPR3DjYgqYV/pHwWpNda6f5sDlnU1W0T/qSKzuPj8=; b=LR72MCY1jN6YIf3o+Id/e/bNwNg3YC2ZyhtGfY029WffNvCFVm/T32OCEfzZUttckp QhVkmxiwzzF8+u0iORWZ1ZdRxKJZOcfMNf7wv2xUN6gPERsyMjuw9j9mA6NQYRmec9is In0eDB9EouVXzjYdpQYSWKdTWGXugCybX6TZY/Z7oGWQr9k0uvYnbWYHhiuiDEwYCEBj Xp1J32VsX0/uEE84Wp2LEPvYDCnHmHijAi1N5Ij0bT4WPj1Fr/C1JVq1hqrsGSlN6TCt EM2KNNj76Jpp70lR+VXopg1yOwvQOHIglaR/kAX8ADriTJy/nJ1VPkryK9+SKeoTvSZg jMuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909870; x=1778514670; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JUfPR3DjYgqYV/pHwWpNda6f5sDlnU1W0T/qSKzuPj8=; b=hfmEjdwlNgW+vUxxzCFy9Qqjdf4cxfwrqgOCk32by7OotlN5cK4ghqu2rQJatd7ZpC gsDd2tlBCdInCig++o1DrKEYo5GBTXHPMY+JuTU8eD8RsAnNiWYuH9V8iiTFZEH9bMgF RdxSqE8Sc1fhL6QbFGX4pTCcdS+9m4J7Mk2hm5ZzeDU8lCIaUsgK2L2TqceNT3Z9gC67 nsfhoaTkD0UrF8iMOBqULmEAuEF2dI/gyZp8zodfLI/8xKM77eN0NvAPMdCuyMBzA0IR aWVKbLtM1IF+bMdao5WBSnvvnZjn+NYlAK9xZ+bEpEpP76quczAmd6Z2BtRwpUlhM59h MWCA== X-Gm-Message-State: AOJu0YwlxFfChXerA/1vsgcCFhvHANBaERzCRnxsHMWOkoC0peSDfitq tBGvw6uV4oYToUX8fefgtMCVx076V1rs43ujm+mpT33CgCnPtNF75Bca X-Gm-Gg: AeBDieuz7KPIr95NDL2jOr6wWsb2F/dSZ/gYu9dsOo7s8IW/N+rOrap659NcLccJEgf 8DoII4jey1aleasT2b/1dAh+o3hOpU66wnj+a36y6nA31iAPU+4lYzrK6BbnGQa+lGQtkiXNy+9 f4WAIimKVwkdXJL46X9G8vRJ02qXppDnO3hQD1pWHVMacbQoJGQhzcaOBkHDchOxfaYjyekGwyG XtLEkLYfQ32k8/73ZX05NhzfSErauCmoZcR5GlHutPH+uQo6Oj+38+7pQHRWxirW6QVGchw2kW3 Zdn8+tQa9EqoUiB7CeKe/yP9Xnh5Xxvv/1GgVEkMJDVgwrF9trVLBI0/EndUrNUF0mDYra5MBQ2 XJ22wv+Z+5BJOSo8dBpof1Fcno6V+uA17sZDf4YjstRe22zG7Erhsi2vGn8BZjpKe02QMnJDlkN RqQffoudCut36S8H/HBqpl4KYUsMIiNUNU0TfXBx2qjaJIdFMGRIY= X-Received: by 2002:a05:622a:18a9:b0:50d:6557:5c8f with SMTP id d75a77b69052e-5104bfa4eeemr143789841cf.58.1777909869851; Mon, 04 May 2026 08:51:09 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:34 -0400 Subject: [PATCH v5 01/15] target/arm: implement MTE_PERM MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-1-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=4690; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=o+Y1Qx7rXo8nqYOsXdVp4KZ2JR8/3aepK/F4Yuu4kE0=; b=zShtqvYHaHGxVUpXOT9hN97Pcb+j1GeiUbhhEHsaC676k/VLLvNJIcBHb1PynGBkOxRWoCDSM mDZxzJq04lgDnWgZNUQoLQ8X07LzdpulYY8IeFv3KpEvVjTiZ1Kiowd X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::82d; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x82d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909939210154100 Introduces a new stage 2 memory attribute, NoTagAccess, that raises a stage 2 data abort on a tag check, tag read, or tag write. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/ptw.c | 25 ++++++++++++++++++++++--- target/arm/tcg/mte_helper.c | 38 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 6e5212ff6c..c1f2336055 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1149,6 +1149,11 @@ static inline bool isar_feature_aa64_mte3(const ARMI= SARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTE) >=3D 3; } =20 +static inline bool isar_feature_aa64_mteperm(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 7b993bb5b3..4fdb27697d 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3394,7 +3394,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ARMCacheAttrs s1, ARMCacheAttrs s2) { ARMCacheAttrs ret; - bool tagged =3D false; + bool tagged, notagaccess =3D false; =20 assert(!s1.is_s2_format); ret.is_s2_format =3D false; @@ -3404,6 +3404,18 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, s1.attrs =3D 0xff; } =20 + if (hcr & HCR_FWB) { + if (s2.attrs >=3D 0xe) { + notagaccess =3D true; + s2.attrs =3D 0x7; + } + } else { + if (s2.attrs =3D=3D 0x4) { + notagaccess =3D true; + s2.attrs =3D 0xf; + } + } + /* Combine shareability attributes (table D4-43) */ if (s1.shareability =3D=3D 2 || s2.shareability =3D=3D 2) { /* if either are outer-shareable, the result is outer-shareable */ @@ -3435,9 +3447,16 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ret.shareability =3D 2; } =20 - /* TODO: CombineS1S2Desc does not consider transient, only WB, RWA. */ + /* + * The attr encoding 0xe0 corresponds to Tagged NoTagAccess and is only + * valid with FEAT_MTE_PERM (otherwise RESERVED, constrained + * unpredictable)). The presence of this feature is checked in + * allocation_tag_mem_probe, where Tagged NoTagAccess has its effect. = See + * J1.3.5.2 EncodePARAttrs. + * TODO: CombineS1S2Desc does not consider transient, only WB, RWA. + */ if (tagged && ret.attrs =3D=3D 0xff) { - ret.attrs =3D 0xf0; + ret.attrs =3D notagaccess ? 0xe0 : 0xf0; } =20 return ret; diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index a9fb979f63..bf35dc10ce 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -58,6 +58,27 @@ static int choose_nonexcluded_tag(int tag, int offset, u= int16_t exclude) return tag; } =20 +#ifndef CONFIG_USER_ONLY +/* + * Constructs S2 Permission Fault as described in ARM ARM "Stage 2 Memory + * Tagging Attributes". + */ +static void mte_perm_check_fail(CPUARMState *env, uint64_t dirty_ptr, + uintptr_t ra, bool is_write) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(0, 0, 0, 0, 0, is_write, 0); + + syn |=3D BIT_ULL(41); /* TagAccess is bit 41 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, 2, ra); + g_assert_not_reached(); +} +#endif + uint8_t *allocation_tag_mem_probe(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -117,8 +138,21 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, } assert(!(flags & TLB_INVALID_MASK)); =20 - /* If the virtual page MemAttr !=3D Tagged, access unchecked. */ - if (full->extra.arm.pte_attrs !=3D 0xf0) { + switch (full->extra.arm.pte_attrs) { + case 0xf0: /* Tagged */ + break; + + case 0xe0: /* NoTagAccess */ + if (cpu_isar_feature(aa64_mteperm, env_archcpu(env))) { + if (probe) { + return NULL; + } + assert(ra); + mte_perm_check_fail(env, ptr, ra, tag_access =3D=3D MMU_DATA_S= TORE); + } + /* fall through */ + + default: /* Not Tagged */ return NULL; } =20 --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909929; cv=none; d=zohomail.com; s=zohoarc; b=Rbb+tZL8++lkRgohBjMDOuGt9JZz4rJEdYlQZO9S+c6VK6fvmINb4/ikC444hb7QPX3UKBS5d1TFTQ4fAW4QqT5lS7Wh7BEGwBd83BNZG4ljHrpjjoAvbFXvs7q+/avzs3H+H1wpqU0Ya3qxLelAxXyaEy8G3yHUaLlcnNhjzFQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909929; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=w7OO8p8XwMeVoo5L8ThKJ1n1Yds1F1C9hBCM/UrsyCY=; b=f4jGYKMKc46SBPbVA6Aib0eiozbjwgVdBWeh275U0aL8nMobUMXXZAzQA5QckTy1hYPJrjA2FpQJ4R1OIC2yL6TGnfm1PrTWyw+Ckxo8Pr4/C9CUDe+x6TGySycpo0bhpAGJ6MD6+kLxTCGJRlWco8RoYMQUn4qntUDu2euIRbs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909929239432.4316510133567; Mon, 4 May 2026 08:52:09 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZl-0000ti-PU; Mon, 04 May 2026 11:51:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZj-0000t2-LG for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:15 -0400 Received: from mail-qt1-x834.google.com ([2607:f8b0:4864:20::834]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZg-0006Az-Kq for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:15 -0400 Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-50e5eb0fabaso49625411cf.0 for ; Mon, 04 May 2026 08:51:12 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909871; x=1778514671; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=w7OO8p8XwMeVoo5L8ThKJ1n1Yds1F1C9hBCM/UrsyCY=; b=ICosAELSFy+DAhZXJGHoQo8+3ph+QW6efclu6qO+6h5UYXM3ld+HXxRAGSmBJW5BT7 LqgW9HIW6tLco2DmRB1r3vgl1OoVSKvTOmYZgVoObUeTzC7SS8fW1XyOMImZ2SWBChh/ j4+VR+sdXQ5MwyWqcyrI+fBxwnm4aMsYu8MKHq+uO9DaF/UCAq5/eMp8scVfQWu1cBRP Vx2gAIvmEXvntnJHSl/SvYgE6Xz6CeU02hLrB0uJ7N//aXKGnpHb03EAYq4CtLy87Rfd QJdn7jcL5W5iISC06dXDnagRJFobn0PtWYV1T7kDpLjDMH+XshcGdDCZvC5HKuQ0Xjgq 7lyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909871; x=1778514671; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=w7OO8p8XwMeVoo5L8ThKJ1n1Yds1F1C9hBCM/UrsyCY=; b=eZ3VZgW1QvhIDt1Y4U20lX2NOoVPWRaDsqabaZ7s9xENYoiQRlA8Cz9nPpoIYhNdmI QGQ4HaO4b88Cs/2tBo3y6nMFnD319IYSCcv8OWfWVXmAPh8aBAX3JTgePfnpBLq9UB2h aQJXFWWO5DQl6jAKMdyBqvzXCuzU9Uh9eJWUv7ozAA244+Hi/dRMOdcXMk27Q2UvWKwY BTcdzLVtIPrH0qeYL1qXGHFEBZEC9wIUDH04Fsco60/lcB0ilbPZGeMygjYp/mMTJp/o BO/yQRbma93hbGwBdjGDu393K3d007Pyc7Qs+J9+1U2G351ylS89h3Nb0FKzrVfgMKT2 jhag== X-Gm-Message-State: AOJu0YxsQF8p7zWVfodNaLGGCpIbrlK5apmKBrYbUoiFrpKptHEhjqWT 3/9N85WXDW9VjylnxTDMPMu9ZE0mEtt4JFeIX1cnecPj0Tu7y63C+Pyv X-Gm-Gg: AeBDietDEJOkhb3AmUgkuavi7uGgifLYDBxr1b3pzcV2fljOgiwiSE+CkO29uORYJb3 ge33q7w6EQ2HP8ejJlvRTyzJDqmpbW5DlU0IzOuUzyeaJguXkmUPwQX0+Bzw2+KqNrgMh8FxJw5 HHUqyfpEInoSFo6pErBd1lAdnM2XAmNxyhZHwhzUx7Tykg1SRmHSDhicpZL/kArzc5c3ispVHHt el1R0tn2KzyHT9/Y+BqmfKeWpiCWBw8iTm9g4L7gNZT9nrycJbGp2YY2KSXJfQlaORRrRA+iVXm 3aLGiNUxA7j0lFJn1FHk8CnmFX3IC/R6x+MlgJATUq9vBzcRK6jKCUHNhktG0xRHXj/NbxBjjwH c+LJxe+nswJUEKD0tZ/rAmd8tXl2FCWdeQ81L/ZxW7Q/nYgpAS0RCAIl+A9HMQ/eYVivMcNJ5T5 DXzESTZEhZJE+eCzq5uvIxmxLKFRJvojtYdmIn4kixB56EMg8qQvA= X-Received: by 2002:a05:622a:1791:b0:50e:6399:eed0 with SMTP id d75a77b69052e-5104bf428dfmr145808261cf.46.1777909871268; Mon, 04 May 2026 08:51:11 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:35 -0400 Subject: [PATCH v5 02/15] target/arm: add TCSO bitmasks to SCTLR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-2-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=3108; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=Hr6ldUvaVhbV5Q3m2e++qMNZ7Ztg5TNxADdFaQMSu2Y=; b=FEO+LvrHwlPxeLgVrBMIli3a/aw4g4mNK63fxcjijA7/j/rsiLH+r/kvLSQOck6XTMBWfo/rP Q6bpSEF8WWuBgtC3Li/TcZIZrMgWeJJ0IyuAsOy0i6S6PHfOnEvjyAU X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::834; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x834.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909931274154100 These are the bitmasks used to control the FEAT_MTE_STORE_ONLY feature. They are now named and setting these fields of SCTLR is ignored if MTE or MTE4 is disabled, as per convention. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 2 ++ target/arm/helper.c | 20 ++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index c1f2336055..4d130b4b2b 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1154,6 +1154,11 @@ static inline bool isar_feature_aa64_mteperm(const A= RMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; } =20 +static inline bool isar_feature_aa64_mte_store_only(const ARMISARegisters = *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index be14a47c35..9010491235 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1478,6 +1478,8 @@ void pmu_init(ARMCPU *cpu); #define SCTLR_EnAS0 (1ULL << 55) /* FEAT_LS64_ACCDATA */ #define SCTLR_EnALS (1ULL << 56) /* FEAT_LS64 */ #define SCTLR_EPAN (1ULL << 57) /* FEAT_PAN3 */ +#define SCTLR_TCSO0 (1ULL << 58) /* FEAT_MTE_STORE_ONLY */ +#define SCTLR_TCSO (1ULL << 59) /* FEAT_MTE_STORE_ONLY */ #define SCTLR_EnTP2 (1ULL << 60) /* FEAT_SME */ #define SCTLR_NMI (1ULL << 61) /* FEAT_NMI */ #define SCTLR_SPINTMASK (1ULL << 62) /* FEAT_NMI */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 7e7677a584..ddf44f4306 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3274,12 +3274,20 @@ static void sctlr_write(CPUARMState *env, const ARM= CPRegInfo *ri, =20 /* ??? Lots of these bits are not implemented. */ =20 - if (ri->state =3D=3D ARM_CP_STATE_AA64 && !cpu_isar_feature(aa64_mte, = cpu)) { - if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA); - } else { - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | - SCTLR_ATA0 | SCTLR_ATA); + if (ri->state =3D=3D ARM_CP_STATE_AA64) { + if (!cpu_isar_feature(aa64_mte, cpu)) { + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA | SCTLR_T= CSO); + } else { + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | + SCTLR_ATA0 | SCTLR_ATA | SCTLR_TCSO | SCTLR_TCS= O0); + } + } else if (!cpu_isar_feature(aa64_mte_store_only, cpu)) { /* not m= te4 */ + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~SCTLR_TCSO; + } else { + value &=3D ~(SCTLR_TCSO | SCTLR_TCSO0); + } } } =20 --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909912; cv=none; d=zohomail.com; s=zohoarc; b=ePbnGzEAWobtHC7Y760/ZJcaijV+a6JkpSVk5TRhdRB6nLHcycxdNSVLWCHIy7OlPbTIV3xlEC+OwJRUhdZ23jAww19RnICs8juFSs4SuOHZROs9qSCLMZZcAd2IgexCRRU7NUAs0Cq1/Hs3Djku5QDxUF8fdWAnwUHipEeaNH4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909912; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZxjCJPWJInTrT5BdPOKvwh7m7sTcBF1+wr03EatH2gI=; b=OD/cryNIsMw9XUj3CU5ukM5es7xw66dZNF1xJ89k06kE4xOB/LQh0yWMOLH85/a4RSYy/NsAg1VJ8Se63X5qLYAHoVkAggmFW1JLQEjUikz+dyGq26Ncv2Ibn8qJlMK0vP8zdRkWUThKwkhDJ1jETByKaEA1lWrrrVD+RnU/asE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909912075412.17802458209997; Mon, 4 May 2026 08:51:52 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZn-0000uL-O6; Mon, 04 May 2026 11:51:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZk-0000tA-75 for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:16 -0400 Received: from mail-qt1-x832.google.com ([2607:f8b0:4864:20::832]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZi-0006BP-Fy for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:15 -0400 Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-50fae4d1f85so57898181cf.3 for ; Mon, 04 May 2026 08:51:14 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909873; x=1778514673; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ZxjCJPWJInTrT5BdPOKvwh7m7sTcBF1+wr03EatH2gI=; b=ZviQ+9JbVEC4iMM685z1ObBJVvEY7oHe+bi8KyP4vlgNXSNyKNu7zRVo2pC0AIWZnR iMfC9j6fJTwAWjGp80xtFcx42acRh/n6heoxZYLWihllTeej4KJS13JStJS8WBBcmM7+ 2ZjcFyKnvbN9o/EQmeWMMDCEIZrNmLmkMeZ+3+nZHkb9WOcFu8fLcayED+MldhkzFyIf y8DZHup7OlPvSqyxq3pmwamA/iN7dNgyMMuRsOTnmP+KxHlYKd+srbGugbTZDYuxLguI fr68fIm1Ps+J4y3v4gd3AD6IKl+GwiBH6PFOtx6JqpxxcOCthSG9zmHHkyB+W1xmlAv2 PK5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909873; x=1778514673; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ZxjCJPWJInTrT5BdPOKvwh7m7sTcBF1+wr03EatH2gI=; b=Zh1/wWAWtlrzSYRinUxA27BFqFaeWUH2CwMiC5p+NClFETF4tWs+JvRR4HWeaAEjDA 2JaayBeupaeFjDT50aZrZvy0g+wjh88NmY5BUki+xD5R2OkBF/Msfhd+TZd9GzlLrbGg i/+ngnwfsmm+zaNEnlE9tYIA4OhAd6WIF7IKM18Z5QPCbSQd8u04l3FVIoG3yIhc2eXe RydOxXc3AcEErDoEXHdy4Y0smiFfkMOpa8r47Fs+aIsbLk45uwK4Tyfkilg3oJLMKyS6 N6DL0KKdmpWnPIVJtDer/nwl5/mINEHUh3rVEtA7iiAqFtM+2H7Ik00blCW9fapAXQEl VolQ== X-Gm-Message-State: AOJu0Yxqv4eHL9LyUOWxy47vPU+XjFkI+9v5ap1h72jV2yxSgqS8HQTQ Cx2NCiEW/fIHR/I8ZgO3+cT6zjzVqN6vvl7MhTb2wQz/7Dtvn4MHp3+ptDEB0fik X-Gm-Gg: AeBDiesTHDWHg9h4zk34EessHfb9uMmq9IjSEAa+OxOO+/versSg74BPb9ol+5QiYp8 lwZv0yi1Ox7Y4I6hxFu98AUP2eNa2+nAbbLnGPoFeL/FlWgx4OrTITWRrjZvz17z4+Hw2fEQtxK +QyDEPVQs0h5LGB0I9bfspNvoULXxI8rTD/qOceMpFHkPcf3rwPZATNpfH0QI9V8x3Ig5U1DPzf MfmFXlRaY1TSXb9dvUfeJMjdGuJUK5USB3ol6fYGSsA9sw/5OLR3eipQ+IE7b0FAZCy878q3E4U u1ddO92dKUyOfpu6O9zv79+Axe9LqwFiYa899ivyxY0O5lH9UdYoWxBtiDbjg77Gllr7Xk1bRD2 OMtPcqLJTMASJhzkwtgw4xTN0Snx4IEoHa6JssDdm+l5cnQP8wa/Y+LJAxQOFCf+Kjf4HcnmhdE Vg5aaBcEC82KrPuTAG2v3lTnVOw4//IK5hE/bs+ps8vPKGfulvcUw= X-Received: by 2002:a05:622a:1b15:b0:50d:7135:5631 with SMTP id d75a77b69052e-5104be062fbmr158528921cf.6.1777909873266; Mon, 04 May 2026 08:51:13 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:36 -0400 Subject: [PATCH v5 03/15] target/arm: mte_check unemitted on STORE_ONLY load MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-3-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=4552; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=yYLwhnBFaPvQITdtme0stFkgyfXUhCnT3IJ2ErgYUVs=; b=2EfF8uuWTh5e2J7Kby47OOAx9fZIdy/3AVZgcT6lIsN+4yiVOIy4lAdWvtV34sxRglSB7vtMO 9okfSeCETpOAkleM5L8bes6esipF/y55bUadu8AJRqW0+taXA5y0AFs X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::832; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x832.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909914187158500 This feature disables generation of the mte check helper on loads when STORE_ONLY tag checking mode is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 2 ++ target/arm/tcg/hflags.c | 12 ++++++++++++ target/arm/tcg/translate-a64.c | 8 ++++++-- target/arm/tcg/translate.h | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 9010491235..706ade5784 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2527,6 +2527,8 @@ FIELD(TBFLAG_A64, ZT0EXC_EL, 39, 2) FIELD(TBFLAG_A64, GCS_EN, 41, 1) FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) +FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) +FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 7e6f8d3647..75c55b1a6d 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -423,6 +423,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, */ DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); } + /* + * Repeat for MTE_STORE_ONLY + */ + if ((el =3D=3D 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr) { + DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } + } } } /* And again for unprivileged accesses, if required. */ @@ -432,6 +441,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + if (SCTLR_TCSO0 & sctlr) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } } /* * For unpriv tag-setting accesses we also need ATA0. Again, in diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 9a27c4c6ec..ce6249649a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -302,7 +302,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, MemOp memop, bool is_unpriv, int core_idx) { - if (tag_checked && s->mte_active[is_unpriv]) { + if (tag_checked && s->mte_active[is_unpriv] && + (is_write || !s->mte_store_only[is_unpriv])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -334,7 +335,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr,= bool is_write, TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, bool tag_checked, int total_size, MemOp single_mop) { - if (tag_checked && s->mte_active[0]) { + if (tag_checked && s->mte_active[0] && + (is_write || !s->mte_store_only[0])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -10697,6 +10699,8 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->ata[1] =3D EX_TBFLAG_A64(tb_flags, ATA0); dc->mte_active[0] =3D EX_TBFLAG_A64(tb_flags, MTE_ACTIVE); dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); + dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); + dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 77fdc5f3a1..c74a4f6675 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -140,6 +140,8 @@ typedef struct DisasContext { bool ata[2]; /* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */ bool mte_active[2]; + /* True if v8.5-MTE tag checks disabled for reads; index with is_unpri= v. */ + bool mte_store_only[2]; /* True with v8.5-BTI and SCTLR_ELx.BT* set. */ bool bt; /* True if any CP15 access is trapped by HSTR_EL2 */ --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909974; cv=none; d=zohomail.com; s=zohoarc; b=fCLdBgvDQF6lBcms4JtSlwE8je8JclKdn+AnLV1vGdQQSDmmuBO+rF2uRUkTF1OGK6On9qtoA9oGub57uWMwk1Q88e7NSNjnCt8BcGCIW3UggYlkabygo8ckf1SCgyiGau5qoI6wY3jaT/IL8ZWfFzBD2RU0lCvLZv/t3CyBYA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909974; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=hXvTfQnc37X+KgTaWvuHOsUh3d4PX1Ve7zrjDrOom5CYz7F2TyW8BmNEfldrl2AJq/eUcLb//G9L/rjpumh70X47BNT2UouhXUqChnEoufWQpntTaBAWCXqjDVM4yIajVMs7mLmz3dfr4Em3rcMY50er6K1mMazxd88zTnG80FM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909974626528.5961343936295; Mon, 4 May 2026 08:52:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZo-0000ve-MD; Mon, 04 May 2026 11:51:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZl-0000th-MK for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:17 -0400 Received: from mail-qt1-x82c.google.com ([2607:f8b0:4864:20::82c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZj-0006Bt-QW for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:17 -0400 Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-50e97863425so40559091cf.0 for ; Mon, 04 May 2026 08:51:15 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909875; x=1778514675; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=jtuyI9dxjFpAhNiqXWaBZaFGsLaHFLRL/69rUsniFzrDLp8QJpXc8WBhdpfvXlZn+l +7ej13xczyziLv/iuQCVaNLKyI8s0HeOXhB8Ish9ldP38zuMR7YRy4OCg4al6OtJyljf RxZV2BlImVoM037xiRQkWCkx7MiNVtc841Y8PfvWzrhK9uDFUYr2Kdhmpr3OaU5KMCGY dmaIaO8OjbD8D8J11BuiKHq7TBrY2BzVI7zCfy3pzYzYIfBuGkZememn5Mdfz8L8YjYI PBSdXfCSMoenCEwO57sG1WmVU624o2TdLABYfc7dRVk50BqWF2x9Bs+hdTAlqfs2QU2I 423A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909875; x=1778514675; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=AoCvtfVLM0dG6SD7HV1jzTYpLzkS7nNco0Hu5IsC2y3adOCfe2Ue3WDYxpwh7dOEZr zZ3fmjaETp1VewYYmYka31urOdT0d9NHtYRDUX700gbwj5xTJitTXMbu8laNbBkOp1xO 6IHhEVgQPMTSJu2xPOQW7D0bzxL++l0AP/V3WDrXsaGEFRrRUbRCoTkcLaCJYoiaU2fz B8N48avsvk62foUQuR8WRsPni+mpt8LArqg1kwlYV7R/KGCmyJOZu5zejcvnxhIaWl6x 5HO+A6ZU93jdRY6WrOwlCjcLeRwCTbvjdC12/gJyIu2iv9pPLoNxYITZSqdBwxGtsWLY REdg== X-Gm-Message-State: AOJu0YxSGpYsLWjwspv/JTyWkc1F9NN2U4aiVMcH1zgbvrEGYQ7eXljg FguIBQYkp6dr0uTjCflggU8a312NT59W3y4v9fWI9ytJTUDIfOfnFL9n X-Gm-Gg: AeBDievxBkJft8jpUhcZvyzscC0C3jMsDRbd4GVZa9HR5waR3FjBj3pXR8ZYNocvNeh nuvslybxSpmg9TOPAM3eU3zASTKcoY4bG2PORILuqL2Yq75GKWefuGAuRxHf6t+AYls49IgLwAk fw6YTjtc8SsP3GUtIUVX3NEQSx0RjcywkiM3aBOA71vN5gmxqfgkWqnXnAa9NjGsAtEMNDCPQfj v8PPzpP5EbaNPdSgMZkLsagmEJdfzGrBdXbKw3YvA6wioVpdEfj+O06H093Sdz4VqOVy0U4GUbC J/J5rGbERQvlGBC2938oQmfKZtWSW8+ErreMTdj6d3dmRIZd6//WCrSk0R+XIvxcMJZIgRN6vTW iKlkZwA6/2FWCiP29il5ZZ0MD+YGjfbsWcniYRmQIrfoew58Trd1r0rm5azpILBCMg0n4Od8TPC E7mmR/rruGZzpc9mlGPl8o1jNCMJBGNMoNwTONhd0+w990pOzYR6c= X-Received: by 2002:a05:622a:54e:b0:50d:aae1:7070 with SMTP id d75a77b69052e-5104bf6c541mr142645831cf.48.1777909874649; Mon, 04 May 2026 08:51:14 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:37 -0400 Subject: [PATCH v5 04/15] linux-user: add MTE_STORE_ONLY to prctl MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-4-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=4942; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=3NUHlDKCw8l8rqmAwbaWm0eM8fht4yd8LR/eAfpLXkM=; b=qaor9hF4vUH0Y5C2PSDNFkZo239y6H4EkDjtaT+bpxkAmJpegOR/RoWzOFUD//lvnAR06k1IT UOZq0fombvQCtuNPHUdjUQOLxo7Ah0nYTB/H+S1kA0CXy2N1Zox78yQ X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::82c; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x82c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909977647154100 Linux-user processes can now control whether MTE_STORE_ONLY is enabled using the prctl syscall. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- linux-user/aarch64/mte_user_helper.c | 11 ++++++++++- linux-user/aarch64/mte_user_helper.h | 14 +++++++++----- linux-user/aarch64/target_prctl.h | 6 +++++- target/arm/gdbstub64.c | 2 +- tests/tcg/aarch64/mte.h | 3 +++ 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/linux-user/aarch64/mte_user_helper.c b/linux-user/aarch64/mte_= user_helper.c index a5b1c8503b..b5c4dafcda 100644 --- a/linux-user/aarch64/mte_user_helper.c +++ b/linux-user/aarch64/mte_user_helper.c @@ -10,7 +10,7 @@ #include "qemu.h" #include "mte_user_helper.h" =20 -void arm_set_mte_tcf0(CPUArchState *env, abi_long value) +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value) { /* * Write PR_MTE_TCF to SCTLR_EL1[TCF0]. @@ -32,4 +32,13 @@ void arm_set_mte_tcf0(CPUArchState *env, abi_long value) tcf =3D 2; } env->cp15.sctlr_el[1] =3D deposit64(env->cp15.sctlr_el[1], 38, 2, tcf); + + /* + * If MTE_STORE_ONLY is enabled, set the corresponding sctlr_el1 bit + */ + if (value & PR_MTE_STORE_ONLY) { + env->cp15.sctlr_el[1] |=3D SCTLR_TCSO0; + } else { + env->cp15.sctlr_el[1] &=3D ~SCTLR_TCSO0; + } } diff --git a/linux-user/aarch64/mte_user_helper.h b/linux-user/aarch64/mte_= user_helper.h index 0c53abda22..8a46f743f4 100644 --- a/linux-user/aarch64/mte_user_helper.h +++ b/linux-user/aarch64/mte_user_helper.h @@ -20,15 +20,19 @@ # define PR_MTE_TAG_SHIFT 3 # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif =20 /** - * arm_set_mte_tcf0 - Set TCF0 field in SCTLR_EL1 register + * arm_set_tagged_addr_ctrl - Set TCF0 and TCSO0 fields in SCTLR_EL1 regis= ter * @env: The CPU environment - * @value: The value to be set for the Tag Check Fault in EL0 field. + * @value: The value to be set for the Tag Check Fault and Tag Check Store= Only + * in EL0 field. * - * Only SYNC and ASYNC modes can be selected. If ASYMM mode is given, the = SYNC - * mode is selected instead. So, there is no way to set the ASYMM mode. + * Only SYNC and ASYNC modes can be selected for TCF0. If ASYMM mode is gi= ven, + * the SYNC mode is selected instead. So, there is no way to set the ASYMM= mode. */ -void arm_set_mte_tcf0(CPUArchState *env, abi_long value); +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value); =20 #endif /* AARCH64_MTE_USER_HELPER_H */ diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_= prctl.h index 621be5727f..d91e75d60d 100644 --- a/linux-user/aarch64/target_prctl.h +++ b/linux-user/aarch64/target_prctl.h @@ -168,6 +168,9 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |=3D PR_MTE_TCF_MASK; valid_mask |=3D PR_MTE_TAG_MASK; + if (cpu_isar_feature(aa64_mte_store_only, cpu)) { + valid_mask |=3D PR_MTE_STORE_ONLY; + } } =20 if (arg2 & ~valid_mask) { @@ -176,7 +179,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) env->tagged_addr_enable =3D arg2 & PR_TAGGED_ADDR_ENABLE; =20 if (cpu_isar_feature(aa64_mte, cpu)) { - arm_set_mte_tcf0(env, arg2); + arm_set_tagged_addr_ctrl(env, arg2); =20 /* * Write PR_MTE_TAG to GCR_EL1[Exclude]. @@ -185,6 +188,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) */ env->cp15.gcr_el1 =3D deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT); + arm_rebuild_hflags(env); } return 0; diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index a4fa740caf..0c3e5b30bd 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -684,7 +684,7 @@ int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *= buf, int reg) * expose options regarding the type of MTE fault that can be controll= ed at * runtime. */ - arm_set_mte_tcf0(env, tcf); + arm_set_tagged_addr_ctrl(env, tcf); =20 return 1; #else diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 0805676b11..17b932f3f1 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -20,6 +20,9 @@ #ifndef PR_TAGGED_ADDR_ENABLE # define PR_TAGGED_ADDR_ENABLE (1UL << 0) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif #ifndef PR_MTE_TCF_SHIFT # define PR_MTE_TCF_SHIFT 1 # define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910016; cv=none; d=zohomail.com; s=zohoarc; b=M/8Lcch+7Uxky5DkLiXjkh268HIp9DxJdSQwDVihuhhe1pK5UvdSNyBnrLnsO+YgpDMvjpYcLgUieekgj7VC37uIZkk12exzjtFNaRADN0I2r+xMKZsBQd22WVjPOqIvSCLtyajksnP0eM9UPTcSD77G8/o3ZNBpwScn7DvuzVY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910016; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tctzP2FcPQ+gfsuFfPKCecvWe96h/9pOlhOMG2Joq/8=; b=Of151x0kPVw3q6yEiuSq81e2WsiLF41+hXQhbvjA4SLrP7lcxt4/uFuiOPfbBEpQsBxnvwroAVclqIo2LsDIlmOasblJsESmjNv2XkNB+THbts1llmPwb3dkEZkHV6J2gmXr+MnRiKkMQmCAxTziljAzipkfBdjeN+eAavujjy8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910016908401.5776322384545; Mon, 4 May 2026 08:53:36 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZq-0000wW-3h; Mon, 04 May 2026 11:51:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZn-0000uP-LB for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:19 -0400 Received: from mail-qt1-x831.google.com ([2607:f8b0:4864:20::831]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZl-0006CQ-C0 for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:19 -0400 Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-50e5c5033f6so33800881cf.0 for ; Mon, 04 May 2026 08:51:17 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909876; x=1778514676; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=tctzP2FcPQ+gfsuFfPKCecvWe96h/9pOlhOMG2Joq/8=; b=shahjymQKTcnR9vXwJmkJlrJqegJ44w0BjURwlVHfrHKNdkAoV73WNLIypgplrqnCi 0gn5C+K6pCBrEEUBGtsZhQ9E9qgn3cMFP/U288ayDnZ5+kIax1kJNhm0nhg5yQc5C9fU Pwhx0QWismtCiHdvFml4RVbBdJW5AqRvawV1px5rW9a+BSO5JBJQWcIdtkwARa6MWTIQ yHdcIjs+1LT+NyHjsRu0SDl4bgZJyWEiULBvELFQRU3lK2vWzJIs85jnJ6wEXOz36X1W +HJW+5ngbjwVfzJqYgIJ31pzR3WpKTBn/WGPiOQPlytQDOG36JGB19CoDuZ7VzxBhCIJ 348Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909876; x=1778514676; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=tctzP2FcPQ+gfsuFfPKCecvWe96h/9pOlhOMG2Joq/8=; b=FcEb2vK8UXflzv/x91LTjnlQn7Z5//3xW53ibnV8H6elotDwv+LbKBCGSiLL8cHaGH hhkm5QRsANNLgHlE85r+OyYWqoBXn8CtYvhfigrV515W5G3vjFtbI35A11IGnSpTxVFm IzeU8VFg3z7D0DBsiT+dDgaRU3H5DrIWXzHuYF/BA3NgDWad8nKy6ifjOe9/uHwzCmIb LqDrPNojEhpceyVyexwjSGhyUlgdSAjqrYOej6KGdeUhmVvi7UZeuj502v42QU5Ka6SM NS1uK5Ch10qD2210TLvy4L6OYnHmUT5OxTWULWc54Y4oQ1NAPi8SDWpVeae8vLZGgi4z TVMA== X-Gm-Message-State: AOJu0YyK458M+y2RgbgnfSXWdjkTlaqX7uOvtf8m1iGFC37Os5PGCu0R E1hPnLvgxtf1EPtRMZ3egILJOy6y8NWtvdzubuhD3eNxwBAojnLvxh4r X-Gm-Gg: AeBDietscR9p4VBERcqLXM1e6LYSOQL+ERfGtEd7q8HTUzaG6MtqdKifzLcI3s6exEL BBzR6Fhx/Ka7NKSmKcPiLDnNoue3JcZMgWLSgtoyDR+SocGnJuTIBT8uOWwsdLw+JcV30F4FnHw qSnAYvQt4YCARJmWh8truVzTJvxpW28QTjwILRwSoYUyiOpzlATqV0lHGPVixty5ry4C0l6ZNcc T76uShxu178g1xQWPXv7YV3IykJj0rK6kVU2UQctaEPjHjgAg/Is2yhLjsCbjW1dYZtAy7OX6g5 QskYEaeB9Qy8g7ahNrOtx1dfRH3cImj0h2JdlaKLWigPBkvY9QdMZQLBxem2cyntXWoVFrWhIxZ uzxMxCOl6n5MnG6z48vYd14wJVx3MU1MFMcf4fYvv3aoIcc2lDfafrl4FoQD7eDBrweUvbo09y5 7IuCtjGDhUrLuYdWcAMUdZMFexAxPcZFKncyRhXdYZjEf0OLkIWpU= X-Received: by 2002:a05:622a:1e8c:b0:50d:edcd:4f39 with SMTP id d75a77b69052e-5104bfcd698mr143284311cf.40.1777909876032; Mon, 04 May 2026 08:51:16 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:38 -0400 Subject: [PATCH v5 05/15] target/arm: emit tag check when MTX without TBI MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-5-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=9819; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=v+7vHbPDhPrfGr1GkwHZhaMnYJPZJitNx9Vnfe3PjoY=; b=NaZtGl0Pm9liG5JteV5wlh/AKOs0wj6oRzIC1Jm7LHmQfHaLsFePB5pbs5z9Zx+mjeuMTz/lY 0nS4hV0msbODdrm20ZxRAZi0KfZ6g3CQfChqhawyTQl/7UwyU2wNoDX X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::831; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x831.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910018510154100 Previously, the TBI bit was used to mediate whether tag checks happened. With MTE4, if the MTX bits are enabled, then tag checking happens even if TBI is disabled. See AccessIsTagChecked. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/helper.c | 10 ++++++++++ target/arm/internals.h | 13 ++++++++----- target/arm/tcg/helper-a64.c | 7 ++++--- target/arm/tcg/hflags.c | 9 +++++---- target/arm/tcg/mte_helper.c | 9 ++++++--- target/arm/tcg/sme_helper.c | 4 ++-- target/arm/tcg/sve_helper.c | 6 +++--- 7 files changed, 38 insertions(+), 20 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index ddf44f4306..18352bd186 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9559,6 +9559,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index a632584a4e..6df2c547c5 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1422,6 +1422,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); @@ -1557,7 +1558,8 @@ FIELD(MTEDESC, TBI, 4, 2) FIELD(MTEDESC, TCMA, 6, 2) FIELD(MTEDESC, WRITE, 8, 1) FIELD(MTEDESC, ALIGN, 9, 3) -FIELD(MTEDESC, SIZEM1, 12, 32 - 12) /* size - 1 */ +FIELD(MTEDESC, MTX, 12, 2) +FIELD(MTEDESC, SIZEM1, 14, 32 - 14) /* size - 1 */ =20 bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr); uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_= t ra); @@ -1627,10 +1629,11 @@ static inline uint64_t address_with_allocation_tag(= uint64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 -/* Return true if tbi bits mean that the access is checked. */ -static inline bool tbi_check(uint32_t desc, int bit55) +/* Return true if tbi or mtx bits mean that the access is tag checked. */ +static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { - return (desc >> (R_MTEDESC_TBI_SHIFT + bit55)) & 1; + uint32_t mask =3D (1u << R_MTEDESC_TBI_SHIFT) | (1u << R_MTEDESC_MTX_S= HIFT); + return desc & (mask << bit55); } =20 /* Return true if tcma bits mean that the access is unchecked. */ @@ -1664,7 +1667,7 @@ static inline uint64_t useronly_maybe_clean_ptr(uint3= 2_t desc, uint64_t ptr) { #ifdef CONFIG_USER_ONLY int64_t clean_ptr =3D sextract64(ptr, 0, 56); - if (tbi_check(desc, clean_ptr < 0)) { + if (tbi_or_mtx_check(desc, clean_ptr < 0)) { ptr =3D clean_ptr; } #endif diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index dd1f9c6dc6..9eef2f7e6d 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1054,7 +1054,7 @@ static int mops_sizereg(uint32_t syndrome) } =20 /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA, TBI, and MTX bits mean we need to do MTE check= s. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) @@ -1062,12 +1062,13 @@ static bool mte_checks_needed(uint64_t ptr, uint32_= t desc) int bit55 =3D extract64(ptr, 55, 1); =20 /* - * Note that tbi_check() returns true for "access checked" but + * Note that tbi_or_mtx_check() return true for "access checked", but * tcma_check() returns true for "access unchecked". */ - if (!tbi_check(desc, bit55)) { + if (!tbi_or_mtx_check(desc, bit55)) { return false; } + return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } =20 diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 75c55b1a6d..e753124c4c 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -245,13 +245,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, uint64_t tcr =3D regime_tcr(env, mmu_idx); uint64_t hcr =3D arm_hcr_el2_eff(env); uint64_t sctlr; - int tbii, tbid; + int tbii, tbid, mtx; =20 DP_TBFLAG_ANY(flags, AARCH64_STATE, 1); =20 /* Get control bits for tagged addresses. */ tbid =3D aa64_va_parameter_tbi(tcr, mmu_idx); tbii =3D tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx); + mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); =20 DP_TBFLAG_A64(flags, TBII, tbii); DP_TBFLAG_A64(flags, TBID, tbid); @@ -403,14 +404,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, + * 1) If TBI and MTX are both unset, accesses are Unchecked. * 2) If Tag Check Override, then all accesses are Unchecked, * 3) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, * 4) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid + if ((tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & (el =3D=3D 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); @@ -436,7 +437,7 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid + && (tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index bf35dc10ce..61cdf92c54 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -823,8 +823,11 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, bit55 =3D extract64(ptr, 55, 1); *fault =3D ptr; =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + /* + * If TBI and MTX are disabled, the access is unchecked, and ptr is not + * dirty. + */ + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return -1; } =20 @@ -965,7 +968,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32= _t desc, uint64_t ptr) bit55 =3D extract64(ptr, 55, 1); =20 /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return ptr; } =20 diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index ab5999c592..68684d1f87 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -680,7 +680,7 @@ void sme_ld1_mte(CPUARMState *env, void *za, uint64_t *= vg, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -862,7 +862,7 @@ void sme_st1_mte(CPUARMState *env, void *za, uint64_t *= vg, target_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c index 062d8881bd..c5e6d58a7e 100644 --- a/target/arm/tcg/sve_helper.c +++ b/target/arm/tcg/sve_helper.c @@ -6375,7 +6375,7 @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -6737,7 +6737,7 @@ void sve_ldnfff1_r_mte(CPUARMState *env, void *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -6992,7 +6992,7 @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910002; cv=none; d=zohomail.com; s=zohoarc; b=ii+qhpjgMK+l+S8vj2rOkTRqIIP+0BfHQlanmom13xGoMxt189BdfWgWoXa5cKf1iYMd/CpWTBFdX2EfBc2ehPbqiIAocYpFF+XK2/oYn2xAICgfx1hz3n84Z7nPgkUk15OWXHFGBFebcnp+NSy16WLNZhygJJx9JnWWAM1Zwxo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910002; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/Nog3SCbgfqA4TMOd8dIMgHS3/I/Hs3g4DJB/Fnd2jo=; b=n21KHr7ZqrhkwbfyRtGuN/UJbs4K2UgYXuKS4otWjRVJmtVrDxCUpEKJSKlWhrrPz90qQn/udv3XjZazJozwdDlp+Ode7bOCdVUlo007XOfVWcDkEnux8L2ZVzoTI3Rl+mVWnm9v9IF+LQE49JOFNn+asZlxUAPgUBtFkS8xBmg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910002886358.10228049293517; Mon, 4 May 2026 08:53:22 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZr-0000xk-PT; Mon, 04 May 2026 11:51:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZo-0000w1-Ur for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:21 -0400 Received: from mail-qt1-x831.google.com ([2607:f8b0:4864:20::831]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZm-0006Cq-Qs for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:20 -0400 Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-50e5bea4045so35174351cf.3 for ; Mon, 04 May 2026 08:51:18 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909878; x=1778514678; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=/Nog3SCbgfqA4TMOd8dIMgHS3/I/Hs3g4DJB/Fnd2jo=; b=RIGxRlmpBG7Fwglxv0CEXniHLfVWxvmYRQujWwDAQ5aYE1CcDbUsPtZf5k7ET3Krka ZFa7UaoslKawKbrpq6ZMhiAVplIIhtUd+vVtLy1IPQwYGDLp6BJcUQjLuXKRD7NhFzCd aQGwJWjJoI6HMjVBeXapspccilP6vX2eprEw5iAxwAJHQUG0JJv+CJixN7DklU/8QbbZ KFaUK8SIZG4+MnIDrXXSpZZzEfTk/fCzAvtbNuTEJK4vZk7xrWfZUHqFo636N3U1tlh4 qaPEK3klWliA6LIFkC+Ns03uuTq9JSuFoaxe4fxqNtZXOBWHGagyr4N1PhqPDsv9z4Jd WImQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909878; x=1778514678; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/Nog3SCbgfqA4TMOd8dIMgHS3/I/Hs3g4DJB/Fnd2jo=; b=QvE8DE7yOYeRDT5r0U7qLQnIxUJoUZhmtSNa/RZdS8hEGv+x36yP7g+w5QzUqr7ptj 7RG2JCkyOyfj9/Jq60O2+qhz1vt+SddQIA7F6CHj6NKDT6WN02A1/2dn393Sje8pig0o ZFeFEGpHeI6pA0RvMNGh3jj3uzGM6oINxrZ3i/37LCKH3L7lLqi9EZ4ff50+InJ2n+l3 N5HuDaz0ZTdRm7UDLM92BnQ5Ekt2eRnRaxPH+y3L/YtimOxguFl+D+RthAouLR3IF4Mk LTyEzZ9LNlHnpGGeRM9xmJqvwaRwsllLieTk4kTFVlDtujfUWAMnyjdYIU7yRRnqziRg 0HpQ== X-Gm-Message-State: AOJu0YyNdgVcLmUsdGzahez934BxiPPeOViSZDmrOIk5JOekNidZeJWG sYrZ7KYcbhQM/k++mB8/QyBnlv8IZXM+Z617INJ5UXHUS+BG3ziUCpEg X-Gm-Gg: AeBDiesaWV9xzTiopmiknOkqqE0BqUlerz0ykKY/uhX6fo5uxDhfcsABDlHHifZM2Cx g2vhixB5LSE0Fs9oaWMXAQuSAyMuY98h3yD0lhBAw6b0WUnStN5ms2YoKzzEzcoZKwTtMocvg+l QG0xFJ1RcgFrG3rPYEYueeyCUGRi5EcL5gOiSJfPRngMIVw9jhJknQcwfZHj1EzJO/1I3kqgotM KBMfQWCYYZCipSH3ft/00qnInWWzm55tzTHh885k2SFRu4oaG5esPihCDGinLCY/usFmC6R/e1C jC8IDnLPpiFqEKCwGrVWtufqLmth3lbhahVh4/w12K43tzp+4d33fvEILevQX86ii3qz55TDVUv L7avB7ZlRvHRbD6X9QtJ7tTJyBaKB2CZo+tiD2VI+1RvyoYRKO6BAEvfQMk6Uj3/ju106k1ipqy 2zwjaMB1+DQFouTmO177BX+HK/KJU0ir/UVsLgg+M2l0gcy6yEMpc= X-Received: by 2002:ac8:5796:0:b0:50e:5819:d7e7 with SMTP id d75a77b69052e-5104bdefc96mr148913851cf.3.1777909877630; Mon, 04 May 2026 08:51:17 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:39 -0400 Subject: [PATCH v5 06/15] target/arm: add MTX to MTEDESC and DisasContext MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-6-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=6070; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=pus4GwsaxCbMuSf6IijKDSfjMEIqDUvfVkkjkvUKGzg=; b=QlIVqFyFW8q1abqB3HOKPtlOYkl5QLhR3+gmHWNlhUj+6CaFF1DYWHOS46SkMwNFKmrSShP1t 7nTmuFiNkhRDFFmaH1HiY8YCqncRscp+pOUy1Y/hw+X+wojbArk7txT X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::831; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x831.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910006142154100 Add fields for MTX to DisasContext and MTEDESC. With MTE4, the fields will be needed in future patches that alter tag check, tag load and tag store behavior. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 1 + target/arm/tcg/hflags.c | 4 ++++ target/arm/tcg/translate-a64.c | 7 +++++++ target/arm/tcg/translate.h | 1 + 5 files changed, 18 insertions(+) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 4d130b4b2b..90d4ed37c2 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1159,6 +1159,11 @@ static inline bool isar_feature_aa64_mte_store_only(= const ARMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; } =20 +static inline bool isar_feature_aa64_mte_mtx(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTEX) !=3D 0; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 706ade5784..6e2b70dae5 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2529,6 +2529,7 @@ FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) +FIELD(TBFLAG_A64, MTX, 47, 2) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index e753124c4c..40a934a8af 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -460,6 +460,10 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, } /* Cache TCMA as well as TBI. */ DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx)); + /* Cache MTX. */ + if (cpu_isar_feature(aa64_mte_mtx, env_archcpu(env))) { + DP_TBFLAG_A64(flags, MTX, mtx); + } } =20 if (cpu_isar_feature(aa64_gcs, env_archcpu(env))) { diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index ce6249649a..cd86178d56 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -312,6 +312,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(mem= op)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, memop_size(memop) - 1); =20 ret =3D tcg_temp_new_i64(); @@ -345,6 +346,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr,= bool is_write, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(sin= gle_mop)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1); =20 ret =3D tcg_temp_new_i64(); @@ -3003,6 +3005,7 @@ static void handle_sys(DisasContext *s, bool isread, desc =3D FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s)); desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); =20 tcg_rt =3D tcg_temp_new_i64(); gen_helper_mte_check_zva(tcg_rt, tcg_env, @@ -4873,6 +4876,7 @@ static bool do_SET(DisasContext *s, arg_set *a, bool = is_epilogue, desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, true); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); /* SIZEM1 and ALIGN we leave 0 (byte write) */ } /* The helper function always needs the memidx even with MTE disabled = */ @@ -4927,11 +4931,13 @@ static bool do_CPY(DisasContext *s, arg_cpy *a, boo= l is_epilogue, CpyFn fn) if (s->mte_active[runpriv]) { rdesc =3D FIELD_DP32(rdesc, MTEDESC, TBI, s->tbid); rdesc =3D FIELD_DP32(rdesc, MTEDESC, TCMA, s->tcma); + rdesc =3D FIELD_DP32(rdesc, MTEDESC, MTX, s->mtx); } if (s->mte_active[wunpriv]) { wdesc =3D FIELD_DP32(wdesc, MTEDESC, TBI, s->tbid); wdesc =3D FIELD_DP32(wdesc, MTEDESC, TCMA, s->tcma); wdesc =3D FIELD_DP32(wdesc, MTEDESC, WRITE, true); + wdesc =3D FIELD_DP32(wdesc, MTEDESC, MTX, s->mtx); } /* The helper function needs these parts of the descriptor regardless = */ rdesc =3D FIELD_DP32(rdesc, MTEDESC, MIDX, rmemidx); @@ -10701,6 +10707,7 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); + dc->mtx =3D EX_TBFLAG_A64(tb_flags, MTX); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index c74a4f6675..75d1b0fbd9 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -82,6 +82,7 @@ typedef struct DisasContext { uint8_t tbii; /* TBI1|TBI0 for insns */ uint8_t tbid; /* TBI1|TBI0 for data */ uint8_t tcma; /* TCMA1|TCMA0 for MTE */ + uint8_t mtx; /* MTX1|MTX0 for MTE */ bool ns; /* Use non-secure CPREG bank on access */ int fp_excp_el; /* FP exception EL or 0 if enabled */ int sve_excp_el; /* SVE exception EL or 0 if enabled */ --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910003; cv=none; d=zohomail.com; s=zohoarc; b=JVGB1LAMRawmuftdU6T+tIESnvNPGTV2DdVQIi4TtmKvhDn64OwR2gZ6zBvBjVl7mBAqT0HdMure9NP4WCNGqWYBI2TcvaAON/R+YiD1qRMuqITUuhE5P8mrdcmGPYTI8J7gJCDBDTceLMPsCUOYDy142wMT4oyK66DcDxiT6xI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910003; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0ay7sf63ql1pC4xkROjc2QEdokR4pUfgyF6xPuvXHyY=; b=QP+RQBxdsrdVfNZKaa/2SDzcPWc5ozmhYovsqwAom1QikgFCqTPTjiA8/dmlDiNakfa9HyxZBJZlIRPE0mGzdWcxL64Z1eyOjnL2C47Bx4qS5+eUju87fJXN+0342FbAzRbKPicucV+nyRIO+XEN1CPsN8RqgPhsCbTv5V9qiEk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910003251597.3539800028154; Mon, 4 May 2026 08:53:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZs-0000xs-0o; Mon, 04 May 2026 11:51:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZp-0000wg-Vm for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:22 -0400 Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZo-0006DI-Es for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:21 -0400 Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-50faf8ed9c5so20641341cf.2 for ; Mon, 04 May 2026 08:51:20 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909879; x=1778514679; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=0ay7sf63ql1pC4xkROjc2QEdokR4pUfgyF6xPuvXHyY=; b=jpwFhAQA3H8TNCe2Lhuf0sYa58r8ZWVFwhKwdMSkFpKu3jBs7zo0jyyQwoSJJp66CY MuIDp3IwkBjbDZgs7XzT/aiLis5tsWWtgctyk/5ZhxIBwCX8Xhdt+AZxgUVfyJv245d+ 1HW8dRGlXWpoU3JTveVyUeloF8AT4F8r6OAu5nAgYpeBN7/jYpiRf6wlcTKoY/q9MXXj fMya8z4xfsjZMcJlZ9Z6ANW1f84CqHeK84mDJKOrKTPEATL1wgX7MU4gSGlWPPld3hQ8 o+FqlEaXhuxrUnDVal9q/pRAAieZwmP/4F9J29NEpYUEAjnVBFwIwh1F5YRROr+wt9nn Tdyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909879; x=1778514679; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=0ay7sf63ql1pC4xkROjc2QEdokR4pUfgyF6xPuvXHyY=; b=sYXRgXXsQRqyz8EjWzYzdZU32zVyR1Mo9BzAeOl7OhUcafzFJOUawwc/ESMxeTLMHq CLGGBxtZ24hHNBUXdLjZMT0RsnbEpi1EP72oAraleLapIZN2Ye1OCnx0nxnMxFexdq4K 8prD8rV/SvfOAHfED7nGzPVh++ycxPXxdWUZ/zwiDlIKZzUPe2bHU+lI6xR1NppXpE9N pGvr8XwSRYQzUF/FE5iYX2HBafJuKJruCmX9U+cAAEZ3apS34QRkacA3HMt0IPFt8BI8 1fwRVUDFT2iTOx4j1NYhbqacc9y04CLx+38dafoCPJZDg5gE3puBgUnZiUxmUThJDPnf csxQ== X-Gm-Message-State: AOJu0YyUmGFobzta5HGl2avZYtRvMxBpJuphUOHwfG3Pr0fWvYGFdJud mkdNxFv/1IbztRgtJgqAKDbJ+ESnahkIAuILElig/VhANje8Wvh4z+hQ X-Gm-Gg: AeBDiesmY2clRMKZfXv114Pirl6T/CnXNoy5jnOuEDOHOWPFP0S8lK3zgfpxTxZo7HO gPSvY5tCwYNjRBn88AzPZnCclff+sYQGXfH0IH7/fxgvJqCBmiRe2r6aYArZV65RDQmjU3jqfUP ZWwSgHHt5qdtwbszewcDkpiLWr+SYpGgaliaKmOwnVlzzZn5B074PjYxBqZzYLQAdmZ4CljV35v ABjtj+4330N8+LRqjGcwaAkMOBisf9gN0lXJ3KDRPwdbk0R8UZcFKZ9YDCFfv450SrXn8o0UEBc qDAFYdFDUIF6TGHb3KP3WKZryergyFzB3f0g2ZRGw+vWFSPCxdxcwi6Mebixbx406zgdarTSJrX ByDt/Kr1UM660QZRSzG1jVXPO7X96wIYZhICog5ZQByP3fchEr1hNTcTuj6JUqqMngtMbZ90P27 YI2Gw2yra53ik6cuW0YJlZdi0T9uhfp9NueCBrRnBYjZl2z+wj6us= X-Received: by 2002:ac8:6f1b:0:b0:50f:ec27:5d05 with SMTP id d75a77b69052e-5104be42610mr172075511cf.10.1777909879198; Mon, 04 May 2026 08:51:19 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:40 -0400 Subject: [PATCH v5 07/15] target/arm: add canonical tag check, mtx helpers MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-7-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=1931; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=jN08kl5XFA9CgTscW9ExtHRwdhxwVdpjf5wqgUQUKtk=; b=WqGzwxpPuHocytpfhoh8lD7CZ/MuIC67VGaB9ynLdUiRiOcFSfl5c2s3SCyWcOOaP9d1RpNl6 +ouCCAjjmCPAIHNCUBGvzQyPsLMalFgOshfYl3mACOX8DgU130ZPcsA X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::829; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x829.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910004482158500 Add a helper that checks whether mtx is active from MTEDESC and a helper that checks whether a tag matches the selector bit. These helpers will be used for the subsequent commits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 6df2c547c5..779eafabc8 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1629,6 +1629,12 @@ static inline uint64_t address_with_allocation_tag(u= int64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 +/* Return true if mtx bits mean that the access is canonically checked. */ +static inline bool mtx_check(uint32_t desc, int bit55) +{ + return (desc >> (R_MTEDESC_MTX_SHIFT + bit55)) & 1; +} + /* Return true if tbi or mtx bits mean that the access is tag checked. */ static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { @@ -1636,6 +1642,12 @@ static inline bool tbi_or_mtx_check(uint32_t desc, i= nt bit55) return desc & (mask << bit55); } =20 +/* Return whether or not the second nibble of a VA matches bit 55. */ +static inline bool tag_is_canonical(int ptr_tag, int bit55) +{ + return ((ptr_tag + bit55) & 0xf) =3D=3D 0; +} + /* Return true if tcma bits mean that the access is unchecked. */ static inline bool tcma_check(uint32_t desc, int bit55, int ptr_tag) { @@ -1643,7 +1655,7 @@ static inline bool tcma_check(uint32_t desc, int bit5= 5, int ptr_tag) * We had extracted bit55 and ptr_tag for other reasons, so fold * (ptr<59:55> =3D=3D 00000 || ptr<59:55> =3D=3D 11111) into a single = test. */ - bool match =3D ((ptr_tag + bit55) & 0xf) =3D=3D 0; + bool match =3D tag_is_canonical(ptr_tag, bit55); bool tcma =3D (desc >> (R_MTEDESC_TCMA_SHIFT + bit55)) & 1; return tcma && match; } --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910044; cv=none; d=zohomail.com; s=zohoarc; b=KHUY9dmMUY2h2pOxGdSMn1rjtZLQGAz9yF0XH1c+ZJZMPKFj0h4y00nz5TgKsampNMDOnxi6skmdF0oI+yGOoifFwK4OAfmD7bCLKb+YF8m97uF64rxlFX2igD7UT1oroc3Nmg+U/SZ9l8Tt3Vwe5u459TLLnOsq3ChQGlbVWc4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910044; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=seR931FbrhAdb+NYhAMGgy6RPmH0udBjx5jaRmN1ITA=; b=Xz6RGlI4/u3IyAlvzPybYrLNtW6AaZgzCVAVxZBACeo98ajCVWXLHt7usHGmstTOTZ+hxwjGpcKH7CxMRiuPOHtLuKchjDNa/0BVTR6PNENnQIUfLfVARnHFGoEBM+BG6p6Bvtc108WLjPZ5k3Tl5Tlgr9M4Vqke9BzrG4GU/xs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177791004494754.941146286340086; Mon, 4 May 2026 08:54:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZu-0000zI-JZ; Mon, 04 May 2026 11:51:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZr-0000xc-Gp for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:23 -0400 Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZp-0006De-VD for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:23 -0400 Received: by mail-qk1-x72e.google.com with SMTP id af79cd13be357-8d68f702851so480511285a.0 for ; Mon, 04 May 2026 08:51:21 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909881; x=1778514681; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=seR931FbrhAdb+NYhAMGgy6RPmH0udBjx5jaRmN1ITA=; b=Qhfm84CAQWS9N7Loi2NByK6AG3ZtcNFUfIeK9omwsWMKRn3RvJbdWfgFSbps9+xxxJ p4IVbNePAKXQews+v7Yg3ZFhuEmf5QD+ekfNvltBQwHIRyyLYgxTeeHJgNJ7qMeF7aqB JKknViiUBObau8em6Kl5FdqPNKYvChpLLWDIilb62DfloTVBcAw77639PD3FKV+P5iZK 0bH9YCqIVUOafQZlCUVOQV1eIclNu0zJS3FJ9nYrcy7OOQ+HQ/vts6ZGp0NhjcJHyRBT 9WTqFcoKsQDb3jbDecPuw/a9NDD/qLz4MvO7x2bdJxmMmuYv/4qkStKM58tD3lb0Ma5M wf1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909881; x=1778514681; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=seR931FbrhAdb+NYhAMGgy6RPmH0udBjx5jaRmN1ITA=; b=tMTWAVhHRkB+ueZgIfdpD//beXxgzjhy6dLBMzYuyDu5tqUyDhD19moiQkMMswkMUI NQxwJrAVnrWhxt9F4rDYZFkJo5CIN15Rt9SXI0o65fa8wuRilu0rvD6PMnnbLfIcSl0w /HG+qH9Td/E3di72uasHpbadUyWibSvatdpPsfplDaHAH2+bYGeqMiTuWP5BxgoGdeOM RcXc5PRnqMFW7WkCFOXjDEHWj2Gu31D2DN+7DbYFRbn63jyd6dzr/TqdCm9mqf4+uZOs aueeUJunYXEzx1gxqUhm3x2cn4g3F3MPYotX5xO/pYU8wonkJD+MOmQWKByY4Y7BLEo2 Kk6A== X-Gm-Message-State: AOJu0YxG6DG5dn4TAvNy59MOehm3Lm+qNa7K0Hx2EiPWLM6GjVpy77bj UUYzr6E0Y3dhH4er2XJEy+Yl6Bs4mnR8Jby49ZAPqI0g85Z0ZI6p1ZC4 X-Gm-Gg: AeBDiev1CuZAd5BZnLMwQAhZh5e8M+xxvWIHMv3XOdsvxIFUyVCbwLePgAcTwwPmey7 FfEzldr0P59agmyoT5qbn6BfVNfRW94yBV9wI+K/cR7EmrUxREImb91dnBeMZCap6LlAxaHrM9n jiC3AgkM4Ld1eW9E//6mPbkTIn2HNGJBS3tssNddSQIC22iiLgrstVrRDeKnB5zRc2xaPDvzwBl MjdBLvtPSuWRCwuxL/okz2KgQNOqgOIFeMoW+uFwYhnIxgdq5snBI2AFAVV46YjTHmCV99jppbC dYe1is6ZJVXAsIrH+XlU3sHmI//FX5T0uR+S6P37IPCOoOQomiwA2aGwP+p5vpQRmRDtppPmwop F+YIg1jU36TSrV3f4pVxOcBWh4hXOBWoOrGqpfgIMypMAdv8aFekzV0HNqJ9EXqXya3IzvqU86U AqvN2rFug+MQYnsyjmAOoNV7Dw9KpnX59Fc5lAS0M8yZHWWMtdJAw= X-Received: by 2002:a05:622a:54e:b0:50f:be4f:465d with SMTP id d75a77b69052e-5104bf50838mr143748111cf.46.1777909880546; Mon, 04 May 2026 08:51:20 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:41 -0400 Subject: [PATCH v5 08/15] target/arm: add canonical MTE check logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-8-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=3050; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=taM0bnxg3Adu1LAuHiTNsQ5a1pkgBVcVSoxgQ7RpzL8=; b=PXd9SOLs+rn6qhmUWlWvmWQWAVLFXXbh9o9n60RMRL4bdcbQfcALc5MMOxfMDTMctJ4H5y8ei ExvE4fUmm9aCFso3sEwdLDg4d+v+1Xc/dWwrfr/AbUj31gMayUIFC/u X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::72e; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x72e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910046720158500 With MTX active, address tag bits are checked for canonicity if the corresponding memory regions are not allocation tagged. See AArch64_CheckTag. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/mte_helper.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 61cdf92c54..d35e3ef04d 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -858,6 +858,14 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, mem1 =3D allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, MMU_DATA_LOAD, ra); if (!mem1) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTag= ged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55)) { + return tag_is_canonical(ptr_tag, bit55); + } return 1; } /* Perform all of the comparisons. */ @@ -873,18 +881,24 @@ static int mte_probe_int(CPUARMState *env, uint32_t d= esc, uint64_t ptr, =20 /* * Perform all of the comparisons. - * Note the possible but unlikely case of the operation spanning - * two pages that do not both have tagging enabled. + * Note the possible but unlikely case of the operation spanning t= wo + * pages that do not both have allocation tagging enabled. This can + * happen with or without mtx (canonical tagging) enabled. */ n =3D c =3D (next_page - tag_first) / TAG_GRANULE; if (mem1) { n =3D checkN(mem1, ptr & TAG_GRANULE, ptr_tag, c); + } else if (mtx_check(desc, bit55) && + !tag_is_canonical(ptr_tag, bit55)) { + return 0; } if (n =3D=3D c) { - if (!mem2) { + if (mem2) { + n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); + } else if (!mtx_check(desc, bit55) || + tag_is_canonical(ptr_tag, bit55)) { return 1; } - n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); } } =20 @@ -999,6 +1013,14 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint= 32_t desc, uint64_t ptr) mem =3D allocation_tag_mem(env, mmu_idx, align_ptr, MMU_DATA_STORE, dcz_bytes, MMU_DATA_LOAD, ra); if (!mem) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55) && !tag_is_canonical(ptr_tag, bit55)) { + mte_check_fail(env, desc, ptr, ra); + } goto done; } =20 --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909998; cv=none; d=zohomail.com; s=zohoarc; b=CFw1O5MMxPo0FTshvfhdgnkJtbzyF5DCK2IcnXFf3hk1ZCEu8XcML6rxvWyUWsmKR180acGg44GZI31aUdhbXTAxgsyairXDe2vkxMPQ+6Ib5UI2XrChVnXkKWRGzCXXn/7tTK2hEwRie40nR65jLaYgJVNgImonkMZZvDVElzk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909998; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=MG1iwnko83uMuVMCUIM9KDLK/vF8JVyEE/TaS9GVUps=; b=WWJX1+r6jBoZvr94KSlTQtp8c51V7Mub0mi28qttq5WEBWQ5q38wLIEirdReLwydsoEfHvEB2SuPcb/DYVErUr3WOrYne1hHFRCxMH7jLdw5Q529BKy6lqXZjPw4tVN5MmtmLTcp7rvSMKdKwfeWS95Rxw+nn9rJvT2I+CT2Jq4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909998346256.38358537967156; Mon, 4 May 2026 08:53:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZv-0000zV-7S; Mon, 04 May 2026 11:51:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZt-0000z4-NL for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:25 -0400 Received: from mail-qt1-x830.google.com ([2607:f8b0:4864:20::830]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZr-0006E2-OQ for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:25 -0400 Received: by mail-qt1-x830.google.com with SMTP id d75a77b69052e-50d7c12e48eso35475781cf.1 for ; Mon, 04 May 2026 08:51:23 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909883; x=1778514683; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=MG1iwnko83uMuVMCUIM9KDLK/vF8JVyEE/TaS9GVUps=; b=ZvOQttqBpltWABpGJZWbBcp4yxDvrGNoCAsseCAiVLSYumqyZstWFo3Eais5hzZZcc WYz6EnMZSBiSmga62pZRSqDZP/CgW0xEJg6+lWKCE6Gn87AZJ9hmPwGJSxUkZndXuPjX ReXwbsKDLBOfZo31p9nSNXePR+UjyoP1MZJIGJh+7u0eh/ZqwHhNVCWy/UJz9r0cn2Wu 4EjXWY/H/SBIywjrO5+NvAa/o5uBuZTnr2L0avc9ltYuBoLLS1CbfQEo9QQe6HI3RKFj behE0h9vwHeYF9sw213zyquBM0tgAOrRoPQDu9wRxtEiJLRdej32akO74K5fzg3u0U1p Hd0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909883; x=1778514683; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MG1iwnko83uMuVMCUIM9KDLK/vF8JVyEE/TaS9GVUps=; b=JXK2mX6yoHWR8/bSr/uoVJ16eKFkNFPPZESka1U2whb/lYIFUDuNydQOAbKADjCYrV Krbe8BJ+rbcbz17RFP26P7xSolGDWbpBV1HZxXxz5X9Hgxu7mn3HNKZl5IEG7tk4j0yt tNxB6jYrtPD0BXIBFnmxDkznLPSeJHVRuKD02FurUuZyLEoPW9/DkHR+X7Qh2cFcdLVU pLt/YxIXzF6j6rCzcpm8pQWTCgi/T3ZUlX1h8H3w/WgWpw/38yT16jmk0EnphCbU1CYL jo5EWUPp11wFQZyZ8oPEqjbK7zwqcHAvwSE4Lu88/9KSJXycz27s/53SXU+MfXuyU2Ca d9uA== X-Gm-Message-State: AOJu0YzKowe3VeoIGrIIBhZGvGPkNKeQcyDyT6jaGuS7b9Pfjp1c2rnh fqayXj7RSegoU8/WGU9eQjpmI6ixEQDk+2Gt8b9V5czZ1njZjP26x6CqkG8jzRLe X-Gm-Gg: AeBDiest5Pps7+HF/cNs6uNwiGlEn8S7oCnSuZbM+usT2oZNm3yjUR57BOp8/m4osCO hL64Eo+aRYLCPCuqxsdNu6EY8P6WMrgZat5/Ox3os83NNVALFMipZmwjb3fl6q52zb5Q4/YWCfC 1xAgptJtytA3eulcN/rgG+SMRZkK+6IO8SCXK3L+N+fPH+pzfktoV7Nk4LY17o6i6nwvEASQMgN i7PkQ+VmuSAprjCRaOuB435F3Z1Eg/INfNE1Oh/ODq82Iux7hlpD7DPA8U1plUjaSsFS+PKDMzf mbVfvK3WKOSSKs0JEqLXIhyqrbl1hqoRRV7bPejfo04SCY78r/Y+QVcDbUTpi/EGCQNgvAGua6X NtgrXeKifCA3LVNh0EEwsZbBRq5++tuN3Y+0MnRRJgykA79Owsfyha4WaOmx2UCx5JLAm+CXPsL f7yAas7/IYX0QTS2W2rj3/1imjUg9t4AOy1nYAFTBJW3Hu/DitBqE= X-Received: by 2002:a05:622a:1f8c:b0:50f:b7b3:2ec4 with SMTP id d75a77b69052e-5130534b3bbmr803141cf.25.1777909881921; Mon, 04 May 2026 08:51:21 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:42 -0400 Subject: [PATCH v5 09/15] target/arm: load on canonical tag loads ext bits MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-9-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=5681; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=Ws2Tqe13fBijY+IHknD2CyebZv1in1ArUctH8Hio2sA=; b=oz8eYjE5Vhv9ZTARi40/Hp4hw9BTP367GpMsUgRMbeoVgKXesDUDsrV4q+eHUAoXCN10U4XKi TjEmXWkKoGZCOfw5lW6i1VHoDaYhtfJGVF+zbu/NgSZ3rybx9vBpuSW X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::830; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x830.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910000581158500 Loading tags from canonically tagged regions should use the canonical tags (extension bits), not allocation tags. See AArch64_MemTagRead(). Signed-off-by: Gabriel Brookman --- target/arm/tcg/helper-a64-defs.h | 4 ++-- target/arm/tcg/mte_helper.c | 42 ++++++++++++++++++++++++++++++++++++= +--- target/arm/tcg/translate-a64.c | 4 ++-- 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index 3c3c5dddb7..c08c8c3991 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -102,14 +102,14 @@ DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, en= v, i32, i64) DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) -DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64) +DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64) +DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) =20 diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index d35e3ef04d..8ed31ca2d8 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -304,7 +304,7 @@ int load_tag1(uint64_t ptr, uint8_t *mem) return extract32(*mem, ofs, 4); } =20 -uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t= mtx) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -317,6 +317,11 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, u= int64_t xt) /* Load if page supports tags. */ if (mem) { rtag =3D load_tag1(ptr, mem); + } else { + uint64_t bit55 =3D extract64(ptr, 55, 1); + if (mtx) { + rtag =3D 0xF * bit55; + } } =20 return address_with_allocation_tag(xt, rtag); @@ -458,17 +463,19 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) } } =20 -uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) +uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, uint32_t mtx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); int gm_bs =3D env_archcpu(env)->gm_blocksize; int gm_bs_bytes =3D 4 << gm_bs; void *tag_mem; - uint64_t ret; + uint64_t ret, canonical_tag_val; int shift; + bool bit55; =20 ptr =3D QEMU_ALIGN_DOWN(ptr, gm_bs_bytes); + bit55 =3D extract64(ptr, 55, 1); =20 /* Trap if accessing an invalid page. */ tag_mem =3D allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD, @@ -476,6 +483,35 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) =20 /* The tag is squashed to zero if the page does not support tags. */ if (!tag_mem) { + /* Load canonical value if mtx is set (untagged memory region) */ + if (mtx) { + canonical_tag_val =3D -(uint64_t)bit55; + switch (gm_bs) { + case 3: + /* 32 bytes -> 2 tags -> 8 result bits */ + ret =3D (uint8_t)canonical_tag_val; + break; + case 4: + /* 64 bytes -> 4 tags -> 16 result bits */ + ret =3D (uint16_t)canonical_tag_val; + break; + case 5: + /* 128 bytes -> 8 tags -> 32 result bits */ + ret =3D (uint32_t)canonical_tag_val; + break; + case 6: + /* 256 bytes -> 16 tags -> 64 result bits */ + return canonical_tag_val; + default: + /* + * CPU configured with unsupported/invalid gm blocksize. + * This is detected early in arm_cpu_realizefn. + */ + g_assert_not_reached(); + } + shift =3D extract64(ptr, LOG2_TAG_GRANULE, 4) * 4; + return ret << shift; + } return 0; } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index cd86178d56..5fbc54de4b 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -4711,7 +4711,7 @@ static bool trans_LDGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_ldgm(tcg_rt, tcg_env, addr); + gen_helper_ldgm(tcg_rt, tcg_env, addr, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_LOAD; int size =3D 4 << s->gm_blocksize; @@ -4746,7 +4746,7 @@ static bool trans_LDG(DisasContext *s, arg_ldst_tag *= a) tcg_gen_andi_i64(addr, addr, -TAG_GRANULE); tcg_rt =3D cpu_reg(s, a->rt); if (s->ata[0]) { - gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt); + gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt, tcg_constant_i32(s->= mtx)); } else { /* * Tag access disabled: we must check for aborts on the load --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909936; cv=none; d=zohomail.com; s=zohoarc; b=Hgz8keV87Q7NiHyZOVfbnuiDhzGdBQRStHanbvidl4CBJC/6c/lN7XC5XYjqJ+YanUS9FVdCtgAO+VTZxTNhIRaNpLx8n62LEgrmtvHx3fO1sX7MuiTIVVhIHDDKu/IuIEg6LcoSTfe/YgRekR5X7baHiOXN8F8r0DjCpbq0FP8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909936; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TiVrbOZjjCigVoL27lZtXMqa7artce6mU8ZEiumQQSg=; b=FRL3K7lJpxd1omsLvsxmwV3/2xRhheBQ0WExOrtgqoexc0okhR4mje2Kf7+YrV6k8wTbenvU4iqJTD9AcVGo36kUMVEgcm1r4JPAuH7GrXn7jZcTLg6tYzu3TREiu6Lba97ba15URnkbtVtVZCgATLEq4U8tD/EYppAUFGEyOPM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909936884630.2762983327066; Mon, 4 May 2026 08:52:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJva1-00012T-61; Mon, 04 May 2026 11:51:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZv-0000zQ-0U for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:27 -0400 Received: from mail-qt1-x82b.google.com ([2607:f8b0:4864:20::82b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZs-0006EL-JL for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:26 -0400 Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-50e5c5033f6so33802431cf.0 for ; Mon, 04 May 2026 08:51:24 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909883; x=1778514683; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=TiVrbOZjjCigVoL27lZtXMqa7artce6mU8ZEiumQQSg=; b=I2iE0NItZpU+Mr7L9ibWWwmGRmRiY27juwbh0hMzZaA/Em5bby2Crh6RJApb0t2a9C To/Paj/tW3iISoBS8LYRVDhNR8y6mzoWi2euR+iBNJV5Y3Lqpfu8pli+i2E7UIryDc+c zlB+6l2A/Psqpu+QuyzapbKuKT2L1yrNSiIuCy2u0SWmuhjGQW2x6ObRzRO52sk6Rmct 7nEV4H5ELmkudbuUn6hIxCRwmvwT2bwEFGPPYiM4/nsV6miuCtepG+q6r9zN7iVWAV/Z sMEtX5fg0CFxJEIeLoz2iiDiAC7lXfCtJXGGWaXdHXaVWSGmLdZMbrfPVoJUu29b4QxE Ac0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909883; x=1778514683; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=TiVrbOZjjCigVoL27lZtXMqa7artce6mU8ZEiumQQSg=; b=HG58pI+b8jk4AYfazaR8M5uZH1DHHIeUQFaJJk0lMRvSeKMR8K83NGc8E0xJXgssGQ Ypfs2gNt637K4BkcHD8oSa2dDOWxPaIQbnd8eGA0WIDLsxAJsyxmegJYN/jomybz8+Bm 0x/Ya0tDTxy/5XleXCgiooSTcQhc3rgffUZ2PUHn+zk4k+LJ5zTgEZ75y7d4sSEt2nN8 rEuAH/8dtvctNId8E0BloAxekNH9k0BGlSQB+GUwyPH7H6HdlL6gfA+4EGVhf3PgiT38 Ohdjaaa26eNtEz1wInof6Hd5ekS2aHwTOFyXC+uk56eFNza52PAWtXEf7LFzSzDw/Ph9 p6kA== X-Gm-Message-State: AOJu0YzUcyWIUxuvVBJvVxdeJntHG/4u5buncqn4zIM1ETGRe4bC2YyP ky7emQCCEwfN7UvB+V+sjV3uzA2UgciKUC50DkeAXQB0yzp+EVz1HBLb X-Gm-Gg: AeBDievo6QmmP9uYxEX9qll+c2906BXSSQbDviILob7MnlgxzEI2k3FHTC90vRsaZ2Z fsbCfkCMhKE/BhELWeP9IbzMIoGa5fDTx4kMyabjQ5edQpwp6PT04OeJpRRYeON/lugktkWrkP7 uMMEJUHLRXw5C9cxg6IY6uV3blaDdP+UTM3HbF1R4AcN9xnBCGXkIjcSp5Vr3FwzoF7keTgun2O Xd345qK9dzU1WZjOPVHGUhWPShcZwKNhzD8qmMBgORVNgKuVj6o29EsDuB9yVsvP1yb1qZ0AwQA 5eo+zYYBJgv7okxsdukkQlTemusW8UrmCN9jlBcKGU+zaeEESlsI4BzzKbinDYPv8i9xC1sw4pS uS4Ru4GCbT3y3HGJUu2CHg/AWSJmAmIbfCuVC3aCxhfr+orPTIyg5Px4b+M1oiFP8zBF4D1ZS6z Y2tYxMu8l6PpghMWwhbkWXA4XNsojK3BkzRHY5Q7jclhEV3KaZoBg= X-Received: by 2002:a05:622a:201:b0:50d:84a7:72d0 with SMTP id d75a77b69052e-5104bf7adbemr152565081cf.36.1777909883302; Mon, 04 May 2026 08:51:23 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:43 -0400 Subject: [PATCH v5 10/15] target/arm: fault on tag store to canonical tag MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-10-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=11299; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=aYIMM7VEzYa/cnI4zU8L0nd+u7JcOWA7N9KPcn8AdK4=; b=lLShDTqRAufOQmsE/EniKdWTjbF9bkdym1vepOMsiqR0sLekNNJfHQcrm8MtEI7tRMhgPN4T7 Rwxx24qISGfDkBvfZ6O+qg+Zn5oJXQYSk7w0gABM//wKLMJvv56zxk9 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::82b; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x82b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909939131154100 According to ARM ARM, section "Memory region tagging types", tag-store instructions targeting canonically tagged regions cause a stage 1 permission fault with MTX enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/helper-a64-defs.h | 12 ++++----- target/arm/tcg/mte_helper.c | 57 +++++++++++++++++++++++++++++++-----= ---- target/arm/tcg/translate-a64.c | 26 +++++++++++------- 3 files changed, 67 insertions(+), 28 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index c08c8c3991..136d246a68 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -103,15 +103,15 @@ DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64= , env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) -DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stg, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(st2g, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) -DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stgm, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64, i32) =20 DEF_HELPER_FLAGS_4(unaligned_access, TCG_CALL_NO_WG, noreturn, env, i64, i32, i32) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 8ed31ca2d8..ad5cdd558e 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -231,6 +231,20 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, #endif } =20 +static void canonical_tag_write_fail(CPUARMState *env, + uint64_t dirty_ptr, uintptr_t ra) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(arm_current_el(env) !=3D 0, 0, 0, 0, 0, = 1, 0); + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, exception_target_el(env)= , ra); + g_assert_not_reached(); +} + static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -362,7 +376,7 @@ static void store_tag1_parallel(uint64_t ptr, uint8_t *= mem, int tag) typedef void stg_store1(uint64_t, uint8_t *, int); =20 static inline void do_stg(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -376,17 +390,20 @@ static inline void do_stg(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page supports tags. */ if (mem) { store1(ptr, mem, allocation_tag_from_addr(xt)); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 -void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1_parallel); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) @@ -399,7 +416,7 @@ void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) } =20 static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); int tag =3D allocation_tag_from_addr(xt); @@ -422,9 +439,13 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page(s) support tags. */ if (mem1) { store1(TAG_GRANULE, mem1, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } if (mem2) { store1(0, mem2, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr + TAG_GRANULE, ra); } } else { /* Two stores aligned mod TAG_GRANULE*2 -- modify one byte. */ @@ -433,18 +454,23 @@ static inline void do_st2g(CPUARMState *env, uint64_t= ptr, uint64_t xt, if (mem1) { tag |=3D tag << 4; qatomic_set(mem1, tag); + } else if (mtx) { + /* Writing tags to canonically tagged memory region: faults */ + canonical_tag_write_fail(env, ptr, ra); + return; } } } =20 -void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mt= x) { - do_st2g(env, ptr, xt, GETPC(), store_tag1); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_st2g(env, ptr, xt, GETPC(), store_tag1_parallel); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) @@ -554,7 +580,7 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, u= int32_t mtx) return ret << shift; } =20 -void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val, uint32_t m= tx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); @@ -574,6 +600,10 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint= 64_t val) * and if the OS has enabled access to the tags. */ if (!tag_mem) { + /* Storing tags to canonically tagged region: fault. */ + if (mtx) { + canonical_tag_write_fail(env, ptr, ra); + } return; } =20 @@ -603,7 +633,8 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint6= 4_t val) } } =20 -void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val, + uint32_t mtx) { uintptr_t ra =3D GETPC(); int mmu_idx =3D arm_env_mmu_index(env); @@ -627,6 +658,8 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr,= uint64_t val) if (mem) { int tag_pair =3D (val & 0xf) * 0x11; memset(mem, tag_pair, tag_bytes); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 5fbc54de4b..68f476621a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -3031,7 +3031,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3048,7 +3049,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3865,9 +3867,11 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair= *a) /* Perform the tag store, if tag access enabled. */ if (s->ata[0]) { if (tb_cflags(s->base.tb) & CF_PARALLEL) { - gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } } =20 @@ -4647,7 +4651,7 @@ static bool trans_STZGM(DisasContext *s, arg_ldst_tag= *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stzgm_tags(tcg_env, addr, tcg_rt); + gen_helper_stzgm_tags(tcg_env, addr, tcg_rt, tcg_constant_i32(s->m= tx)); } /* * The non-tags portion of STZGM is mostly like DC_ZVA, @@ -4679,7 +4683,7 @@ static bool trans_STGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stgm(tcg_env, addr, tcg_rt); + gen_helper_stgm(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_STORE; int size =3D 4 << s->gm_blocksize; @@ -4795,15 +4799,17 @@ static bool do_STG(DisasContext *s, arg_ldst_tag *a= , bool is_zero, bool is_pair) } } else if (tb_cflags(s->base.tb) & CF_PARALLEL) { if (is_pair) { - gen_helper_st2g_parallel(tcg_env, addr, tcg_rt); + gen_helper_st2g_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg_parallel(tcg_env, addr, tcg_rt); + gen_helper_stg_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } } else { if (is_pair) { - gen_helper_st2g(tcg_env, addr, tcg_rt); + gen_helper_st2g(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx= )); } else { - gen_helper_stg(tcg_env, addr, tcg_rt); + gen_helper_stg(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)= ); } } =20 --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909906; cv=none; d=zohomail.com; s=zohoarc; b=Xa9ZN25iJqPHKYinXJzjhEEBc58eYMW1j5Ul6rb/fr/R7TvlKVvciX243de8uNDDh/Fth0yYR9nENH2EHwdXj+FtzhNBBU3Rw2AWC2CBKUTzPKAp9MGEcfdnS8wIwMfveLBBJeSTDW/blaOXLEIlrTEhIvMfO06SNqRn4y9sfrk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909906; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=giIrFw4uQ5vf/7JK4azr8Lzs9BpiUv+KWk/6RVqDIRg=; b=alOxJ9FEiG+EuiR/iNXTjdcxyWuQGEeyHz18lblQ/jVgAGS/AC9Xon22QiCo2QzXPZlnDxUJMnrznG5MbRtOPDZCNtkwfOjFKrO7EAjK5cPuG9DwgoNGI6lp5X/RfyclPyReH7JVBgkxbQ4OXpbQSpD374CvJ0UZWDytlsYcIt8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777909906804633.7798175608373; Mon, 4 May 2026 08:51:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJvZy-00011C-7r; Mon, 04 May 2026 11:51:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZv-0000zv-D9 for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:27 -0400 Received: from mail-qt1-x831.google.com ([2607:f8b0:4864:20::831]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZt-0006Ei-Kv for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:27 -0400 Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-506a747448dso29207621cf.0 for ; Mon, 04 May 2026 08:51:25 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909885; x=1778514685; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=giIrFw4uQ5vf/7JK4azr8Lzs9BpiUv+KWk/6RVqDIRg=; b=Gs9va19+GdX8Nx9hmrthX+wD5f7Qlaej1dn/6bAQ6WSTUuzPhSLv2pvJA100PW7wSz EKlzckGOkuQUYxckQe4SOPLhZZG3Lek0NTU4hZAbgPX123lPS7e/Y2KCZBAvfdN0RNIh GAyy6CUjeaxfvEqJ6MtEs1epD8TvqPo+1K4719WcHUSqndUVYxRlfpCQRS2FgU5Fp3Fq L1B36BPnKGakstWtQ59pA+pzJoYwSo6MB/zZggi45e535oW2ZfOjezI2M21o5Jc9AJhy v/XqQra95sCs258t8NYDTCgRy4Yo8p4q6xlyGCC1TB4ZCQpuQPgPcw+Gmcg0mdAmjDJm DaLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909885; x=1778514685; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=giIrFw4uQ5vf/7JK4azr8Lzs9BpiUv+KWk/6RVqDIRg=; b=R5gIXw4iU7LVKNxaakhRBsmPzuUxpqktGiLNZ/uNLhHkjW1C0WaX9gui1io3nGjUlE aG4Q9BQ3MXO27cBBfS9n3Vsvw7cUQOsGfnBiEYTavlE6yJRMLNP3Bm0enNCkNOF3RB5Y moqQm6om8Ey9FAh7N3KWCFszG/yd4Ekw62HAXv6v2gbTuzXvUmwXdgqxwf4DA0yDXPgr YljVjSrBIjX322IXFfAl/PBT3qZ6iPerrzFX3sY5kBgBPeTso1eiagnv5HM0JNwm9drA 6gsDM/eJFmvleivdriPJmTl3vYv+c6IuRtG4aOLqUi89hrl0Uams6JlqdHu4HD5WWB/v Swnw== X-Gm-Message-State: AOJu0YwF6oNBiSoqJewciv1nPJUr1xf1IHvOAd44UdR5BDjjg4nn5Vlz AxmpAgvhLNnDLWKPh46TSA88Az3oke2arANJj08v7yI3nLS+jOd40lw1 X-Gm-Gg: AeBDietBMySWizPDu+esGAwNcDvgsA/Dz5V5ZbwuWKoOLlje1PG9bciVkjjhqEw+Oj7 UcZhZqDylyQrjKxLlinjSG1ceYCP3IKBdU4M/RzY8FRcPuT5ZjTPfvbIb0FVCntXgjWVK6ZcEO/ 3Oo6fmtQchx2bpYQBVfNLZ4qr5+2YPnHPMINafFWEsLGCoiXocx1I0vKfInPXoC1PfEa4nAsxOa o++KwVa08nJ+u5+L0pQkC0EWE5z3BOuq+8uHXJMTpsFcR9eX9GcVfEnbFv93l10fHDbzBdQ/JID SajlaDbt/y/ZoJFrjTyB8bsMYiejtEkj2YOJZVYouQfU353hfFS/3Xb6rhMeHZfE1RHpBYFAJ1M Wy28zZG5bPZt1onk9/poqsl3bCz9MJwAblb0DKAM0mNAJRhbuJRLuk+05o4QOWWDVj1XV0zBVsc Gb6wfK1pXi659RDgJRTHcaheqojfgB3tTT7wlXv4p6rTxqDjwdJzc= X-Received: by 2002:ac8:5a41:0:b0:50f:b81e:c655 with SMTP id d75a77b69052e-5104bfece53mr147778491cf.57.1777909884502; Mon, 04 May 2026 08:51:24 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:44 -0400 Subject: [PATCH v5 11/15] target/arm: skip tag bit bounds check if MTX is on MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-11-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=5087; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=HMCENyYuzYOzcc9QE9JQvMCcTO5kh+qhX6EVpUZWlXw=; b=mQHiEfKFcAecsu5d/Vr2zsSJoPgIVb63ZtKogI6r+QxempCDNK7z4xnw8JRZOYkgskpTPqNnR 40Iqgb8TgFaB81NQOXKDRlOOSKZiJWBMqNL+KlTgT1YqZCZZdxI9UVw X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::831; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x831.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909908786158500 Virtual address canonicity checks should ignore mismatch in tag bits during translation step if MTX is set. This mismatch is checked during the tag check instead, in that case. Signed-off-by: Gabriel Brookman --- target/arm/helper.c | 6 +++++- target/arm/internals.h | 1 + target/arm/ptw.c | 29 ++++++++++++++++++++++++++--- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 18352bd186..0e70822d34 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9693,7 +9693,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, { uint64_t tcr =3D regime_tcr(env, mmu_idx); bool epd, hpd, tsz_oob, ds, ha, hd, pie =3D false; - bool aie =3D false; + bool mtx, aie =3D false; int select, tsz, tbi, max_tsz, min_tsz, ps, sh; ARMGranuleSize gran; ARMCPU *cpu =3D env_archcpu(env); @@ -9730,6 +9730,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ha =3D extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu); hd =3D extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu); ds =3D extract64(tcr, 32, 1); + mtx =3D extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte_mtx, cp= u); } else { bool e0pd; =20 @@ -9745,6 +9746,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 12, 2); hpd =3D extract64(tcr, 41, 1); e0pd =3D extract64(tcr, 55, 1); + mtx =3D extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } else { tsz =3D extract32(tcr, 16, 6); gran =3D tg1_to_gran_size(extract32(tcr, 30, 2)); @@ -9752,6 +9754,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 28, 2); hpd =3D extract64(tcr, 42, 1); e0pd =3D extract64(tcr, 56, 1); + mtx =3D extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } ps =3D extract64(tcr, 32, 3); ha =3D extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu); @@ -9851,6 +9854,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, .gran =3D gran, .pie =3D pie, .aie =3D aie, + .mtx =3D mtx, }; } =20 diff --git a/target/arm/internals.h b/target/arm/internals.h index 779eafabc8..d313d36603 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1407,6 +1407,7 @@ typedef struct ARMVAParameters { ARMGranuleSize gran : 2; bool pie : 1; bool aie : 1; + bool mtx : 1; } ARMVAParameters; =20 /** diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 4fdb27697d..4fa50d0320 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1931,7 +1931,17 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1T= ranslate *ptw, * validation to do here. */ if (inputsize < addrsize) { - uint64_t top_bits =3D sextract64(address, inputsize, + /* + * If MTX is enabled, bits 56-59 aren't checked for canonicity + * during translation, since they will later be checked during + * the tag check step. + */ + uint64_t top_bits; + uint64_t masked_address =3D address; + if (param.mtx) { + masked_address =3D deposit64(address, 56, 4, param.select * 0x= f); + } + top_bits =3D sextract64(masked_address, inputsize, addrsize - inputsize); if (-top_bits !=3D param.select) { /* The gap between the two regions is a Translation fault */ @@ -3492,15 +3502,28 @@ static bool get_phys_addr_disabled(CPUARMState *env, if (arm_el_is_aa64(env, r_el)) { int pamax =3D arm_pamax(env_archcpu(env)); uint64_t tcr =3D env->cp15.tcr_el[r_el]; - int addrtop, tbi; + int addrtop, tbi, mtx; + bool bit55; =20 tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx); + mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); if (access_type =3D=3D MMU_INST_FETCH) { tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx); } - tbi =3D (tbi >> extract64(address, 55, 1)) & 1; + bit55 =3D extract64(address, 55, 1); + tbi =3D (tbi >> bit55) & 1; + mtx =3D (mtx >> bit55) & 1; addrtop =3D (tbi ? 55 : 63); =20 + /* + * With MTX enabled, bits 56-59 are not checked according to + * AArch64.S1DisabledOutput. + */ + if (cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) && mtx && + access_type !=3D MMU_INST_FETCH) { + address =3D deposit64(address, 56, 4, bit55 * 0xF); + } + if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0) { fi->type =3D ARMFault_AddressSize; fi->level =3D 0; --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777909968; cv=none; d=zohomail.com; s=zohoarc; b=KnAjbswZ/2Af+5CTtAEcwXlUdnFPrU6qBPGS9+RDn87WeSv2zKFugfCgZsqhCwUANc8Arx7UMJOTVJLo1EBJSa0OdaKjkoSOL2cFf4SELyDeuoLTfW3y+Y+yJpRTCxbkfkTcdncq14eBVGBEt+0NbVB5zxbVFen1EfFUmUfRspI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777909968; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KsGoT0ZY/Rv32gk7xNMn1j9Shl8qcLertbKSdgPbnPQ=; b=I9GjYN2/w0rnV0yPCaw8/BkwrgDsrLMM5r4Y2cMBBd9l8KqFSQtXIobVysGhlZhxMqjZH3XrF64zthhMj5uaq04IrOqtxyMdKyAjqaFRT7JEeNXpYMfNmn9xY/pH79cEd+JWnbuj6q4FB3+gY89gRH8Fs3iyELz/lkcGrMsKDGk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177790996809955.724800101798564; Mon, 4 May 2026 08:52:48 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJva2-00013Q-H8; Mon, 04 May 2026 11:51:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZx-00010w-TL for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:30 -0400 Received: from mail-qt1-x82f.google.com ([2607:f8b0:4864:20::82f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZv-0006FR-HA for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:28 -0400 Received: by mail-qt1-x82f.google.com with SMTP id d75a77b69052e-50d6b9bca48so61862291cf.2 for ; Mon, 04 May 2026 08:51:27 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909886; x=1778514686; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=KsGoT0ZY/Rv32gk7xNMn1j9Shl8qcLertbKSdgPbnPQ=; b=ZzuGG8ZDueG/nOzu4oiFxMeOz/814xHu/advCcwzfGjN7n6wexJW3RbA5O1AvIJGUn e4gcHZis2eB3qUV+wSUasFCVtIfcxiVktD9q2Ld7GVLdE1xPX2ahywL6ccThoOgEhBMr KeFMvCp7Pz0R9LvA68CJheqhT2kkbm+Wz3dCf6HAR2HmNDKTFnNsAK+JeG3CjzTz5VsG u1SmSK32oWinJpGikYcVQ0oS1JOw/f3W4M6xGAzsYTdf0kWgbcyEYtFUO5jH+q6Jf/IN WAbJCsOiKzHft2CmVJ92SvEdovM9Eb2bdvQDB6B52G98T7WA3dkOI0g7c2/Jx8qKSYgw 0DHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909886; x=1778514686; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KsGoT0ZY/Rv32gk7xNMn1j9Shl8qcLertbKSdgPbnPQ=; b=q2TnlioiIcuvM0lhXhwcAXITsf0tOI53E48N9gixsx+PCCtyfXXg2qCerUPezTHmj2 STV5xc0G0kpxuVxgnDQAHpBQdQ01PmksqxaY8lbyNCyoZx1sozoLdY0TvLBjGLkgQemG PGO4bk58TcziEsMMiBsDtGksO/H2VkT6uFzEmSKkV+GC8NUBD7YMGYPbubJ476W9A1f6 48PESigvW+EesP6YdqWvqWJGH8K4oIQkU9wDuEjhpuJ/DyB0iiZzo6g+pwd98n6IC3Fs JG5eNAn1FSnj4KzFuBP2Ll+LkbvVwBaS58EQMs27/Mpe6ytqt7ZFHRhud7hiq8nnYZ6r a3nQ== X-Gm-Message-State: AOJu0Yy5T77p8N7H5F0drE/i14cUdIA3QOjDbJLyrJPAt4qScEnm0LxK S7vq2iCfF6KHL9OWZycWELgsB0pLCWJ7W5P324EHMvU4CWb78/yWxfCy X-Gm-Gg: AeBDiesfHm6iqULptuwqZkwV10JINZmktg2YKxXaGkAGxHZkdJ9XK4GVEEweT26kOAB VxO74PK/7vji65Ue56EX5P8WRXyRXS/z1uimS3Bmjo/hdH0YdCNOgFgLPn1NKi7+pxLJPKn0efa dCz2dS4hpNSS9IyrNwSkVMXNXv75+E1Eq/EXW4e/Zw0roJ7tgJ53RQDMTa4A9VrDrduTDnpL8Fq IessP1tLr+VrdRiJErtZPodMPtLyfdW4F+NYCRzF0VwPp0o7goSM+hpJMk47dBbrRZ1mQprHaNr /GzRUj89RPq8FhxVArIgss5aXkPfe7eJNkzRU9gY7vYZqXq9iI7vwVBz7UlUiePvUyO+oUmHzfq NQPiNUUJUUmwiQ4BqLAMryP2sb50h4STAy2t6cLQo2tj7BCr0OTUiB/6l82IUmFkZAP5i+owuxD Rb1GjHSc8x4qALju1L88Z9cAStLj7AYh2SbJ9UMIaqs235PIL7TZE= X-Received: by 2002:ac8:7dce:0:b0:50b:1adf:89ba with SMTP id d75a77b69052e-5104bf74fd1mr150008201cf.40.1777909886538; Mon, 04 May 2026 08:51:26 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:45 -0400 Subject: [PATCH v5 12/15] target/arm: tag is not a part of PAuth with MTX MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-12-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=3109; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=i7naSFKtsdz7oJ/mLAV3eXUKurGnggfA0UJX9vwXyVE=; b=beRiuMoGUh2trILB0UOertQUMc/zy6fknjcq7gSUZHgKun0WCnuuWwBVfNhaJW7+EirEeH2lY 1/4idKjmpHAD3FtHMGyqprB+YkcsbXSUDzwf8gwybtQgDXPwEG13OfQ X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::82f; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x82f.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777909970346158500 As described in the section on MTX, tag bits should not be used to store or compute the PAC when MTX is set. See also Authenticate(), InsertPAC(), and Strip(). Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 12 +++++++++++- target/arm/tcg/pauth_helper.c | 18 +++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index d313d36603..31b7e1c85e 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1809,7 +1809,17 @@ static inline uint64_t pauth_ptr_mask(ARMVAParameter= s param) int bot_pac_bit =3D 64 - param.tsz; int top_pac_bit =3D 64 - 8 * param.tbi; =20 - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); + uint64_t mask =3D MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_b= it); + + /* + * If mtx is enabled, second nibble is not part of PAC. See + * InsertPAC(). + */ + if (param.mtx) { + mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + + return mask; } =20 /* Add the cpreg definitions for debug related system registers */ diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c index 67c0d59d9e..3d83ca4c3c 100644 --- a/target/arm/tcg/pauth_helper.c +++ b/target/arm/tcg/pauth_helper.c @@ -342,9 +342,16 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, } =20 /* Build a pointer with known good extension bits. */ - top_bit =3D 64 - 8 * param.tbi; + top_bit =3D 64 - 8 * (param.tbi || param.mtx); bot_bit =3D 64 - param.tsz; ext_ptr =3D deposit64(ptr, bot_bit, top_bit - bot_bit, ext); + /* + * If mtx is active but not tbi, then the top 4 bits are replaced with= the + * ext bit, while leaving bits 56-59 alone. See InsertPAC(). + */ + if (param.mtx && !param.tbi) { + ext_ptr =3D deposit64(ext_ptr, 60, 4, ext); + } =20 pac =3D pauth_computepac(env, ext_ptr, modifier, *key); =20 @@ -377,6 +384,11 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, if (param.tbi) { ptr &=3D ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1); pac &=3D MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); + } else if (param.mtx) { + ptr &=3D ~(MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1)); + pac &=3D MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); } else { ptr &=3D MAKE_64BIT_MASK(0, bot_bit); pac &=3D ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit)); @@ -424,6 +436,10 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t = ptr, uint64_t modifier, cmp_mask =3D MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit); cmp_mask &=3D ~MAKE_64BIT_MASK(55, 1); =20 + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if (pauth_feature >=3D PauthFeat_2) { ARMPauthFeature fault_feature =3D is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC; --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910061; cv=none; d=zohomail.com; s=zohoarc; b=LBivhATwFIrtJP8NzfekvVubPOybCRLtSgzuYMcIWO99ZnmyRzxkwUklb3CBHCDm+lLiVFRtq7DVGfp+tgKuCeeMrELptrQdqGJE0YgatfNKqt0uZCdi27pEUSx7yNHbYqrrGxwOLV0ROb3V9EZujUfpOwTWEhw0Ud5nt67MHs8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910061; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=fcsOmpZrX/PB4J8Ay9Ryakibc7OzEVQmL+T3VZczfG6lEssr+DyoV/9TNU/w5+KbNgsOf0G1Wv/BhLUw7l3qZogaDtcE+IB08bRzNj1eU+u95svkM6Qf2DUSYQO6xR09MG2jXUQuQHCBS7q77aWpYl0fs/zt78HLuBdV/ypMvFI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910061010762.5277735537671; Mon, 4 May 2026 08:54:21 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJva3-00013k-6V; Mon, 04 May 2026 11:51:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJvZz-00011p-68 for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:32 -0400 Received: from mail-qt1-x82c.google.com ([2607:f8b0:4864:20::82c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZx-0006G7-JP for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:30 -0400 Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-5102582e23eso32561611cf.1 for ; Mon, 04 May 2026 08:51:29 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909889; x=1778514689; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=iFh/o4gC83Mi49x1ESK5bHJPE9qxs3HWdA827PVaH45rmjwEHCGVc+aQ5bHGY1DjYI u/LqDrmg5XLpxz8T6ovY4wTkWPtrLrBjNoEFLVeAhybaf6FLkKpoE4T9AXlIIeGYvRBF cgY8OZ+NSiX0r9QFXUBcCLbrq4kJznxf0SugqV+qXlVu5Vn+xhlA/iVv5+AJTELxs2dC kvQuUgTBC5i16RhDF8TaY/Br0/DX2hraX9JgUzdQ52GYhuD0dSNVzEGykkwFRmTR9ygO 10z1+iL5ZDVplexYeFkT/ZBEjsIRCQNR5M7n4nbqfPKng/iy/X+HfRcaiRcsTcouoO3k TaFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909889; x=1778514689; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=LNbxcP7Uyy73rCVWtU99tEeXuVnyNd/878QLa7HOsW+rkemVwsEmV6bDpFHGNHboW5 Rz9dzlXdvwG6RXBpvwjZ5p2m75K3ZJFnfYrXzblg0FjlkxGgmNoPf+eWbNr9DNUu7Z0j i3ftrHK64dxhBvrKG9q+A0abxH37QN2Ctw0wSXo58/7kXsQiBTFwGQ12K6gsu7aAB/op 20VgRNxwdkLjos7QsMMBfI9eo6DnEd6KWoEVkZII7umSGaugdK6GWg4+dph5ob35T3qn JyXfdtqv9eBOHvfRosMGsL+CcUznZB+piocbKtxYXVVU3MdHdc2rYfIHS9Fhfis3ZwB9 u7hg== X-Gm-Message-State: AOJu0Yx3V3mnYnPUuWPpmGGcg+/jT0XmJzgn9zCZtBG3U8g7KDgGctb8 RYkhpijl8EQFl/C1nYrb1GEsZJE7rUZIZSlB4A0jAVx28dAa+ymUEdec X-Gm-Gg: AeBDietoiHhxFM6O2zG1LzerHHhezoyKkV99p+EFxwzYDBrQFcV4os6sskcDQtUIBgY /y3eNPxkVFlg9+B4CrVKKdcujW4P9ZKS/N6cO8KxHwZpoSCjj+ZnrxmTJ6K8O3DeFlFRZwFrUkn dX+vi1cWhWF6a2BPu9Krm2YoFMU8IFuB05S0eUJAQbntqCput+rUo2R+vR23bVLgHRdpA5DPbhG T1iqGbg7VA0UhM5QhaV2A40afb8uPzWrOPOrf8iqiMS+e+DCfGSvAvs7tUwfqaUDwX8HpeYv8l9 hncdCijD1j6Ls6Nczmb5qIj/LRAYZs3s7QDNUsQ6NUsGP823a2hf66tWjEmT4FijAJrdCsxNmfb rqSvqUO4zlF1y+O2EPvPx7KhiDeXuJgIscY4bSYMdyePSr/THG6uXXJ5EPBbD2F43/cbZFfzGLh QmTtyqGAC9FOGldrSSdo6aLvXnYGG4rsZlvf+vAZK4/vdhnzBWn8g= X-Received: by 2002:a05:622a:1791:b0:50f:bb01:985e with SMTP id d75a77b69052e-5104bf5260fmr141311151cf.48.1777909888556; Mon, 04 May 2026 08:51:28 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:46 -0400 Subject: [PATCH v5 13/15] docs: add MTE4 features to docs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-13-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=2273; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=ztIDgqfeOPD6qpIxmbbcUcgA0mWZp1FYw4KgD7jsfWo=; b=6hu7QtbwsuzHsPQ9mzvo7Wcu6EOt3HoS8T9hC/HqJc67/1XOstwfK8gvMRWOMnYYoXcrt+7wS PaNhj6S4ro5A1jivBZmouqrVDIbsnL6EMC8C+zUHRITgqLNIKH+dZ27 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::82c; envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x82c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910062790158500 The implemented MTE4 features are now present in docs/system/arm/emulation.rst Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- docs/system/arm/emulation.rst | 5 +++++ target/arm/tcg/cpu64.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 8cd7fe7b00..c660074ec4 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -111,6 +111,11 @@ the following architecture extensions: - FEAT_MTE3 (MTE Asymmetric Fault Handling) - FEAT_MTE_ASYM_FAULT (Memory tagging asymmetric faults) - FEAT_MTE_ASYNC (Asynchronous reporting of Tag Check Fault) +- FEAT_MTE_PERM (NoTagAccess memory attribute) +- FEAT_MTE_TAGGED_FAR (Full address reporting of Tag Check Fault) +- FEAT_MTE_STORE_ONLY (Store-only tag checking) +- FEAT_MTE_CANONICAL_TAGS (Canonical tag checking) +- FEAT_MTE_NO_ADDRESS_TAGS (Address tagging disabled) - FEAT_NMI (Non-maskable Interrupt) - FEAT_NV (Nested Virtualization) - FEAT_NV2 (Enhanced nested virtualization support) diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c index 649d854a65..77b8c2a0a9 100644 --- a/target/arm/tcg/cpu64.c +++ b/target/arm/tcg/cpu64.c @@ -1291,8 +1291,16 @@ void aarch64_max_tcg_initfn(Object *obj) t =3D FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */ t =3D FIELD_DP64(t, ID_AA64PFR1, NMI, 1); /* FEAT_NMI */ t =3D FIELD_DP64(t, ID_AA64PFR1, GCS, 1); /* FEAT_GCS */ + t =3D FIELD_DP64(t, ID_AA64PFR1, + MTEX, 1); /* FEAT_MTE_NO_ADDRESS_TAGS + FEAT_MTE_CANONICAL_T= AGS */ SET_IDREG(isar, ID_AA64PFR1, t); =20 + t =3D GET_IDREG(isar, ID_AA64PFR2); + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEFAR, 1); /* FEAT_MTE_TAGGED_FAR= */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTESTOREONLY, 1); /* FEAT_MTE_STORE= _ONLY */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEPERM, 1); /* FEAT_MTE_PERM */ + SET_IDREG(isar, ID_AA64PFR2, t); + t =3D GET_IDREG(isar, ID_AA64MMFR0); t =3D FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ t =3D FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1); /* 16k pages supporte= d */ --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910053; cv=none; d=zohomail.com; s=zohoarc; b=DM09hsUtT7+l+RhbWJzADcUC/aGoJxzFxqNuf7vbmO7TXzhgaGCxXeSClev/ZEPDN77OJHrSailkERVsZltpcXhGGgfFoJgNePUo8CSqU93UQ1iSkKu2nX/AkNjjNICKWJ/dua4i8hMuOwpryg25+4Pevxbe30CXyMSlK4xLJVA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910053; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=UlN9RrvVvlueFL2Y43FL9XGjAyyk9yJk5lv6VyEqtB6+nOh3glUPphITz0mOOT9hg23T5MjGzFxHZPzha0aPsf358+ZJ7Kwbjw3Gf/MuAQmGXekccXE33rgd+qe8aI1pm8briB1i/BGTbS2xl2EaUJx9OsV2lko5Y0mb8LtVBvI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910053653708.6554458219899; Mon, 4 May 2026 08:54:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJva3-00014U-GH; Mon, 04 May 2026 11:51:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJva1-00012c-Cw for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:33 -0400 Received: from mail-qk1-x729.google.com ([2607:f8b0:4864:20::729]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJvZz-0006GN-OX for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:33 -0400 Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-900fa9f178dso191366485a.1 for ; Mon, 04 May 2026 08:51:31 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909890; x=1778514690; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=fO3m9a+t/HLeev320Hpgi63nhC672ysBTnDAjBA6qvNix/PVpFgTMA1Bp7kZ5v2dSv 1/MXmo3j59xir6gPT/kVC7WQAM7f1TOcZVw/YJ8z7D8hccccFnkEaCAkvNAL6N97AT5o O1K6k9hvx6Q/9ihK92kPQ8clHzIHOmQ07bef8grMqAcOUfzROjQbbau8jOqzhAFyfOc1 B+MEqiTgzlOjK3VuRJzUAN+yiVKievTf1Ul8iqSMEmEiOxuNVSK+c/rPY9pDxIbx9l8G Pl5KKaav50ed/gRslk0uGPTZYO/mqFsyPsOINV9qyoCpACiF5NQtV9uk6hvtQRfI3zAU tMTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909890; x=1778514690; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=Bv0V/5s7Zg43Pg0/iXi0J+qsvcpdPOzpHUaJWe8YgUgarYWztC+OGvIttSWG+ubmiH wPundfTJvinW+/rC8F0ZcfPTYUHP7xuOwNU5D+muV2R+9ocOG/RYNbChDTD/yTrt+Ea4 hJBAdHTXHz4E8rxKUFc1T90R7eXhHKh91NO+7jyKPRJDmWPzFgv69ynIbwsC+8owrZUy FKVbRkkmIvgRKVWEMGoMsIhDmOANnJenbKaHYd4QAGqlvjmQ5Tv3pz2/ohKbcfnyOx/z Byxe3GM2ubq4OTDz6AiSFvZ925kPqav2IvC156RnjlDQ20kd7bCu0Pj3rmzIJ+/147rU F2uQ== X-Gm-Message-State: AOJu0YyK9HlwSIHevygNJ/gcvkS4rcsuuf5kSJt0gwNa+73S1wrVFDum hu15eMIEdAw53Uy2EU2JC9hBhB1OHnAAySDoKlojh3I5VLJf3MgrKXuvILa8tjiA X-Gm-Gg: AeBDietq+uhTuXnIRS5Bf3KH3KDF9SjT4ISfIu96ggUvJNqaCNpJrrl5b3pHiRYlZ5M wq22oLMWn2RKZzQJEm6UV4LYabrlqhE87Bg4XuLy8rqojhI3Ya84r4AyJMsiXxes8h2ovhPMoNd roQ5WGwxBrCj3aaUeOKuwR4HSUJMl8IHGoiBV5dKwC8UO3Tqyexq7xwPXFt4+s5Fa/9sop1PWv0 6u8crPh2vNHL3DvxDiqJ2Ca4yfOMeSecFa+q8FgRa7j8kwPd6N9Q6WrSujZXQ1A7B3yHN3gacs2 CFhrK4+2Q7QMeAniYXhF3kQRgL1PPFmhkkF7IrEPQrOmsGpn3OjRAJU7ZBZa2NfbEoUeP1i0txE htd3i/PvfXikev7JG6d3u0BpRmfguwrwujsSkqL4PAa3dnF2kfQ+5jKJZjj9YvhEVUlhvmVExB+ lyrG/bCaV2WE9vgQgC/fv7reIA3bStvVLhppcCet5amkeRdgr4i/Q= X-Received: by 2002:a05:622a:30a:b0:50e:5c31:5d56 with SMTP id d75a77b69052e-5104bde5513mr149947601cf.6.1777909890237; Mon, 04 May 2026 08:51:30 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:47 -0400 Subject: [PATCH v5 14/15] tests/tcg: add test for MTE FAR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-14-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=2355; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=t9UKuOxOMkff21yBSwiqqFvgFWXDPNIeJTAexYT0IVc=; b=VvH0Dw+EA0dM1al44fe87BzYHM1c7TEalnO+8csbUNT90B88V4p/ES2x2ERnZPMq6TF4JfASw 4U72rhH18ycB7pUM2h8Mv4ya+L96lnMn5ruW5B0W37hmyCyGx2Ir9Zm X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::729; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x729.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910054747158500 This functionality was previously enabled but not advertised or tested. This commit adds a new test, mte-9, that tests the code for proper full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx report the full logical address, including tag bits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-9.c | 48 +++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index 9fa8687453..b491cfb5e1 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-9.c b/tests/tcg/aarch64/mte-9.c new file mode 100644 index 0000000000..9626a90c13 --- /dev/null +++ b/tests/tcg/aarch64/mte-9.c @@ -0,0 +1,48 @@ +/* + * Memory tagging, full-address reporting. + * + * Copyright (c) 2021 Linaro Ltd + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +static void *faulting_ptr; + +void pass(int sig, siginfo_t *info, void *uc) +{ + assert(faulting_ptr =3D=3D info->si_addr); + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + *p1 =3D 0; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + faulting_ptr =3D p2; + *p2 =3D 0; + + abort(); +} --=20 2.54.0 From nobody Sat May 30 18:34:27 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1777910015; cv=none; d=zohomail.com; s=zohoarc; b=aqGtKZ5nkKEU+/F270YCu4xKTkqYK5wSqcyQQGS7rX0BvHXHIMf5PF1w9z4c0bjqPSbqg7XOCrC7wwF62KzO631QBGdMoHNnhsnKLndX+hGL58Zdqpr6O/MwOuSNjqPd83Qmcy+sKVdZBKaMRrbznYYNY4EebQn61N8uo0eDSYE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777910015; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=J6WjpccribJmZXQ07FaFoAuJPa3K2b+EgQfeY6nnOHxY+dgE65zh6+KcTUiTEu7KFY1YZ9Go3QBzQlgDiMdMimnq7DXvkGJew7p1ySVXRhg2nMCI88KEIXXT4JHihAYjfw6uk0b8vZW3qRdK7axv+vIg39gU6RvZ6joo9LoGp9U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777910015959523.513714217194; Mon, 4 May 2026 08:53:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wJva5-00015P-2f; Mon, 04 May 2026 11:51:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wJva2-00013R-OC for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:34 -0400 Received: from mail-qk1-x736.google.com ([2607:f8b0:4864:20::736]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wJva1-0006Gk-5M for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:34 -0400 Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-900fa9f178dso191370385a.1 for ; Mon, 04 May 2026 08:51:32 -0700 (PDT) Received: from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2026 08:51:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777909892; x=1778514692; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=BuLTDv24yql2lSBBw1H+RfdCGj0LLfS0qiFcPWwotyXciKvRpOwzJCWcvnVX9QdmMe Ivtg932wCAjf3n9ElcIcLY2/SJNxZgyWtgtQCA8GLlXhVxVGGj5jA1kGUEu0lS2Tird9 m5SQLv8J/ONkXPnBBmZwsA4PRa9+zLQWHZJSKAD6gGu4uL7fe1Qp3M8yozZ9Y3CofR67 myw4weFitiBztc4q20q0meumYfcxj+ag8pIP71uOix3CCY3hoPDCUwYbZ5cv+zpUIGxb 0CzoWW6721x5IQ9atZFafPUo23CRzwDCaoqVv1crUGk/Tmz4BYBk50BK/KlPrPC2lT3h nOMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777909892; x=1778514692; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=lzE7WeN8hHKoLTNhrY/pEI8CY4Ny/nbpXdU92tfiLSsjoFTisvCuVGn36cdA3P7Xje YQ2It0K4Li38bNlc3otpOidyon18pYiK2dh3J6qjqTzQdjAQCMhbY+EOsu1pNWem9bLt a9WxlfhvHtrhEwe8bPu0RdsFB6aMieOTV9ANZrplxu+oJwon7N8P1rwF8qU9L/BnFKHv jNPM+gXr1E1ymQrtkCiWjg7ZFGuEIKVnDCoXAn8vi0ZVLwv3OZ2lG1/Eigs6GdSWom7G 6ef8Cg7Pacj9JVX/6/Yr1sN4V/v8jQQSssLEn8Ju9uuBQn6mwaiEMT31gI0WMA3+yb7d DM0Q== X-Gm-Message-State: AOJu0YwHU4hkaT2AI5IH6i0dhDIbzGInIWWGJlWOkxvNB8rfHpEskQU8 mPZhCqfW97NP/xTNbhK1i3yJdLYGjN981sEBVZ3b1eOvJrcQ7YHZ4Sh6 X-Gm-Gg: AeBDiesu1hYkv/memK7ozG0AzJYsQfvON4t+3YgrDtdt91E6r/b3Z5tlfUaTARI6zwo VSt6Fe1Xo8buBTqHnC88Oru61atmqnwaUk9wezjTO+P+aZKE6IwKiKQWpwoKiJLC5pEKLHMHkXG V/vjAOCpJGPWVYlIWbUJWJ5X2Lnjm+whu12T0Li1vAXvZh8drqEBOltF51greOsZW4lMUUzXH1C A4BhGeIgN+pv4+cLbuodx2sAJmsDPlR40gJiZjCcuebkjY/AD9L4HjXo3uLingKnVEDYTlAkZza HL93KdRke5n/3U0cog8pmjoYS28Y03ofjxuiOnKh9oOmyeu37r+ONGmzAAWp2Mj4cZK2tXZDQeF JdWMa9GKgS+pECoDQH2fXZIlJU3H0flHjZsUujfV1QutOsPh7EmWfkz+NGap1xx1TnLGASdLlyj ik4wd927ifKnBZVeVNYbbH07vC/2cje1PU++SBxUaPtkvj1BWfwvE= X-Received: by 2002:a05:622a:208:b0:50f:b81e:c663 with SMTP id d75a77b69052e-5104bf2cc57mr147276451cf.40.1777909891781; Mon, 04 May 2026 08:51:31 -0700 (PDT) From: Gabriel Brookman Date: Mon, 04 May 2026 11:50:48 -0400 Subject: [PATCH v5 15/15] tests/tcg: add test for MTE_STORE_ONLY MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260504-feat-mte4-v5-15-232a648e63c6@gmail.com> References: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> In-Reply-To: <20260504-feat-mte4-v5-0-232a648e63c6@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777909867; l=2991; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=mAwPuGJQelulccRrIcbbltCeg9NHZ8EE7GZcbX8aqAw=; b=Sqpq09fEtblXyJ18AAhCaSO4jIAAdZ0t/rwE+imXdahW0euiZhu1Vhmt1ANRknj7iakgqF0mg 7jACBhixnvKBTazCr8APVXrnTBHbGHjg05wphSrsxmYa1/nmFlULgoN X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::736; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x736.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1777910018413154100 Added a test that checks that MTE checks are not performed on loads when MTE_STORE_ONLY is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-10.c | 49 +++++++++++++++++++++++++++++++++++= ++++ tests/tcg/aarch64/mte.h | 4 ++-- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index b491cfb5e1..6203ac9b51 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 m= te-10 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-10.c b/tests/tcg/aarch64/mte-10.c new file mode 100644 index 0000000000..46d26fe97f --- /dev/null +++ b/tests/tcg/aarch64/mte-10.c @@ -0,0 +1,49 @@ +/* + * Memory tagging, write-only tag checking + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +void pass(int sig, siginfo_t *info, void *uc) +{ + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC | PR_MTE_STORE_ONLY); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + /* + * We write to p1 (stg above makes this check pass) and read from + * p2 (improperly tagged, but since it's a read, we don't care). + */ + *p1 =3D *p2; + + /* enable handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + /* now we write to badly tagged p2, should fault. */ + *p2 =3D 0; + + abort(); +} diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 17b932f3f1..7093b93dc7 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -40,10 +40,10 @@ # define SEGV_MTESERR 9 #endif =20 -static void enable_mte(int tcf) +static void enable_mte(int flags) { int r =3D prctl(PR_SET_TAGGED_ADDR_CTRL, - PR_TAGGED_ADDR_ENABLE | tcf | (0xfffe << PR_MTE_TAG_SHIF= T), + PR_TAGGED_ADDR_ENABLE | flags | (0xfffe << PR_MTE_TAG_SH= IFT), 0, 0, 0); if (r < 0) { perror("PR_SET_TAGGED_ADDR_CTRL"); --=20 2.54.0