From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508283; cv=none; d=zohomail.com; s=zohoarc; b=bHsP9oBFzbuW3ponhU6uf8jbVvATLgWYumMQ4XXaRdAC9sFZ472WlC/7/obh/Be7DsnyGacj0tkmy9lOcdT6cD4ZDQ5t2dVg5pGwahA/iWhqlNuuQ85kCzRcvRwZnf7+kpHr8a/dhUcHwyar4BU6vyWz9x5zt8VLk8amfRlUmjw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508283; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=vi5YnuogD6cXPtMTTKIaqxfua66dFwZmc5GgDLqxixU=; b=HUgm7h28AimoY/ROyJT88gu2DlLDlBo3q3hnosHeVNzvjVbOP6iQuUoofXnvButU7VDUZrkcbvIEd+mSP8ehYFNe3xe6znwO4PF4wXMJqr7FOl9vyvjse7swfF4MaZZ3VOUE3jlhm6UxBFX2NvIVsvnFfOgv6US0Cn2mo2rJpvY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177850828315898.22100088337345; Mon, 11 May 2026 07:04:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDO-0004ML-Cv; Mon, 11 May 2026 10:02:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCA-0003xB-V5 for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-ot1-x32a.google.com ([2607:f8b0:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRC5-00061i-Ta for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:16 -0400 Received: by mail-ot1-x32a.google.com with SMTP id 46e09a7af769-7d55b97f358so3102541a34.3 for ; Mon, 11 May 2026 07:01:08 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508067; x=1779112867; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=vi5YnuogD6cXPtMTTKIaqxfua66dFwZmc5GgDLqxixU=; b=q2mr9Xwbqipzy6mz1hEtKix4gkZqsyDdoswjzPcm7gBG3D4UKER8gMcmOvN4MG+HPB t8R/LIpqyyhMgvTC/DooVuvX8B5r+JuWyLyKvKqbIRIUlBIISfj2pgp49eA9T83hXBH2 8ADx69LlcxDWXizR0iIhkQnJ4YktZ/k9zNqcZuZOwEf3LK5WADO/kUzgVp1sllh1rCKm fRGfsUePLhKrbqxTjU2TXv0sPHfiMNYTjsHlt2zT5EXzrmVbNi5VTSszVmPShGbLtuYu YMtiZhGeYcO6l1edUhVntt7BMuMgbBSf/xsnsfR7ATrETsA25o6jhcLcuefnjMKno9uk AkJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508067; x=1779112867; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vi5YnuogD6cXPtMTTKIaqxfua66dFwZmc5GgDLqxixU=; b=AHnXL/JzSuJLbaNXrHxXtjznDe0K6BTvQsinNj3lJMHypy5P0iEtfrJgja/GTaOzHy gZr89zBgcycURviEvM2OHDXQsm8DLDcDu/m1rPR5/OCeuck0pgvjTtiEFrM3Cq4OCmP2 nCg39vhuk/pVNmtMqwwWagxUDLPM05nfu3w6Jh5vf9CLqpkWuAxQ+nGQMoGTHSWf17fw 3k6+cpMD6xl+R8LPEZH6IEoqpgQq9U4qdtQhtTTn/PP9yezFtVzaSAnLVYw9e0yRfXCH 8PAj4txAT90Tal6y1CGMAlDL43zjwj7mQsgxXad2UgGWFoUXtW1fZO3Gz3tutFwHX3mD VBPQ== X-Gm-Message-State: AOJu0YyWQq9YJ0E4frjhcHz5RvaX9FmP1Q+PAiP2rv4+OmFxrfEnEN8P GN6UU05t1Rd8yA97ArkjnZbUG/a+TsQGsNTuA1X0bBV1RmFenEj3NmvE X-Gm-Gg: Acq92OElIkB8rJIpSXEAkOgfmrqhinkg3SO1ZQXkU/2rW2e6sTkV25f+fs5dXWG+spg iuA831CJ0q9tQRaL/EIJoOTCndvisvgtUEoC4lsGbM9DCPqW3AYjx+K93HFjNHvIvMWgyqn8jXB SJUvaEL/mFKoWm29SCdWGh+h8O3HSDEUmVEGaxRUZT01ja8CRTXxegT3y1kk34P5UpnTNSUv6O+ soXhqRgBOxJse9+lKGOsOyV6zdYqzC2tOhD0Ykke2XuRwiJ07RJRk/d0cdL20O0AE3ePvSRrAGp BGbFGq3S1s+F3j1bmeXjEIDXgPRJ6oUT5jESNudtLouyY6kflyQiyu82uw2329ALDTGrdm78nvS 3eeb2YvdpKj8O0h4BSSkJTIzCn9d2ef85eZoXSSjsvVEs9Pd0J6jO9kUO+CVPPOa8uyAgnke3id yWGk5iJ7Tw1Apr3MwJ3lDef0o5BIPwICUR7K7K+VbO X-Received: by 2002:a05:6830:2b29:b0:7dd:72f:7fb6 with SMTP id 46e09a7af769-7e1df074314mr14993882a34.17.1778508067174; Mon, 11 May 2026 07:01:07 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:00:59 -0400 Subject: [PATCH v6 01/15] target/arm: implement MTE_PERM MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-1-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=4753; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=cUF7iZCkqYqpL8FP/9DkkMtDVlwBF5CQVxj9BrBVSCA=; b=LhIKgJ9lPjj6LKZdzZTejw1mr3lS0i3KWVHCMC5jaBavyOxpvMaTav61KA8tOj+qAsMPImjIT tkLm8TTfo6TCDBRsjMnRBKIBDUQqzqNXMrDigYuUOI/R4fW20qMSRqo X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::32a; envelope-from=brookmangabriel@gmail.com; helo=mail-ot1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508285163158500 Introduces a new stage 2 memory attribute, NoTagAccess, that raises a stage 2 data abort on a tag check, tag read, or tag write. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/ptw.c | 25 ++++++++++++++++++++++--- target/arm/tcg/mte_helper.c | 38 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 88fe3ed287..adfbdb9da5 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1157,6 +1157,11 @@ static inline bool isar_feature_aa64_mte3(const ARMI= SARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTE) >=3D 3; } =20 +static inline bool isar_feature_aa64_mteperm(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 316e201cfe..467d815e0d 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3414,7 +3414,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ARMCacheAttrs s1, ARMCacheAttrs s2) { ARMCacheAttrs ret; - bool tagged =3D false; + bool tagged, notagaccess =3D false; =20 assert(!s1.is_s2_format); ret.is_s2_format =3D false; @@ -3424,6 +3424,18 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, s1.attrs =3D 0xff; } =20 + if (hcr & HCR_FWB) { + if (s2.attrs >=3D 0xe) { + notagaccess =3D true; + s2.attrs =3D 0x7; + } + } else { + if (s2.attrs =3D=3D 0x4) { + notagaccess =3D true; + s2.attrs =3D 0xf; + } + } + /* Combine shareability attributes (table D4-43) */ if (s1.shareability =3D=3D 2 || s2.shareability =3D=3D 2) { /* if either are outer-shareable, the result is outer-shareable */ @@ -3455,9 +3467,16 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ret.shareability =3D 2; } =20 - /* TODO: CombineS1S2Desc does not consider transient, only WB, RWA. */ + /* + * The attr encoding 0xe0 corresponds to Tagged NoTagAccess and is only + * valid with FEAT_MTE_PERM (otherwise RESERVED, constrained + * unpredictable)). The presence of this feature is checked in + * allocation_tag_mem_probe, where Tagged NoTagAccess has its effect. = See + * J1.3.5.2 EncodePARAttrs. + * TODO: CombineS1S2Desc does not consider transient, only WB, RWA. + */ if (tagged && ret.attrs =3D=3D 0xff) { - ret.attrs =3D 0xf0; + ret.attrs =3D notagaccess ? 0xe0 : 0xf0; } =20 return ret; diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index a9fb979f63..bf35dc10ce 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -58,6 +58,27 @@ static int choose_nonexcluded_tag(int tag, int offset, u= int16_t exclude) return tag; } =20 +#ifndef CONFIG_USER_ONLY +/* + * Constructs S2 Permission Fault as described in ARM ARM "Stage 2 Memory + * Tagging Attributes". + */ +static void mte_perm_check_fail(CPUARMState *env, uint64_t dirty_ptr, + uintptr_t ra, bool is_write) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(0, 0, 0, 0, 0, is_write, 0); + + syn |=3D BIT_ULL(41); /* TagAccess is bit 41 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, 2, ra); + g_assert_not_reached(); +} +#endif + uint8_t *allocation_tag_mem_probe(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -117,8 +138,21 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, } assert(!(flags & TLB_INVALID_MASK)); =20 - /* If the virtual page MemAttr !=3D Tagged, access unchecked. */ - if (full->extra.arm.pte_attrs !=3D 0xf0) { + switch (full->extra.arm.pte_attrs) { + case 0xf0: /* Tagged */ + break; + + case 0xe0: /* NoTagAccess */ + if (cpu_isar_feature(aa64_mteperm, env_archcpu(env))) { + if (probe) { + return NULL; + } + assert(ra); + mte_perm_check_fail(env, ptr, ra, tag_access =3D=3D MMU_DATA_S= TORE); + } + /* fall through */ + + default: /* Not Tagged */ return NULL; } =20 --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508259; cv=none; d=zohomail.com; s=zohoarc; b=ET51YFLbBDfxdxHUGtHIuHwhNcapLe01qYLD9r+UfyHheYH7A90QB2Wx7HdOzyvdFRC/NAnPfJ5aLryqn/smHmD4qamf+e8wYQ4tFFYaBahijMykUaO5TNTbvRijWGu6QybG/KZ4Nz5tT2Hl/UQrBYxms8Z1GkicXwA8k2wq8Vc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508259; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZautLnPHryaA/jKUrfP8mXFUci45WTSiLLQtx4NmSrY=; b=RCRnTggYV+ceIEgqNWq6zBV4LY3qW7C2O4KXuGesTWpJ919jRCFOKDwuJ2MZ+wDt2SHa3ZOc8HYvK0hwU/4FXfDbnyuCRlMGbpwuGWqyVOgR0sfdGxXCIhOAOAD2DkiDuy3Xl4GIuFuyBQUVCu3dtPAjT+Ka3Y5sSSkEWhCOZ6o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177850825952910.666366531400854; Mon, 11 May 2026 07:04:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDc-0004xT-Ml; Mon, 11 May 2026 10:02:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCj-00044y-0w for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:54 -0400 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCg-0006Gd-Qb for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:52 -0400 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-899a9f445cbso40887366d6.0 for ; Mon, 11 May 2026 07:01:48 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508108; x=1779112908; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=ZautLnPHryaA/jKUrfP8mXFUci45WTSiLLQtx4NmSrY=; b=i/2BSyLkvud2HCRrYkhYBdTX8ojOFoLK/MLGuMkLLTU0yVqak3P+5vrj3OPNKK7O6o LE7VvFWAtmG6Dj6Q8w1hP+czbXgoiF6mooBxeKPf786kC/OwrFnvVNfxVQMn4M3R25bS V5FFpz7EKIsYx9M807PByN39TnYK5bz8UqoMMPuWABSNaRfqtlGmsNQwRg2WzRwNHgMe 0EvpU20V+KPeqWFP+QmsVjFR19T7c5vf5JRVStO7hvRWyyHuYA1Y60n05OtZ2OmcfQm1 WKU7sjZX9zGYUAtaMkHsQkvwgNAX2tCJY7fPgv0GgnGzhsG0vCTqaG+EhmgnSnpomp9K ly5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508108; x=1779112908; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ZautLnPHryaA/jKUrfP8mXFUci45WTSiLLQtx4NmSrY=; b=RG3K75X5zxu6PPxJ0DmaewQqv4wft8al8DaSx+p5a0GVRmsLvvpikcnxCslHNqSTrz 1/6+pawHik8lPJocPebQwqkYuFsQtzi/BrobTdJ5jN4TC8GyzFUEQhahSiDXmX8p44nc A7+V6ajJkGSvu/S5ivaWR1BoidB9eXPFTF7Kksbg5H9Zd1WTuE21O66jFlxcXYq/rhj5 kip/MkDLPBo8mVcvwrXKT632eH1txFSyHhqR4z6B/30XI2itv+/E8tOiBMt0zE/NrOPc En8fF3KroHK4I8KAJy+hRSrWTmDT9nq2LcK0v54yJA6yo/JaBoIBFaUTmsbMnkvL4i3I +R0Q== X-Gm-Message-State: AOJu0YxF2BWQ8Le1t+Bw4WfN4g2Pq1wcTifwyYfgW+3rcyEwxj4sdX3N V63onWGA5xJKK1EnlnSYoKOXIEiXJxbcn9sZus3KTOLBAxrgJj6DeupLYK9+8lip X-Gm-Gg: Acq92OFTAHTAUMb9l7gBCGSrJBxSusHWSY/37Ng4fUCTg8o8ubxsocjdvBLDk/IVnpA CyGY3JB8F2byueNY57SfdFE+n3XpLYjngPN609mj2kX0WbJZ4LlZRgkTr5ncn3NhY3byNiCQWYq nlpPYnqMeU4rM0PnRLBn1/yySKfZ8CAk0dPWjR3oEiY88Fy+9K/c1gYLfNsXt6yrxa2tTVt/aVM 8w3teBIC9PXE9elER6iX4eAYYdXZpo46Wa+0QSAWjS3SbRWk4myeMNXr88/Itg4p4MIuNydrm2k bV2Paz+F+JeWv9fT4hBNDotKWdtwtnbWoY9nbHwkKju5L7y6r2r2dMO+XF8rcrJxBCme3a49MLh umi9QtHJ6TK2nnYE7MVCW6WXDfSjyUZPojUXztjTfIclQbp3QQiEvJV2v0lcAN4qHNKEcBYjJka KKKCCKhcchIeZ5cj3DksY3SS/5N9UygAQG1cdHIDeG X-Received: by 2002:a05:6214:5191:b0:8b3:fb6a:d370 with SMTP id 6a1803df08f44-8bf439e6847mr210452656d6.37.1778508069177; Mon, 11 May 2026 07:01:09 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:00 -0400 Subject: [PATCH v6 02/15] target/arm: add TCSO bitmasks to SCTLR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-2-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=3108; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=HVuaLMgdUOpxnq+2cYF0+0b5kRwVlj12trfanpWc6ok=; b=sdlNRhSmTlYI0QMUHF5l2yMMfpBKCLHckm+rwHukL9nNpY6DeFlsX7xoR/Bbn1vKjAfYLSpcz b38Xt74bLNoCEUFo4PMR7XqwpA3ahDJ9w8mjzMD3Y9K2MOyrWzMSbwT X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f2d; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508261793158500 These are the bitmasks used to control the FEAT_MTE_STORE_ONLY feature. They are now named and setting these fields of SCTLR is ignored if MTE or MTE4 is disabled, as per convention. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 2 ++ target/arm/helper.c | 20 ++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index adfbdb9da5..8ec8d9a2e3 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1162,6 +1162,11 @@ static inline bool isar_feature_aa64_mteperm(const A= RMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; } =20 +static inline bool isar_feature_aa64_mte_store_only(const ARMISARegisters = *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0b9755533b..0894a050b1 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1477,6 +1477,8 @@ void pmu_init(ARMCPU *cpu); #define SCTLR_EnAS0 (1ULL << 55) /* FEAT_LS64_ACCDATA */ #define SCTLR_EnALS (1ULL << 56) /* FEAT_LS64 */ #define SCTLR_EPAN (1ULL << 57) /* FEAT_PAN3 */ +#define SCTLR_TCSO0 (1ULL << 58) /* FEAT_MTE_STORE_ONLY */ +#define SCTLR_TCSO (1ULL << 59) /* FEAT_MTE_STORE_ONLY */ #define SCTLR_EnTP2 (1ULL << 60) /* FEAT_SME */ #define SCTLR_NMI (1ULL << 61) /* FEAT_NMI */ #define SCTLR_SPINTMASK (1ULL << 62) /* FEAT_NMI */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 7e7677a584..ddf44f4306 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3274,12 +3274,20 @@ static void sctlr_write(CPUARMState *env, const ARM= CPRegInfo *ri, =20 /* ??? Lots of these bits are not implemented. */ =20 - if (ri->state =3D=3D ARM_CP_STATE_AA64 && !cpu_isar_feature(aa64_mte, = cpu)) { - if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA); - } else { - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | - SCTLR_ATA0 | SCTLR_ATA); + if (ri->state =3D=3D ARM_CP_STATE_AA64) { + if (!cpu_isar_feature(aa64_mte, cpu)) { + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA | SCTLR_T= CSO); + } else { + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | + SCTLR_ATA0 | SCTLR_ATA | SCTLR_TCSO | SCTLR_TCS= O0); + } + } else if (!cpu_isar_feature(aa64_mte_store_only, cpu)) { /* not m= te4 */ + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~SCTLR_TCSO; + } else { + value &=3D ~(SCTLR_TCSO | SCTLR_TCSO0); + } } } =20 --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508166; cv=none; d=zohomail.com; s=zohoarc; b=cEsU7d+Fiw04EpemFYP0DaCkmcjBv6rlKQrUa5dOBa5ijr8GYHWh/wyhTMA0nqWHUYR1QQhD6n47yc7S43IaPixrDSaKZNUor+8NO1QItxFYYXOK6qJzPJzj5CoBUPR/GcMriSmjnR19BSGAnevHBlV4eFrHx8+P5TWv999wdA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508166; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=B3SZytY5PYBqvEiH+OmJzIbvZ0fUKiNr0im7vtwJjxA=; b=PjniMfxIA9Oj8gW3sP0+Q0+H02LwoSmQpyXv44ChMGXZ47uuZgbBzo2KdxZ3CBlLa2E+hyFE8OUcbZAcCJhJANTg1aXEjcObmruwhxql2Dk+XNskYKQ3pWP0w6JjqDc3zuNRUzznij5Ih93RVpNbXWs7vGbowOf+Q00dEBGV0B4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508166333294.34459885044635; Mon, 11 May 2026 07:02:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRCy-00045U-3y; Mon, 11 May 2026 10:02:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCA-0003xC-V7 for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-vs1-xe2d.google.com ([2607:f8b0:4864:20::e2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRC4-000621-8l for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:16 -0400 Received: by mail-vs1-xe2d.google.com with SMTP id ada2fe7eead31-631a7868228so1391689137.0 for ; Mon, 11 May 2026 07:01:11 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508070; x=1779112870; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B3SZytY5PYBqvEiH+OmJzIbvZ0fUKiNr0im7vtwJjxA=; b=EuUy9kJYy+uzNW8VFfRtrnzAtHUC1akEYGOBbwBQsO7eDjqjnkrGBXj+CR6bHT3ipj IayDSi10P1VJ64d5saWU0t7rl/sDyL04hhlHGeJ/AGL77Ed9hqRWNWOzCOh9KRPEIYyQ a8g348VQSM9sMdwa8fd0XoqA3UkRw4RNY7zMZ2zpu9KG01adUdkKjnzIzJEL/GBghuSR qKw5M/Pcw8bKRJ0IX0ASbIqoKvNpmdSc2Nia54nkWB42InjBZkV9mBBF39boUzWzVhjH nMe5vO+jDdh9NmsYDazgD8eyRWdxY6Jx5Xw9WbQA4B+ptihG217poeGbXn9P6avBmKND LBPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508070; x=1779112870; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B3SZytY5PYBqvEiH+OmJzIbvZ0fUKiNr0im7vtwJjxA=; b=nFzrN7qpIvVSxq9RznJeV/jTITr2vc2Q4E3Ez/7IdA2fm9hJJR/dOnr+jphO1E0X3a QUL0p8uwszhhe/KzuH0m6+T+v8tlbddmElbks5l7yVTJ7yqURXVtM+9LfZWRi4HFQOjG OFM6UEFtC4fy+LniQhOB9ul94TFDzxPFBtWq5bE3IdSMULGp1eDRD8RyYuauLlgxt9b0 b5FF6uht1v5jiUpRECnFJRlzh36JRZR4sZpsz0RO8tccEi8HlCxuy4gJ3Wy/upQxoSu+ cI0gODt3q9YazBseTtFj1GKOfw+JO3O2OOitXKE1LTii7b6G/0yDeHsM2d5tWz/TZedp WoBQ== X-Gm-Message-State: AOJu0YzYEcgBFUc6PGhldQwF1/1T3SzjqfJ9aUifY4vFmz21VpjJ1HLg 9IQh8y2sVqEAuM7hejCpAnIsxhaOS0eRh084M7x2wbrxWJqbLeHChPNg X-Gm-Gg: Acq92OHVmT3LxsPKLk5Alb4TF6hIifVWsEQwRWIGgHd60+9Icv9qM8Nt2/V1sw4V0Jf 0wuP9uDrLvKItvtNFqpnYE/1i4YwHldyFGVWWvtAohg+ARZLkYrmiRR8byRh//8Y4BorQTA7l+M iUOzLXUQhR3C0XiNWcX3f7Y2/nwDqU3z7cjeL4NmSk6VfUISfZBRL0zVlkzkqZqIIVdUn0tYAx0 /A5klDWOIa1HDrn776m9jG9Tl+UPumYTCRX9GYHaeXhrZnY3kzcO0TIH2K+KQHvGcIoRSN/DCTO igSdoRiNkHnjcMdU20y+Ja5j9/U3boLZLkNrrRs02LrpcxpXMkLP1WBr37oyN4bg9LnDZRwKZMF 9LruBOEefZ4eDLFoNeBSUCWyRLDbs6N8nIuPrSGfOg+QNMeSq8353k6Lk9myHvyiA3Z+M3iVll5 W2sWWQLdiRTJfnFMQzcxAdM/VskuYNZKnuaxsZPzYM X-Received: by 2002:a05:6102:418e:b0:632:73ad:6c8 with SMTP id ada2fe7eead31-63273ad1419mr3576864137.7.1778508070281; Mon, 11 May 2026 07:01:10 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:01 -0400 Subject: [PATCH v6 03/15] target/arm: mte_check unemitted on STORE_ONLY load MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-3-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=4552; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=rH8vC1onC8Ly7tRYKkxqsrL8toXuandudSiZ9ut8IVY=; b=CRJQuU7GXeChta0scZqptI8Qg/vLNxIT7BkVl9Uc2V+Qrg5+b/K6Ssb2SFApymVjN/9UBX/S0 3t+zA40h7EQCIYk2UnI3aOqN4c8i7HB7/Ha5p1s7Nv6UEADKxlB6PMt X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::e2d; envelope-from=brookmangabriel@gmail.com; helo=mail-vs1-xe2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508170871154100 This feature disables generation of the mte check helper on loads when STORE_ONLY tag checking mode is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 2 ++ target/arm/tcg/hflags.c | 12 ++++++++++++ target/arm/tcg/translate-a64.c | 8 ++++++-- target/arm/tcg/translate.h | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0894a050b1..fce0bde168 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2531,6 +2531,8 @@ FIELD(TBFLAG_A64, ZT0EXC_EL, 39, 2) FIELD(TBFLAG_A64, GCS_EN, 41, 1) FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) +FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) +FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 7e6f8d3647..75c55b1a6d 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -423,6 +423,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, */ DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); } + /* + * Repeat for MTE_STORE_ONLY + */ + if ((el =3D=3D 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr) { + DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } + } } } /* And again for unprivileged accesses, if required. */ @@ -432,6 +441,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + if (SCTLR_TCSO0 & sctlr) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } } /* * For unpriv tag-setting accesses we also need ATA0. Again, in diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 9a27c4c6ec..ce6249649a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -302,7 +302,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, MemOp memop, bool is_unpriv, int core_idx) { - if (tag_checked && s->mte_active[is_unpriv]) { + if (tag_checked && s->mte_active[is_unpriv] && + (is_write || !s->mte_store_only[is_unpriv])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -334,7 +335,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr,= bool is_write, TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, bool tag_checked, int total_size, MemOp single_mop) { - if (tag_checked && s->mte_active[0]) { + if (tag_checked && s->mte_active[0] && + (is_write || !s->mte_store_only[0])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -10697,6 +10699,8 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->ata[1] =3D EX_TBFLAG_A64(tb_flags, ATA0); dc->mte_active[0] =3D EX_TBFLAG_A64(tb_flags, MTE_ACTIVE); dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); + dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); + dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 77fdc5f3a1..c74a4f6675 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -140,6 +140,8 @@ typedef struct DisasContext { bool ata[2]; /* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */ bool mte_active[2]; + /* True if v8.5-MTE tag checks disabled for reads; index with is_unpri= v. */ + bool mte_store_only[2]; /* True with v8.5-BTI and SCTLR_ELx.BT* set. */ bool bt; /* True if any CP15 access is trapped by HSTR_EL2 */ --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508385; cv=none; d=zohomail.com; s=zohoarc; b=iYGa8/C7wga5df4uCv6fiQUl69xfeVUPfE0f8FNVHlAeUn8dxKvWnj0hTZjY32Muh41SP4y57WTd5ZzSBw4b1K4zFhUxGDXHmBdKRLguy/iKiVTFbyVlVI4Fyk4GtR+NKXNCSyg4p/bUh5+JEpMEuYIBtIT0EqcEfe1pj0DG0Sc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508385; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=Viz4UvDDYmE975A1c5nKBqywCT7kCg/jlTSpFauFge0BmMJhUddp54KHu89fpDbMsdaEyvZEIGO6zSKKRd4B3iakEuU77Ovhe98hd6x9n9wX8LVFOBjyF8PHVUS/XsjmVPD4seOvuY8c9OyTerpBhSlkiSrwCr5Er4qtNhADGZc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508385317907.9329262962898; Mon, 11 May 2026 07:06:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDa-0004pS-QN; Mon, 11 May 2026 10:02:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCA-0003x9-Uz for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-vs1-xe31.google.com ([2607:f8b0:4864:20::e31]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRC6-00063V-Ep for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:16 -0400 Received: by mail-vs1-xe31.google.com with SMTP id ada2fe7eead31-631a7868228so1391753137.0 for ; Mon, 11 May 2026 07:01:14 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508073; x=1779112873; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=AtfdCcx+yj6+q1dqcUWZKQYaAxWXBZBedzj4zOAll7s7+UusBaZYA2tjamJMQo0LaW 3VdP/WEv1AhNRU2m8QM9Bv/Ftm64xBO7upzaWRyTwCvuxaYc1IqDtxMBx1lFJdn7uuOk 8bsYijPkMJd/L2v6fviyC3N7YRYDOrpUSUyKeSdRRrQ4vnnaqJr7wIC65c8qmxWUn+iF +3U+9krUC91HkoKoGnzlt1Vfa70ztr2qc96gQqkNR/JKwEyuQId3lO6aU5LL6h7yJoKT An8IPkQseOm8Dh3xR8V95jtX8GwADz/GrQk3iaSplfhG6u7O1YXd+nx9OqGfieT9302d iQeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508073; x=1779112873; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=h6t+8BL9slROb/1n5v5F5yW/DTF6bVMIWm3PfnrVLtUx4y5t3hyIffMy4yb1dUBmrx Yd7rvQuCq/mtrGjMvSxmQowoOgu/4wEo3ZNLru//dwKdW8hbxFBQ+2+2eWePpF+v1f7d WEnpIj1FQc7CyT0MF/ifCG3i1mWvIuPqwemVXxj66Dbqt6xMU8o74ErUaZxogJfYaqO5 5VUu5VmRc8bfZ6/AZwkEzOxFduToNH5NyifyHIb6wTXVJ2TMyfvwFTORMBGhxorczBmr G5klIw2vy2PTji5zzZeHcRY7wbbiH6gYA600BBDbac3ecWVKh0Wm34YTrzT4vPMQBlqe ObPA== X-Gm-Message-State: AOJu0YwLGEHN1sxX/Gj/f/gV/BfzlKIYl9BA23aK+Hc9+LbxY1f1JwGd +BzwrKIiQkw7GuL9+tI8GxtPAjFvJEQ5ifyHdXBJCxKe+88TyoP4pPff X-Gm-Gg: Acq92OEaduK8dihTIZM9Lf9iTjugOQ/GTRGFo/MGtRL/171fYSb+k4g0zHCS2TfJB6L lvIyuIvt5WE5lepy6wqGnbbXj6w+L9hvdPFr2Lx1fvwMo1Stw39W5QCoysKMyu1YVvVNtHCCHwa AJ7I11wA2je2NToV6iofubpoSUW+SiSaab5HFc5zdEeXz1JGanjeG42xVwkRyfx3icgqpNmOXdS cd/3YanDZr37pK/YqLUJilFxKmGox3qfODdwNzgdhm24w6buBZjVp/WpEg4NPXkQsadWaJgiTsK F1oqUBIYmBfkHEh48FRoQdZxWEsLYkJvElIYD8GeS0OmOdFa2a34H+LZilXyUiB2pKgQLEFrxp8 axQ/TuOdJ2NI4Ch0YOdgh/2W7PVtUk4+wbKmtp7aZIIvHskLwjphhOGM93E1gp6Cvm/tNvd6hOc SEZvTl6aeltXIsrcR/1azmnB6xKkfvbgvuGyuLjbbg X-Received: by 2002:a67:ef42:0:b0:631:28c1:154e with SMTP id ada2fe7eead31-63128c11dfbmr6905313137.16.1778508071517; Mon, 11 May 2026 07:01:11 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:02 -0400 Subject: [PATCH v6 04/15] linux-user: add MTE_STORE_ONLY to prctl MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-4-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=4942; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=3NUHlDKCw8l8rqmAwbaWm0eM8fht4yd8LR/eAfpLXkM=; b=3OHSB36w0QVpFZCmvTh4TzglFIT8Qb+/BuQREkd8pinTR0dwZ4cxyjxp8VVkrlKwRpdfJiE5K oUSplSABADGAlikrVPS9t9VbKJKtywISZKropMQpQH0KidV4bW6Vsk1 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::e31; envelope-from=brookmangabriel@gmail.com; helo=mail-vs1-xe31.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508387213158500 Linux-user processes can now control whether MTE_STORE_ONLY is enabled using the prctl syscall. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- linux-user/aarch64/mte_user_helper.c | 11 ++++++++++- linux-user/aarch64/mte_user_helper.h | 14 +++++++++----- linux-user/aarch64/target_prctl.h | 6 +++++- target/arm/gdbstub64.c | 2 +- tests/tcg/aarch64/mte.h | 3 +++ 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/linux-user/aarch64/mte_user_helper.c b/linux-user/aarch64/mte_= user_helper.c index a5b1c8503b..b5c4dafcda 100644 --- a/linux-user/aarch64/mte_user_helper.c +++ b/linux-user/aarch64/mte_user_helper.c @@ -10,7 +10,7 @@ #include "qemu.h" #include "mte_user_helper.h" =20 -void arm_set_mte_tcf0(CPUArchState *env, abi_long value) +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value) { /* * Write PR_MTE_TCF to SCTLR_EL1[TCF0]. @@ -32,4 +32,13 @@ void arm_set_mte_tcf0(CPUArchState *env, abi_long value) tcf =3D 2; } env->cp15.sctlr_el[1] =3D deposit64(env->cp15.sctlr_el[1], 38, 2, tcf); + + /* + * If MTE_STORE_ONLY is enabled, set the corresponding sctlr_el1 bit + */ + if (value & PR_MTE_STORE_ONLY) { + env->cp15.sctlr_el[1] |=3D SCTLR_TCSO0; + } else { + env->cp15.sctlr_el[1] &=3D ~SCTLR_TCSO0; + } } diff --git a/linux-user/aarch64/mte_user_helper.h b/linux-user/aarch64/mte_= user_helper.h index 0c53abda22..8a46f743f4 100644 --- a/linux-user/aarch64/mte_user_helper.h +++ b/linux-user/aarch64/mte_user_helper.h @@ -20,15 +20,19 @@ # define PR_MTE_TAG_SHIFT 3 # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif =20 /** - * arm_set_mte_tcf0 - Set TCF0 field in SCTLR_EL1 register + * arm_set_tagged_addr_ctrl - Set TCF0 and TCSO0 fields in SCTLR_EL1 regis= ter * @env: The CPU environment - * @value: The value to be set for the Tag Check Fault in EL0 field. + * @value: The value to be set for the Tag Check Fault and Tag Check Store= Only + * in EL0 field. * - * Only SYNC and ASYNC modes can be selected. If ASYMM mode is given, the = SYNC - * mode is selected instead. So, there is no way to set the ASYMM mode. + * Only SYNC and ASYNC modes can be selected for TCF0. If ASYMM mode is gi= ven, + * the SYNC mode is selected instead. So, there is no way to set the ASYMM= mode. */ -void arm_set_mte_tcf0(CPUArchState *env, abi_long value); +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value); =20 #endif /* AARCH64_MTE_USER_HELPER_H */ diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_= prctl.h index 621be5727f..d91e75d60d 100644 --- a/linux-user/aarch64/target_prctl.h +++ b/linux-user/aarch64/target_prctl.h @@ -168,6 +168,9 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |=3D PR_MTE_TCF_MASK; valid_mask |=3D PR_MTE_TAG_MASK; + if (cpu_isar_feature(aa64_mte_store_only, cpu)) { + valid_mask |=3D PR_MTE_STORE_ONLY; + } } =20 if (arg2 & ~valid_mask) { @@ -176,7 +179,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) env->tagged_addr_enable =3D arg2 & PR_TAGGED_ADDR_ENABLE; =20 if (cpu_isar_feature(aa64_mte, cpu)) { - arm_set_mte_tcf0(env, arg2); + arm_set_tagged_addr_ctrl(env, arg2); =20 /* * Write PR_MTE_TAG to GCR_EL1[Exclude]. @@ -185,6 +188,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) */ env->cp15.gcr_el1 =3D deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT); + arm_rebuild_hflags(env); } return 0; diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index a4fa740caf..0c3e5b30bd 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -684,7 +684,7 @@ int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *= buf, int reg) * expose options regarding the type of MTE fault that can be controll= ed at * runtime. */ - arm_set_mte_tcf0(env, tcf); + arm_set_tagged_addr_ctrl(env, tcf); =20 return 1; #else diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 0805676b11..17b932f3f1 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -20,6 +20,9 @@ #ifndef PR_TAGGED_ADDR_ENABLE # define PR_TAGGED_ADDR_ENABLE (1UL << 0) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif #ifndef PR_MTE_TCF_SHIFT # define PR_MTE_TCF_SHIFT 1 # define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508239; cv=none; d=zohomail.com; s=zohoarc; b=mlWVGzfEpWh+pZJc96ARdp8AfH4l5qdLrTysTAIsfW6jd8aQRBxCF2Y3UixRBSWdVpMElnuycONq3eMbc0Xlr/SFD1EDtFRKOwHrUHoQkdBtbgruQvvoD9uL7X+Rj3gghXDTTBpNzBuXDCHeAeO6mBRc2BSVvHEhdWltT1E2M58= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508239; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2od2Jg27aG5qUhzYlpZbSEdXumH7NLX/CLZQBOeQTco=; b=hlrI/i7fclY/suswKG14OtnjCW7339ehfV5Zm3ZRzPwIWOOrS5BG99MvtWNfv8o/64c/YuzExLq0d4+z22Kebo4UgCeijNtUbph9H+aX0lkqjzuqlEH6IePk1xLZHVcCYj8X/S4jjqnC25lLuUGEoSa5qJ7bKq2ANA9hSpa9isM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508239894669.0554931099011; Mon, 11 May 2026 07:03:59 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDY-0004hc-Dt; Mon, 11 May 2026 10:02:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCZ-00043c-Ma for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:49 -0400 Received: from mail-qv1-xf32.google.com ([2607:f8b0:4864:20::f32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCX-0006DO-9Y for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:43 -0400 Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-899a9f445cbso40886336d6.0 for ; Mon, 11 May 2026 07:01:40 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508100; x=1779112900; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=2od2Jg27aG5qUhzYlpZbSEdXumH7NLX/CLZQBOeQTco=; b=Sb28H5zQe5+C8PGqPCiYm4cGm9n2vx0mlBDh0rtlTELNI6Z/zs3Uhz3K3/FqiKvtd0 vK4uJgP+TExKHDC/4j1UnXq5TMA/Z/1pkcDj5o5bnFAXUnGK+ccV7Gp+89ma7z7Gxn2D 6EHbuN9koaIRGHAHg+dGkaTJajGI5XiJ5KSk2FOCrGSi+6usTlWbvHO9UY79DQvo+T2X HAU40O/bunSoVYU0u/OdfBupLI36bRZW0TSEz3jBnHYRTFBsGKiE8ToHhngyKiV/FImi MNM1UhsvgwJJQCkK7Y0xYXPCoFZJR0s+xzIofdD1tGZP10ixZ0OgRX2OxPGncuFTg+LX fLtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508100; x=1779112900; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2od2Jg27aG5qUhzYlpZbSEdXumH7NLX/CLZQBOeQTco=; b=H8eyCUdnmjQIJy0e4A36SRvZhZbisynZpuWP20Xur6ZaqpecsKhca0Cr/tEGWFY8uM qDx04aEYsyJXRUekHr5KoM8Nux4V6esv1Y2asIh0a8RVEy6UU4LMzPWm8q+QPe7hSQpN ffAgi9CcJgqqqGp9g+o6BE+JgneiDDitn/OIE9mA5+6H877Rl1c+XdJn89D5L+RiPre+ nF1LVgpTRUDyTk6dF3qho6MOyxac6Op5MA0w705u8KYlc4zsHIdIATaDMxOAKpX6RXMZ U79g+ehjWl9aI5tOkrhZodqeqUkawBC60MpN75fCh2gOKvv4jSiDkrJ3gJVn9RgjWkTl c8JA== X-Gm-Message-State: AOJu0YwJ22Nhq3K16LvyIXaXO6Mz+6ufZ5YbHOzK20/z5b+bgAYe0g46 tJkA7m8pmSY5t/uSmY/hWNPYolZ8vhhVXhInl0JGY0gc90W/YHr29FW1 X-Gm-Gg: Acq92OE8tbszIci4BkRBekGemmDVlcCiqg/qP56Yui6o+pAXOw7Q1/45UMT0PFL0pB2 c2fvq/BbgUaLtaRaHGG9j7y2ka1TzRK1mvu6uxGYwJC75e5tdNS9KazZzhynmYBjsliKxmJGbfu 3T7Lg6yQta3V25ECnDXK6O+noLvqaOhAv2GpkLIfp7zGpa/6oFsnr0sOtfvWuBRt2RguKWIRKK/ Xj29IqbkkEBrFhhHnwKveJcf3YO7Q9SUxCYzYXaj0Se2E7vd7k/bybUNnb4ePwS9Nbp4TxLv52y GX6I36bjahqa+xL1vHIio5pKRXrsGkSskZTqC82l/zLKeN1oMhWyzZNiGIe3ikydHFUo3JUDnuP 36I3r84Fnp3cRY9G5PZ6jG349iD/klcQ9yBJZECWAmwMQ0RSDirHxsTbG5xMtGWN9IuNKjXC/jj VZP6AjmTqU4el5yXkn3fRY8DdBaPXRbcnJNAgbvf2g X-Received: by 2002:a05:6214:4107:b0:8ac:b451:df58 with SMTP id 6a1803df08f44-8bf412ff0e6mr223201416d6.6.1778508073489; Mon, 11 May 2026 07:01:13 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:03 -0400 Subject: [PATCH v6 05/15] target/arm: emit tag check when MTX without TBI MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-5-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=10628; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=AtmCCt3mwt6MmeXGw6tS0M/9IfP3vryMZnD5u0mI3bs=; b=7bLv6svfKNJk+9VEeOxD9HZwC8OM8MdwHXxT5aOLMVdBapCgm2kmaC+MWv6Ved6ovlYU6gL/5 yFpGpaG4nNhAOjQvAZzsAplS0HYlwxfZ+4TqkGA6T4LTgB6S/YNM1jt X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f32; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf32.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508243234154100 Previously, the TBI bit was used to mediate whether tag checks happened. With MTE4, if the MTX bits are enabled, then tag checking happens even if TBI is disabled. See AccessIsTagChecked. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/helper.c | 10 ++++++++++ target/arm/internals.h | 13 ++++++++----- target/arm/tcg/helper-a64.c | 7 ++++--- target/arm/tcg/hflags.c | 11 +++++++---- target/arm/tcg/mte_helper.c | 9 ++++++--- target/arm/tcg/sme_helper.c | 4 ++-- target/arm/tcg/sve_helper.c | 6 +++--- 8 files changed, 45 insertions(+), 20 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 8ec8d9a2e3..23429d6491 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1167,6 +1167,11 @@ static inline bool isar_feature_aa64_mte_store_only(= const ARMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; } =20 +static inline bool isar_feature_aa64_mte_mtx(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTEX) !=3D 0; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/helper.c b/target/arm/helper.c index ddf44f4306..18352bd186 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9559,6 +9559,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index a632584a4e..6df2c547c5 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1422,6 +1422,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); @@ -1557,7 +1558,8 @@ FIELD(MTEDESC, TBI, 4, 2) FIELD(MTEDESC, TCMA, 6, 2) FIELD(MTEDESC, WRITE, 8, 1) FIELD(MTEDESC, ALIGN, 9, 3) -FIELD(MTEDESC, SIZEM1, 12, 32 - 12) /* size - 1 */ +FIELD(MTEDESC, MTX, 12, 2) +FIELD(MTEDESC, SIZEM1, 14, 32 - 14) /* size - 1 */ =20 bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr); uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_= t ra); @@ -1627,10 +1629,11 @@ static inline uint64_t address_with_allocation_tag(= uint64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 -/* Return true if tbi bits mean that the access is checked. */ -static inline bool tbi_check(uint32_t desc, int bit55) +/* Return true if tbi or mtx bits mean that the access is tag checked. */ +static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { - return (desc >> (R_MTEDESC_TBI_SHIFT + bit55)) & 1; + uint32_t mask =3D (1u << R_MTEDESC_TBI_SHIFT) | (1u << R_MTEDESC_MTX_S= HIFT); + return desc & (mask << bit55); } =20 /* Return true if tcma bits mean that the access is unchecked. */ @@ -1664,7 +1667,7 @@ static inline uint64_t useronly_maybe_clean_ptr(uint3= 2_t desc, uint64_t ptr) { #ifdef CONFIG_USER_ONLY int64_t clean_ptr =3D sextract64(ptr, 0, 56); - if (tbi_check(desc, clean_ptr < 0)) { + if (tbi_or_mtx_check(desc, clean_ptr < 0)) { ptr =3D clean_ptr; } #endif diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index dd1f9c6dc6..9eef2f7e6d 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1054,7 +1054,7 @@ static int mops_sizereg(uint32_t syndrome) } =20 /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA, TBI, and MTX bits mean we need to do MTE check= s. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) @@ -1062,12 +1062,13 @@ static bool mte_checks_needed(uint64_t ptr, uint32_= t desc) int bit55 =3D extract64(ptr, 55, 1); =20 /* - * Note that tbi_check() returns true for "access checked" but + * Note that tbi_or_mtx_check() return true for "access checked", but * tcma_check() returns true for "access unchecked". */ - if (!tbi_check(desc, bit55)) { + if (!tbi_or_mtx_check(desc, bit55)) { return false; } + return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } =20 diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 75c55b1a6d..9fa63cd568 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -245,13 +245,16 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, uint64_t tcr =3D regime_tcr(env, mmu_idx); uint64_t hcr =3D arm_hcr_el2_eff(env); uint64_t sctlr; - int tbii, tbid; + int tbii, tbid, mtx; =20 DP_TBFLAG_ANY(flags, AARCH64_STATE, 1); =20 /* Get control bits for tagged addresses. */ tbid =3D aa64_va_parameter_tbi(tcr, mmu_idx); tbii =3D tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx); + mtx =3D cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) ? + aa64_va_parameter_mtx(tcr, mmu_idx) : + 0; =20 DP_TBFLAG_A64(flags, TBII, tbii); DP_TBFLAG_A64(flags, TBID, tbid); @@ -403,14 +406,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, + * 1) If TBI and MTX are both unset, accesses are Unchecked. * 2) If Tag Check Override, then all accesses are Unchecked, * 3) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, * 4) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid + if ((tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & (el =3D=3D 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); @@ -436,7 +439,7 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid + && (tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index bf35dc10ce..61cdf92c54 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -823,8 +823,11 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, bit55 =3D extract64(ptr, 55, 1); *fault =3D ptr; =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + /* + * If TBI and MTX are disabled, the access is unchecked, and ptr is not + * dirty. + */ + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return -1; } =20 @@ -965,7 +968,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32= _t desc, uint64_t ptr) bit55 =3D extract64(ptr, 55, 1); =20 /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return ptr; } =20 diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index ab5999c592..68684d1f87 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -680,7 +680,7 @@ void sme_ld1_mte(CPUARMState *env, void *za, uint64_t *= vg, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -862,7 +862,7 @@ void sme_st1_mte(CPUARMState *env, void *za, uint64_t *= vg, target_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c index 062d8881bd..c5e6d58a7e 100644 --- a/target/arm/tcg/sve_helper.c +++ b/target/arm/tcg/sve_helper.c @@ -6375,7 +6375,7 @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -6737,7 +6737,7 @@ void sve_ldnfff1_r_mte(CPUARMState *env, void *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -6992,7 +6992,7 @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508283; cv=none; d=zohomail.com; s=zohoarc; b=WOH6H8y8Z1sezgKnz05K77GkALhDhD00MUTarSELkWvpxAkX0BDA0gcPplBbVO3SssYqW6DPsJpbxokcPZ/RdGAMD56N+byYun3nMr6mOky7ZmiPQC1suFBsREsuQIEaYFxFXl/y0m8Rl7ldrbv35kPSZttWuVt2WSkjBBXQq4M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508283; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=JBnR4ZVm8fhrjiMTwdEiXk++2/68t2Ii5JMtq9oYUgw=; b=LQXI2pAgXoWjVpUKb3sXnEmFD0VH4oL4rpg7goWqer+KVQV0DWMqbM/ZfVrhosO9QFec6t1BMh/eY3eUgdkeUyT+UCriVDtZzXENkfSn/xrO7QFY6ifFcPYg/ulkuwacFJq2/lieXyTsdyuOZugMqHKHzZUuIUSDRoCJdky+pjo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508283184770.380487855622; Mon, 11 May 2026 07:04:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDY-0004gJ-4K; Mon, 11 May 2026 10:02:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCJ-0003xP-Cs for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-ot1-x32b.google.com ([2607:f8b0:4864:20::32b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCA-000643-L7 for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:23 -0400 Received: by mail-ot1-x32b.google.com with SMTP id 46e09a7af769-7de7c57b52cso3527293a34.3 for ; Mon, 11 May 2026 07:01:15 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508075; x=1779112875; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=JBnR4ZVm8fhrjiMTwdEiXk++2/68t2Ii5JMtq9oYUgw=; b=gBLvTuaYFyc+miV3DrP+5f5lGDxvVnFvTsk0fNcPa55V3KP9BNwvYVS8e3T36CZYbs /qnAFYJCjQ3qD9rER516HNgnjRaLZrre4u7kENJsfvffGYpeyyuGJBsZvfWDDB/2Fncd qOT0QDQwSOJ4OQ7+BI+BVPUMMkWYn0AmIk3pkKwyEivX6QSDWzyDs0DqeMQCmbfSD4hA n+lc55G7NtrPFbqzk4dj5r25rPo91vrffPsRMGXRgNzEUYUeEWK0ipPRFHhfvohzxQvP fUqosbJWYVMSsje8GSXn4oBnk6ITVAK+UgN913fqpcEctRfMXJlzcbrlH8sfuYwD8zDS aCSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508075; x=1779112875; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JBnR4ZVm8fhrjiMTwdEiXk++2/68t2Ii5JMtq9oYUgw=; b=fug6Kwlg2MgSbO9f9N+M13d/Qe+RiOa+ZfJQSfWgStjcmgTPu5cELKJMA23yp4uiVn qaIdby5e5ec12k8NjVQq7sUXHKctW661g3sy0dem3FQdaUs/gztq4fjnKwN6wcWLAHVQ urAdG966Jhig8F2e7kTDwstlyRU1IZAmjXSzsB2sI62cxt8fkUHv+BgEK03swBzlLAxd D36Yo45XtZqHy7TBprYjhNAjmZ2CkD6Bxrs9/HpsqYttK1DCkQHoyuOm4cATm66mXIlp T++c/sUpiVOlJIUwqgjc1DcNrLixIJUvodS5YLM/PnzNbHsHV2My72T1fpkVeLctWQks uwOQ== X-Gm-Message-State: AOJu0YwF3Y+0YcXu7Al109fkDCidbF/o1MTydzMY+1f0fCI5figRpmHh jMnHs8Hp3iQ5JQKbC3F7CPz6h+KbogDGpRjcI+MqL5iGmRJrN2Pspz8w X-Gm-Gg: Acq92OFBPSY8YX53Qo+NXYuRfD9lEpYOSk44SfvxRJxSO/pAWEBSaKmIAmgz0SWehs3 G8WpqeLzfZ6BV9Ud1jRNcWykcpG1sQQGMvPc99BWr/6E0+IRWUP0p3WIPp4ojdQk2IL/JqZZr7J g0QpAUCX9Od57I9txx1kwudLt+tce0Y5Pfq3WIHEXOEsAwJ13W1G3csxdCe5rdwiysJC8hsaVc7 QZS8D08DBOFraHaueqa/zEhx/fiBmXiQKFsS7s/d/fg05DmKa2cC32esXFhTUbCLfHWw4AIPRv9 Awyhr/izfJj76R7Ao0NfKDqax1rE3fBJF4CZrg0Yyw8SeoiaoosKVpbX+CVon7grrXUWMZCDk81 gnJHmcz+J8KkKbW0MesKYv1BQEn3qTdRjlQ9TdNKhhg+h4+cVVr7kqzZ48nF/emlI6WBDVn/f4m rtmUBs8ThTx3S31SqU4vXVm6mkxmgHF52gR9ILQVp/ X-Received: by 2002:a05:6830:82f2:b0:7dc:db3c:1d63 with SMTP id 46e09a7af769-7e1df1f786fmr14365198a34.24.1778508074871; Mon, 11 May 2026 07:01:14 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:04 -0400 Subject: [PATCH v6 06/15] target/arm: add MTX to MTEDESC and DisasContext MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-6-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=5381; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=2E2Zs8EcdJv+NH2+oioAGSfvt6XdJ2K43JuJsPWcvmE=; b=sVvgNmhZxauciT7WdyES3MlTULt6J+WzxZ90pFWWYnB7gzPi7Tl80WQLVHdoLxIkUJzI8hB5I tO+5OrhHB3tDmxavEyMnLjh4ZU14DumzzLbPM7TnYZYPpnUJiMz52Ee X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::32b; envelope-from=brookmangabriel@gmail.com; helo=mail-ot1-x32b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508285282154100 Add fields for MTX to DisasContext and MTEDESC. With MTE4, the fields will be needed in future patches that alter tag check, tag load and tag store behavior. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 1 + target/arm/tcg/hflags.c | 2 ++ target/arm/tcg/translate-a64.c | 7 +++++++ target/arm/tcg/translate.h | 1 + 4 files changed, 11 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index fce0bde168..8ef01c82b3 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2533,6 +2533,7 @@ FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1) FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1) +FIELD(TBFLAG_A64, MTX, 47, 2) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 9fa63cd568..5789d7aeb8 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -462,6 +462,8 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* Cache TCMA as well as TBI. */ DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx)); + /* Cache MTX. */ + DP_TBFLAG_A64(flags, MTX, mtx); } =20 if (cpu_isar_feature(aa64_gcs, env_archcpu(env))) { diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index ce6249649a..cd86178d56 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -312,6 +312,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(mem= op)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, memop_size(memop) - 1); =20 ret =3D tcg_temp_new_i64(); @@ -345,6 +346,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr,= bool is_write, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(sin= gle_mop)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1); =20 ret =3D tcg_temp_new_i64(); @@ -3003,6 +3005,7 @@ static void handle_sys(DisasContext *s, bool isread, desc =3D FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s)); desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); =20 tcg_rt =3D tcg_temp_new_i64(); gen_helper_mte_check_zva(tcg_rt, tcg_env, @@ -4873,6 +4876,7 @@ static bool do_SET(DisasContext *s, arg_set *a, bool = is_epilogue, desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, true); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); /* SIZEM1 and ALIGN we leave 0 (byte write) */ } /* The helper function always needs the memidx even with MTE disabled = */ @@ -4927,11 +4931,13 @@ static bool do_CPY(DisasContext *s, arg_cpy *a, boo= l is_epilogue, CpyFn fn) if (s->mte_active[runpriv]) { rdesc =3D FIELD_DP32(rdesc, MTEDESC, TBI, s->tbid); rdesc =3D FIELD_DP32(rdesc, MTEDESC, TCMA, s->tcma); + rdesc =3D FIELD_DP32(rdesc, MTEDESC, MTX, s->mtx); } if (s->mte_active[wunpriv]) { wdesc =3D FIELD_DP32(wdesc, MTEDESC, TBI, s->tbid); wdesc =3D FIELD_DP32(wdesc, MTEDESC, TCMA, s->tcma); wdesc =3D FIELD_DP32(wdesc, MTEDESC, WRITE, true); + wdesc =3D FIELD_DP32(wdesc, MTEDESC, MTX, s->mtx); } /* The helper function needs these parts of the descriptor regardless = */ rdesc =3D FIELD_DP32(rdesc, MTEDESC, MIDX, rmemidx); @@ -10701,6 +10707,7 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); + dc->mtx =3D EX_TBFLAG_A64(tb_flags, MTX); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index c74a4f6675..75d1b0fbd9 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -82,6 +82,7 @@ typedef struct DisasContext { uint8_t tbii; /* TBI1|TBI0 for insns */ uint8_t tbid; /* TBI1|TBI0 for data */ uint8_t tcma; /* TCMA1|TCMA0 for MTE */ + uint8_t mtx; /* MTX1|MTX0 for MTE */ bool ns; /* Use non-secure CPREG bank on access */ int fp_excp_el; /* FP exception EL or 0 if enabled */ int sve_excp_el; /* SVE exception EL or 0 if enabled */ --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508221; cv=none; d=zohomail.com; s=zohoarc; b=gCNh8orRgBpw4rAarzZN7x7SkHECLl6sQpG6K84qQmCBlyhy2+VJSdUii00BxVvvrU8rHS518mgSPZX4cZX5cDA4h2JNcQ9uVEW7S7DHmNRmXT5Qb9ZPwdix3CtFBRradoA50gNcGx78j+h5qIJEB+53q2joYvNUfFXeIxVUeSc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508221; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QSmDQRrB6e1D8na4i2hbR1VmlezIVrTYO+OHtxE4XeY=; b=CQfDjoE01F4a4SSiaTh+aDJpWw5538rNvxw0pPv8Ljt/6Cz469WR+ntxvSci67f+gz7k9/7g4s3YUc0BPjRp8rIUk5/MThqtGtXkE3NjuYy5OYZgQzSDUPnC338ciDS3LhuGnlw6LhpzsWPkriIllGXi9aZ4fDJm8mJ9TRxhD74= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508221851114.63461980457464; Mon, 11 May 2026 07:03:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRE5-0005c7-9w; Mon, 11 May 2026 10:03:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRDs-0005J4-5c for qemu-devel@nongnu.org; Mon, 11 May 2026 10:03:04 -0400 Received: from mail-oa1-x33.google.com ([2001:4860:4864:20::33]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRDp-0006Wo-Cq for qemu-devel@nongnu.org; Mon, 11 May 2026 10:03:02 -0400 Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-40946982a78so1467521fac.2 for ; Mon, 11 May 2026 07:03:00 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508179; x=1779112979; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=QSmDQRrB6e1D8na4i2hbR1VmlezIVrTYO+OHtxE4XeY=; b=TPPygsf5EzsQjBHBXjNKVCqJziHkjg1jhNikpkz+Ee1F8PPxmf6PgbCdp1DDjq3u+M dmD2sBu3BcTH5f8avmdCm1jmwrmbyJdZEXyJQv+EG/nc4u8TYohvhXRunTScquGIOjp0 7hmB77oS7Haz6MW6+0wlvrxzpJD+Ze/+IKGHjdgb7Sv+yM90471uNpS9S0gaDB6JVV2j 4PbokPtOy09/ShslvhR5hmZWm6y35qQ1yhM/HqNDTeKqxlCuu7Pa4xBuhnFe72wICgV2 /Chli/CHbqEb0I80M7H6q2M+JTY9194WWp48YLqFNkVaHbrS4z4GZQtPnSeT32nB+Z/u kATg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508179; x=1779112979; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QSmDQRrB6e1D8na4i2hbR1VmlezIVrTYO+OHtxE4XeY=; b=G8NP2MwYaMqU/YKXnRN2eUZidWRZK8XhmOhTLDAnA6WL5/XkBkuh892WQEQNJheF+q GaNq3tUWOwJtm31Bsy6x1AlwicDIrqoKbclvM91aDf7s5wLtlFhDGt2Cdi2r9GMft2Sn p+PLVrYyx+Kn1X5l1KI6S/JI7sOx06lAgvO+7wxz8lXxkIxeI8UenV7WnLWMI2Dk0uDt o4GoyNt7HZvJPvpvTd8+5zaXlyJFsEZGWO1H/hQjRBLwYWi8FU1+Sink87l2ezvKlWmE mbsxcBUVluMJBP/NBjAyymn8Ysri8L4bRlW5XpchgL8JdUd87dQUGGfgQBx59fL/p8ZQ XhfA== X-Gm-Message-State: AOJu0YwJ/6rF+oJBqu8tl/b7FHFaodKHy+EQZRlP6fVbddAr8J7Eolkl gK5EUuFff05rQi5vdZcqpgY8optXcpnXCKmli5MrL2VaRqIXhCIMPqvBjHvj0qa9 X-Gm-Gg: Acq92OGBYre0zmqQLxNVZQrBD4+Cs3cwIQL+eD60ECBXlFkUh4Fd58/BQ/TPNJn4HCw QgW0qJjxW09e4dLz+wWLA4gCikiaeyXGlA8NCCQ63xL+fswVM0nSXWTHTuGrMbG/5hWAzYqn5tv zIEbAo50PwtfnEXTIbGue1tJv/F/Nqct/XNKJv43ZxiNXJJgdnLpE24SaLmYex9mRX/PUCAD9XR x7AlGmcj8AQ/PF7rvzgC235YLWxtr5UP6O4sAI7QH4mYuLguBHB734CZ/gA9H9bJfiJ0rU78r5/ tGh4kMQUQd7X1D+gUDnouDOvNJupfcqE9nJi/x4fRkWyMoHWUdC2QLUVI5O0+OCa5cY4cDdhs6I Jxhg9qMkShf6eKqC2ZeL/bnLK5YXd3KGa663XMc0/Jlyos8UsxjK/DwxFoX7c6WoPBfsMXq5SOT YoLVodfR5aGTR4aRgDi4IuJk21xrTqH72/MQJoE5Zv7UBexunATCk= X-Received: by 2002:a05:6214:1c4c:b0:8bd:de6d:c349 with SMTP id 6a1803df08f44-8c1a461dd4dmr154548546d6.30.1778508076311; Mon, 11 May 2026 07:01:16 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:05 -0400 Subject: [PATCH v6 07/15] target/arm: add canonical tag check helper MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-7-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=1412; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=kFLv9CCcyzQ9X4nylsyRnwd9Y7Ab46WH0h0K69LE1Qg=; b=p298eyZYu8co5o2bs9nJ5yeIrlqOm4daIqSYwX7p56E6h96q7q+ikYqDei2aprQGnZLQEiilh vQNBpSqJC8vD0mw9si2x58vTkCieWEwqLVOsA+zXfz+wjRbZV7s2/2z X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::33; envelope-from=brookmangabriel@gmail.com; helo=mail-oa1-x33.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508223028158500 Add a helper that checks whether mtx is active from MTEDESC. Refactored an existing function to use it. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 6df2c547c5..192e6a2d47 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1636,6 +1636,12 @@ static inline bool tbi_or_mtx_check(uint32_t desc, i= nt bit55) return desc & (mask << bit55); } =20 +/* Return whether or not the second nibble of a VA matches bit 55. */ +static inline bool tag_is_canonical(int ptr_tag, int bit55) +{ + return ((ptr_tag + bit55) & 0xf) =3D=3D 0; +} + /* Return true if tcma bits mean that the access is unchecked. */ static inline bool tcma_check(uint32_t desc, int bit55, int ptr_tag) { @@ -1643,7 +1649,7 @@ static inline bool tcma_check(uint32_t desc, int bit5= 5, int ptr_tag) * We had extracted bit55 and ptr_tag for other reasons, so fold * (ptr<59:55> =3D=3D 00000 || ptr<59:55> =3D=3D 11111) into a single = test. */ - bool match =3D ((ptr_tag + bit55) & 0xf) =3D=3D 0; + bool match =3D tag_is_canonical(ptr_tag, bit55); bool tcma =3D (desc >> (R_MTEDESC_TCMA_SHIFT + bit55)) & 1; return tcma && match; } --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508259; cv=none; d=zohomail.com; s=zohoarc; b=XZIRum40gOjb59++g7wFLP7pKuRlNORAg1jTEgtprxsCh7+o9cM7v1rLukS9PjcrXHFbyysFsrXP8k46m4a42rh2qC9+R9pm3Zygp8lqkGL1tXTcAciLt4g6O5vsNXf3yt51mJwE6Q/1tdTvrciAB98WAPbm6+xHJ0CmwCjP+xE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508259; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=f97sAgovvneMg91EA00GUYMTrKlW3fVlRmKKW6/GCj4=; b=T5ks/TXUnNH0kWyayKWChhaZSRzr8aOKeUgbYAgYkb4u/j/puFbExItbIb3ajOHJO/i6MHuIQcufjXCGVxx8Ye3RZBzoBf7APtq3Atv++PZxtvpQEJeIRvWhC54hb3t6PsoBB2AL5PzUhLTKaf6hf15bY6fHU4HcjFu/shXl2vc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508259246292.1874373797498; Mon, 11 May 2026 07:04:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDU-0004TV-I9; Mon, 11 May 2026 10:02:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCJ-0003xS-VU for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-qv1-xf34.google.com ([2607:f8b0:4864:20::f34]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCD-000652-Qo for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:27 -0400 Received: by mail-qv1-xf34.google.com with SMTP id 6a1803df08f44-899d6b7b073so41530076d6.2 for ; Mon, 11 May 2026 07:01:19 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508078; x=1779112878; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=f97sAgovvneMg91EA00GUYMTrKlW3fVlRmKKW6/GCj4=; b=ETRMC4sfA1Z82+wV3pWhD2VKWZHslY378RZXbfJH9iDScQXvmR5OOWpsZk3ALA+WAy kE00+c6kv7teSVQ3mLHVan8rKNnsIer9biEz5e1OGP1oIZtQBxIJkCKkkYNyqm+abejg omXSrEiE31AL0tX0NtDLScjZ+9VqF07kPGhBsENJHm1hS3yrbxgv+FYKtvDOeLD4ubby qgqujdJZ2xaAOtG+281j59sMVSdkPpc0FVC4Dm1CQ79lEkzn9Oi9tbvqcq0aMFyGu702 aKZjL+3pJ94WOooXHAz7lGP+iT+GlhmjAB6VU53K426NLNhtS2vwF6Ao/H4QifsDQ0c3 uCHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508078; x=1779112878; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=f97sAgovvneMg91EA00GUYMTrKlW3fVlRmKKW6/GCj4=; b=fgu6KUOehJbfJobHyBzdz+n1ZKHMG/KJCisJdliMVLYGYuzcvLT1z9gwkhL7AENY2x 7ItMgdZVkTLJNamK0Xz40Ha9azN8IjPaw8L6uY/QnRx9WjDNkcUbAYKuiqkXd+sgQjcK RHML3QG+lMFTO1Z1KSa36aSG0XlHKy4Aec15QV12v8raZlXSmO10o3lyC8jIRQZ2lwF/ aHSXKw/xzcav9uT1WhoxiA7pZe8ZvPSMJIyEsTU02mkWxpDZX/OKR7Ow7/4bGvqblKKg hFVJ5vUYsBIgUeVgKtOcr0gnqlB2gHgndNhEZok3yqwWHHO/Y7OcJ2jIx44tSkcOrPjh ZZPA== X-Gm-Message-State: AOJu0YyWI+HAZGzt9eMsL3Ep7BHZysG+LSeFI59taDSTYyZfu/wm2nk3 MAA6U1mSyaZgLAhHOoQST/NiWvTN1+ADl95icxsIYChsJCDa1mBj1c2D X-Gm-Gg: Acq92OGy46ivD/W/MNpow3ZYVgW2FHfADmvH23DazcxPjPlmFwRgMOtNtSKcsbveofE 0O+1IYGpAGMZgH8CY6R7f9gCAoYz3TkIQ4l7KV5EtV75dxpg1hYw0/ms0d7lCfRTsUDq9+nq9pW OUyOQX5jFV8vskZ9MKJ8Cip5+rMHUFmNlxaxXWCmp1XpGLdAApyrCrUynOOAvy1a9pfTfK/9YOl wTmre2+tr3meoZm/wWi7Wy8g88CXAYGrKsI6ghuiVXRSCtr/suz6WM0/g+umEPzD8TDhO4k5f82 pN8sRAti7UcJ7JUUJXcYhpDQXGrrmbxH2wpNRwFLpg5SS2uH3D5+dU+B9oxa3jCGZSU0TI5TAE1 9JJptzD45IR8ttoaJq/BUFnnklaG78uNCnNvD3565hdysfoW+wZEzmzlM2rG/nZo+IEI9QNnJ58 fs9RlIfTjxmVxF/1L5ssyE2CjoDFuf85ZTMBKYsGoG X-Received: by 2002:a05:6214:5b85:b0:8a1:34df:bbe3 with SMTP id 6a1803df08f44-8bc443d5a41mr375890326d6.28.1778508077796; Mon, 11 May 2026 07:01:17 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:06 -0400 Subject: [PATCH v6 08/15] target/arm: add canonical MTE check logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-8-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=3812; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=2L9HEB41G779r2QZ9fho3irTF36kpNHlmsTc5qrI5Vk=; b=Vpcq9R//+VLC04ga57rQKsKOEbpVXVwtxyRN6O0xolCeiTKkm2XcrGM+BEeTQNavAcKaL+N7E SCin8q8DFwLAnsmPOfzQdEzT1L5gTRgC8+Pe3YLU/s0rf7Z1t8znYGh X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f34; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf34.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508259820158500 With MTX active, address tag bits are checked for canonicity if the corresponding memory regions are not allocation tagged. See AArch64_CheckTag. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 6 ++++++ target/arm/tcg/mte_helper.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 192e6a2d47..779eafabc8 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1629,6 +1629,12 @@ static inline uint64_t address_with_allocation_tag(u= int64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 +/* Return true if mtx bits mean that the access is canonically checked. */ +static inline bool mtx_check(uint32_t desc, int bit55) +{ + return (desc >> (R_MTEDESC_MTX_SHIFT + bit55)) & 1; +} + /* Return true if tbi or mtx bits mean that the access is tag checked. */ static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 61cdf92c54..d35e3ef04d 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -858,6 +858,14 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, mem1 =3D allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, MMU_DATA_LOAD, ra); if (!mem1) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTag= ged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55)) { + return tag_is_canonical(ptr_tag, bit55); + } return 1; } /* Perform all of the comparisons. */ @@ -873,18 +881,24 @@ static int mte_probe_int(CPUARMState *env, uint32_t d= esc, uint64_t ptr, =20 /* * Perform all of the comparisons. - * Note the possible but unlikely case of the operation spanning - * two pages that do not both have tagging enabled. + * Note the possible but unlikely case of the operation spanning t= wo + * pages that do not both have allocation tagging enabled. This can + * happen with or without mtx (canonical tagging) enabled. */ n =3D c =3D (next_page - tag_first) / TAG_GRANULE; if (mem1) { n =3D checkN(mem1, ptr & TAG_GRANULE, ptr_tag, c); + } else if (mtx_check(desc, bit55) && + !tag_is_canonical(ptr_tag, bit55)) { + return 0; } if (n =3D=3D c) { - if (!mem2) { + if (mem2) { + n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); + } else if (!mtx_check(desc, bit55) || + tag_is_canonical(ptr_tag, bit55)) { return 1; } - n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); } } =20 @@ -999,6 +1013,14 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint= 32_t desc, uint64_t ptr) mem =3D allocation_tag_mem(env, mmu_idx, align_ptr, MMU_DATA_STORE, dcz_bytes, MMU_DATA_LOAD, ra); if (!mem) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55) && !tag_is_canonical(ptr_tag, bit55)) { + mte_check_fail(env, desc, ptr, ra); + } goto done; } =20 --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508166; cv=none; d=zohomail.com; s=zohoarc; b=PpB7UWTxhcsudskfxWkYgFbX7CnkAvUNSrkcJoIl3Qayf9m9JL+PySF21geE88mRRmjUz6GZ/v60g6Bui2LTnYx9G0uvxmhMNZx905Qv4eUh+Pier7kRGJ0PlxPjKge4QKfVC9kjCG02F8qF97GeZ8t+teZh9JwhtXwA4zc86rg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508166; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=flsMkxVZdaULEyDvpuorZkfSVk5CbpOpC/8S7Sou9gw=; b=d1aV79abt/UoQQlqxUiMl7cjCBWW5dpvZ1DTMKWqIj6+uCe9p0QU9K/iA3Ty/c7is+crKyRlrqu7cE91VscjnOZr8kNcS7HxZ6q4T4/RGQVRPGs75NLtWh/M7Gbr3K2MM0fDW446t1PwTbBN+aUQPlGtPoyCPrZdVs3S8Q8C5ns= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508166382750.2555818840302; Mon, 11 May 2026 07:02:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRD9-0004Ew-CT; Mon, 11 May 2026 10:02:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCL-0003xY-By for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-oo1-xc2f.google.com ([2607:f8b0:4864:20::c2f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCH-00065E-3r for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:28 -0400 Received: by mail-oo1-xc2f.google.com with SMTP id 006d021491bc7-67e09232daeso2654647eaf.2 for ; Mon, 11 May 2026 07:01:20 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508079; x=1779112879; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=flsMkxVZdaULEyDvpuorZkfSVk5CbpOpC/8S7Sou9gw=; b=Uit0JQ98woHF3vWhoYDY3Zv+8vnXerk2SDFr9MNuOF98bhz7vPEQijJIOAgfc7FarG j3i9jhrHeulnjL6oGRKPpw/Qhh3RMf58hcIuh8f6U5aNUoo+Z1Z2Ojz969aUtEk/qXLd Mb/gJwjxL7vPvz256r0fw3EG4gtOZypO/sIBo1vAb+yIrMfBr3azjVI7BOozhaSGUBTo V3c2bjtVatz47DunrJmVGcQ2sno+y1J5biBV5usFb4E+1vujIXxJu/DJ1sdFmBYbq+NX 4cSWxAKAtmbfyE3T6bgaEHZ/9CDGWPi5s3PIpsAlT5ymIgZNvc0StlibEv1wmL9YkX+7 mFnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508079; x=1779112879; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=flsMkxVZdaULEyDvpuorZkfSVk5CbpOpC/8S7Sou9gw=; b=prTF71MbUeThUT/wpAkELIjr7FRoiPYZSfGV96XELBDpCo8X0ObZMK4CsBtEqAked5 irqIDvVEUclnwSavyhvZ82s0S9FwcW9QYx5BJXxH22TWDk9CAAH4JYwdae7Mj+ewWH42 ixN2rtwVo3M4Pg37Vsu2PII/oTTMdRSYTF2Qzlq6A9RS73wjtDdN/Z/wDdk8puWB20pk mzV/KHbWeWJfpsZacMKr/qJlaV3E506FsNTGpwXfWkItC1Wjbjts4a8FVHVVv+gyJzs4 I/CrHld2/u3eTGk8UGOyZxMCyJqirmorQSvNh9YYiDYTwpDkssqfCpB10SedierNaaYQ ebzQ== X-Gm-Message-State: AOJu0Ywdrc/UaMaTARDaVKSoS3K1QNwz2zvHBL5mHUTtKE5A933QR7Qt of4jyW8MMOc7NpBajn44exzfqBwzL2fO7ce6RRBrBhG4PIyCnvX0IsLr X-Gm-Gg: Acq92OGGSyMk51y8KC9KGDWv8N9yCO6KTTVQgebPrQADxV1COQKp35LHQTCJDkQoP97 IblBfV9diQcMhycrkzbPVH5Hg+Rfyf0O1r8suFHyTtmlOtrkr4SI/QvAh+F04jmpcjM3tnahnHr 9cthrXeM8417F+ZaNMMcZN1noKOqgwIpi+AjPzQG1/giBCKZjtOHuaRm5OUp9FxCVpANnPE5ctY 6HRzFYcfdI9N3JRCp5F8iwW0gsO3+QddwbbHyiMzEShW2v1NWrOMVfiTiN8Jhf4ztwvNnF2M56Q vyuOzcpWgQT/SeydFNXsNdKygRf7tEFrlRdd7lRQEpP2lNZxo4SwJwOUJe1n+Eyk9SNULZWxKYe mFE1ftTt1goJRZjp4qaA/9k/CIwTqXmHnxLVo5RJ/IZKbqndhlrNVzHuwG8RHnyxEu+JQ3mXeYB NgWcdZdHFNLaiQl0qN08tvm17y9fFtf48aTJ7Ay8H+ X-Received: by 2002:a05:6820:3383:10b0:69b:569b:e64b with SMTP id 006d021491bc7-69b569bee6emr1282078eaf.40.1778508079065; Mon, 11 May 2026 07:01:19 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:07 -0400 Subject: [PATCH v6 09/15] target/arm: load on canonical tag loads ext bits MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-9-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=4361; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=+Y8JKofNZz02HbynA8gMOZLU9OEkRKp61GT6ZG95lao=; b=upB0YcqqUbet/AhhWv5Cqx/DisGx8mgiNKBWp1TWKod6ufddZUnqQZUcLuAEPqgT0swfSwy9k lKZxdtyWgsrBXvC5Tj/WVmX4f+3ZIA2XendeCR/jW91Wi7aebtrqyB2 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2f; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508170656154100 Loading tags from canonically tagged regions should use the canonical tags (extension bits), not allocation tags. See AArch64_MemTagRead(). Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/helper-a64-defs.h | 4 ++-- target/arm/tcg/mte_helper.c | 14 ++++++++++++-- target/arm/tcg/translate-a64.c | 4 ++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index 3c3c5dddb7..c08c8c3991 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -102,14 +102,14 @@ DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, en= v, i32, i64) DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) -DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64) +DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64) +DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) =20 diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index d35e3ef04d..c382f0149f 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -304,7 +304,7 @@ int load_tag1(uint64_t ptr, uint8_t *mem) return extract32(*mem, ofs, 4); } =20 -uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t= mtx) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -317,6 +317,9 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, ui= nt64_t xt) /* Load if page supports tags. */ if (mem) { rtag =3D load_tag1(ptr, mem); + } else if (mtx) { + uint64_t bit55 =3D extract64(ptr, 55, 1); + rtag =3D 0xF * bit55; } =20 return address_with_allocation_tag(xt, rtag); @@ -458,7 +461,7 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) } } =20 -uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) +uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, uint32_t mtx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); @@ -476,6 +479,13 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) =20 /* The tag is squashed to zero if the page does not support tags. */ if (!tag_mem) { + /* Load canonical value if mtx is set (untagged memory region) */ + if (mtx) { + bool bit55 =3D extract64(ptr, 55, 1); + ret =3D extract64(-bit55, 0, 1 << gm_bs); + shift =3D extract64(ptr, LOG2_TAG_GRANULE, 4) * 4; + return ret << shift; + } return 0; } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index cd86178d56..5fbc54de4b 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -4711,7 +4711,7 @@ static bool trans_LDGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_ldgm(tcg_rt, tcg_env, addr); + gen_helper_ldgm(tcg_rt, tcg_env, addr, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_LOAD; int size =3D 4 << s->gm_blocksize; @@ -4746,7 +4746,7 @@ static bool trans_LDG(DisasContext *s, arg_ldst_tag *= a) tcg_gen_andi_i64(addr, addr, -TAG_GRANULE); tcg_rt =3D cpu_reg(s, a->rt); if (s->ata[0]) { - gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt); + gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt, tcg_constant_i32(s->= mtx)); } else { /* * Tag access disabled: we must check for aborts on the load --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508195; cv=none; d=zohomail.com; s=zohoarc; b=N/xjfkXiKnctvYfDvusN9xSwk3a4LWQ/gB1V3iOqfn3QNwGcS5GasCsAj7lcxNDlZ2grFW00XhHxFbtZKvWfwQa0GZ7c0v0Ic9hA6PIAvn0inTwiXriI3uYzIW3Q9kulxRlWczER/BUgDXHrNi+xF/vtWgzpGsJkWR/CWdSvA2w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508195; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Bur84z7/tp7wbJqDIDIhrS9GGOeBSlZHYRFrNaLDFcE=; b=ZXeoLuGrIsaxXZqEJLVQTyEg4uaBGF/2QgJsVpvcxI5KEk2zd1vk3SORqz24NI9gTUWJgvzHRDHuu1Ahs77kRu67coEsmyq8GGDN1tezrWRjsvVdwBRfctH2c7LDkjCEkGRu0agM+y9xmqfnTIqajRlzn773DIJamdEI1xp3QcE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177850819507714.734828678905387; Mon, 11 May 2026 07:03:15 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDS-0004RP-RH; Mon, 11 May 2026 10:02:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCL-0003xb-Uc for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-ot1-x32f.google.com ([2607:f8b0:4864:20::32f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCJ-00065N-3D for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:29 -0400 Received: by mail-ot1-x32f.google.com with SMTP id 46e09a7af769-7d55b97f358so3102824a34.3 for ; Mon, 11 May 2026 07:01:21 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508081; x=1779112881; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Bur84z7/tp7wbJqDIDIhrS9GGOeBSlZHYRFrNaLDFcE=; b=WBDZHUlLUqW8SIZPuf/ZEZrJ+iK+EhdlNQo7krTS5nCpgBiNR+SX08J8bbR8Vxpz1m 1NCNu3vbPbQOh0heNeskZ237vJYpAknWMjrVXS6AENduR3TwR68abVuRslZOQIHmk07T z1zwKQWLMj1dbXsELkd+MKgoLbrMwl4+khHH45hBTH6MzzD/BLFMmDAHnlNUZxVPM0G7 hXTHd+PzFgWFfI9JM9hxaRrdgtFbZmh/ub+qG8NKMI7Ah3tHIVR5vMumQ0xyIMAnqW2Z ma3NrqzybrkNtYYNtq7pJei9fz2Rvb90kbE7ojPzDLdzOgKyklcOp9FegqAxHL3xWMf+ 2iQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508081; x=1779112881; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Bur84z7/tp7wbJqDIDIhrS9GGOeBSlZHYRFrNaLDFcE=; b=ofVW3AOqj6my8i96RHoxZTORVVM3789rkzmygrvbLVDnkpytBQJiLEkFf0TRKvLGho +At3equ7EqRqOnjU1NYjf7V+ozT6jdgj2ha1XWQrcOUUNLMhqbSbr30B2SgcQ8HHt00A fiBdFgljMKvf0Q5ScCblKVlDZqCqHu2mAiJ0pyJkCrEx8ETdcZShXLPW9oPAeJQOVi5g LQ0pRNwCP8aQH/IDKAsOkImRrRP+rsuZXV8zuapSnRpMvGYNDqJugEPt20BZQFMSRAIk lyqzmhurnz8+gtMQWtLtkCj5udUd0VlOVj2d57dMfFn1rcWnt6OCvY7NQlAvwedmVuO5 tJwA== X-Gm-Message-State: AOJu0YwlwkyNJy5feXLYbKslzocNuG9ks+WM7Fir+nBrD4YiJ2hFHCd9 sheptSekmk2xUXdaembEJnL/xj3CaSpbxOhAdY2pjbNJfVvXXmVb3Kmd X-Gm-Gg: Acq92OE/2AaujXtBgEWv90d2i7fdXipgyIna3kTp+7c9GvErufKoUaehb+w7mi5Osqi gzOJFRcFkBV4pmkxB/WWGU01K74WiVBAGdkhvMdNjHU93GMI+liEBmDseYVCqmSMkQXy3unqJQo f5SIOUaLt1K+Ym4ZR+h7fNTLLTGRoKijE3u3qZs+SMKirA0ibSmWVPYPvKvEPRsndcldUhsXMm/ qYlvcvFuSgsg76jU2XdJi+0XjlOzQEeuvva87WoWphWf6dvYfqSTQNP2z4eLsWWosqaF77VsU52 dZAvh99969Sj/dQl255BQtzZpY9kJy5pmb+2coRsG97I5SONRI3/318cW0c0nGY4eDDiyBUEXzQ QRdbF9kLbSpe0QuDCRSsLP/0HA8RkR99es0O1K73u3QN995iFvKiBRDWBtU/1BzmaDUSUsiIVh9 ir7w1dPgjubVBuPwdDWK8DEge7hn14Sz2wBaIyxaQM X-Received: by 2002:a4a:e915:0:b0:694:a4a6:7273 with SMTP id 006d021491bc7-69998cfe645mr12929348eaf.29.1778508080356; Mon, 11 May 2026 07:01:20 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:08 -0400 Subject: [PATCH v6 10/15] target/arm: fault on tag store to canonical tag MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-10-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=11322; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=ZeBIvrKYLUBiPohNnNtsMiXiIaGfMVpInN54LafeNVg=; b=tvEsZDk6/klp6Pwtc5hQpPxi0S7SSIWF6HwwNxIjL1wLDVY2YhSHNVxXy8Hus9LLmLwlOEvlG 7FyIhUk9kPKBRIEsnkJ2vUt4HLqk58zut0W+9jy4CHHh2KdLRX7jUbB X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::32f; envelope-from=brookmangabriel@gmail.com; helo=mail-ot1-x32f.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508198048154101 According to ARM ARM, section "Memory region tagging types", tag-store instructions targeting canonically tagged regions cause a stage 1 permission fault with MTX enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/helper-a64-defs.h | 12 ++++----- target/arm/tcg/mte_helper.c | 55 +++++++++++++++++++++++++++++++-----= ---- target/arm/tcg/translate-a64.c | 26 +++++++++++-------- 3 files changed, 65 insertions(+), 28 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index c08c8c3991..136d246a68 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -103,15 +103,15 @@ DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64= , env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) -DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stg, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(st2g, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) -DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stgm, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64, i32) =20 DEF_HELPER_FLAGS_4(unaligned_access, TCG_CALL_NO_WG, noreturn, env, i64, i32, i32) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index c382f0149f..dca4ef5a94 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -231,6 +231,19 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, #endif } =20 +static G_NORETURN void canonical_tag_write_fail(CPUARMState *env, + uint64_t dirty_ptr, uintptr_t ra) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(arm_current_el(env) !=3D 0, 0, 0, 0, 0, = 1, 0); + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, exception_target_el(env)= , ra); +} + static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -360,7 +373,7 @@ static void store_tag1_parallel(uint64_t ptr, uint8_t *= mem, int tag) typedef void stg_store1(uint64_t, uint8_t *, int); =20 static inline void do_stg(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -374,17 +387,20 @@ static inline void do_stg(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page supports tags. */ if (mem) { store1(ptr, mem, allocation_tag_from_addr(xt)); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 -void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1_parallel); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) @@ -397,7 +413,7 @@ void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) } =20 static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); int tag =3D allocation_tag_from_addr(xt); @@ -420,9 +436,13 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page(s) support tags. */ if (mem1) { store1(TAG_GRANULE, mem1, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } if (mem2) { store1(0, mem2, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr + TAG_GRANULE, ra); } } else { /* Two stores aligned mod TAG_GRANULE*2 -- modify one byte. */ @@ -431,18 +451,22 @@ static inline void do_st2g(CPUARMState *env, uint64_t= ptr, uint64_t xt, if (mem1) { tag |=3D tag << 4; qatomic_set(mem1, tag); + } else if (mtx) { + /* Writing tags to canonically tagged memory region: faults */ + canonical_tag_write_fail(env, ptr, ra); } } } =20 -void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mt= x) { - do_st2g(env, ptr, xt, GETPC(), store_tag1); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_st2g(env, ptr, xt, GETPC(), store_tag1_parallel); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) @@ -528,7 +552,7 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, u= int32_t mtx) return ret << shift; } =20 -void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val, uint32_t m= tx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); @@ -548,6 +572,10 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint= 64_t val) * and if the OS has enabled access to the tags. */ if (!tag_mem) { + /* Storing tags to canonically tagged region: fault. */ + if (mtx) { + canonical_tag_write_fail(env, ptr, ra); + } return; } =20 @@ -577,7 +605,8 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint6= 4_t val) } } =20 -void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val, + uint32_t mtx) { uintptr_t ra =3D GETPC(); int mmu_idx =3D arm_env_mmu_index(env); @@ -601,6 +630,8 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr,= uint64_t val) if (mem) { int tag_pair =3D (val & 0xf) * 0x11; memset(mem, tag_pair, tag_bytes); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 5fbc54de4b..68f476621a 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -3031,7 +3031,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3048,7 +3049,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3865,9 +3867,11 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair= *a) /* Perform the tag store, if tag access enabled. */ if (s->ata[0]) { if (tb_cflags(s->base.tb) & CF_PARALLEL) { - gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } } =20 @@ -4647,7 +4651,7 @@ static bool trans_STZGM(DisasContext *s, arg_ldst_tag= *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stzgm_tags(tcg_env, addr, tcg_rt); + gen_helper_stzgm_tags(tcg_env, addr, tcg_rt, tcg_constant_i32(s->m= tx)); } /* * The non-tags portion of STZGM is mostly like DC_ZVA, @@ -4679,7 +4683,7 @@ static bool trans_STGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stgm(tcg_env, addr, tcg_rt); + gen_helper_stgm(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_STORE; int size =3D 4 << s->gm_blocksize; @@ -4795,15 +4799,17 @@ static bool do_STG(DisasContext *s, arg_ldst_tag *a= , bool is_zero, bool is_pair) } } else if (tb_cflags(s->base.tb) & CF_PARALLEL) { if (is_pair) { - gen_helper_st2g_parallel(tcg_env, addr, tcg_rt); + gen_helper_st2g_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg_parallel(tcg_env, addr, tcg_rt); + gen_helper_stg_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } } else { if (is_pair) { - gen_helper_st2g(tcg_env, addr, tcg_rt); + gen_helper_st2g(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx= )); } else { - gen_helper_stg(tcg_env, addr, tcg_rt); + gen_helper_stg(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)= ); } } =20 --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508203; cv=none; d=zohomail.com; s=zohoarc; b=E6GIpzkZYIe+i2/3u2/4AR62jNKhMT+oGwVSrHEy412ye+CGK2LaUOFcYwUOAZwAaGswTGLyYmLmgsqXIO7KFVa46S8ZinvkYmx2uAMOewI7MYTqJTSQ2IgY2T1hJCyRrdBuuFUusc1gpPpNQybB5EGsxbUkzIXbLAkuFfivq00= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508203; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Do+ufpOA4YSJpqU1qNqftH/AxWOZ177vIBGpoAZmUk4=; b=bOH6qCjqIWGjjJrWspr5py37BHlVXJe+MJ3lVpCee6nP3ERRk4z7k/0musqq4LcNwcGesqldxG6fJeTyGxwyf9lsPzQ5EPSYqK+vSZxlznyGITmrG2Ng7qg5LjpWTTjWagCb6A+4apjbMuVCUqkzwRyzA9PSUd7fCpqlosBvfyw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508203274555.095146306412; Mon, 11 May 2026 07:03:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRCs-00044n-Sf; Mon, 11 May 2026 10:02:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCM-0003xf-OG for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-vs1-xe2d.google.com ([2607:f8b0:4864:20::e2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCJ-000663-Lw for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:30 -0400 Received: by mail-vs1-xe2d.google.com with SMTP id ada2fe7eead31-6313c800372so2265063137.0 for ; Mon, 11 May 2026 07:01:27 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508086; x=1779112886; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Do+ufpOA4YSJpqU1qNqftH/AxWOZ177vIBGpoAZmUk4=; b=dQIX7OwEoo0B3dfqJ241fdeZu1AI+nM3BnptVv8/i5Pi5jgU+CW+7FUfeOqR9eSUWV 5t61FVCtF6MpGMdgi9BAzWkzvkDpf5A9PHDRE6fJLuMWyTurfoXcsnsild5LW5a8biCZ PtDm8w330aRlGCkNEk5SNsjzm6fDWVOdX4/wf2lz8viP5i6OAFZKn+3sm1vJCAUmKtnY eDgi9LkOYxGf1s7oRkRomC8eU/7eYJR2NC+uXF2scjBh/uABWZhamtFiUJyUFP78/ASV 77cVmQ+KJwH0HiWeG+jkV378VewIyVLdxfwPeuU1cISqaPGyv6fGyon4K7q/crsUVlGD mD/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508086; x=1779112886; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Do+ufpOA4YSJpqU1qNqftH/AxWOZ177vIBGpoAZmUk4=; b=hbXelLqsYkuc/YnzgSA1n8gzKta19e1YuLS7aU76LMdGdKNXbuuJ5Wa1Xvwv8MSXYI XlyGcVDCORy+H4TumOF5zO7UPOtY5hGt8V4Z2vPyeHUudeEzoeeq6U/f6Z8K8rqdMXF0 augwhBmtqvECYbBbJZLHM61AjbJm7nG2c1+x8kLk/BfMvuvTKtXlH76bxyGeZXaay6fR TwO0IvCEocf90FdcbhnJVYazvE9tJmANYfPGDZ0fdZ12jP/0E//GJ+fZBrwomA+DFvwB OSrj7vi2MLSN7C+GEi08s3cqCmfzQWFkmYH0Zz48D6CXJYCJ/qtjELGhl0CEbk6qxxHR XPeg== X-Gm-Message-State: AOJu0YzW3eGXy8wnC86VI9hxGAXLcMnM0v+q5bXazehWI9Q821VSvcbf xIPpFeVGCVNDBfmhNYke3fOMw3ximtvEXIApx6AV4UM3YaRCQYqYb4sQ X-Gm-Gg: Acq92OEpGvrEBRAng3jsSH5bzSJoUzKb36KG9hmB1Hei7BhRAbOlk6M1NdyZKJ5Bpd4 y938gKQKAs0AX7CcjUog8gKQEvjN7ma4YT0IGvigTq0y/grZ19iWvKvY6HAKvCV/ea9y55zZIvV 7/9Nrblt888O2TpeS0knOTN8+q4DAxk/QuYrMZNrkALxScEZC3Gwkub+qsCYRqehfs4ZEgMEU73 lQUGTz66m/txHGjk431dQQgDnEm6e0UrT4V6keBe9bwFMWITGCkEeVwpBHqXJjZUxMOuxK51UoC pJ9MtTmz9lrEBiha1v5tZuDMGM7r0ijtiAKD4dP2MWZBVkCInosuUHZa4eHw/zhldc5iD/HE13j sFS1z5kaUNzpC6xs6VIrinE93wq3itYTsBiK5Z+wFqviV8vyjFKhG6bpDkELAu38Jne19ThNRHk qrB56WiCYFPVs1Q6XfyNL9CWfwyz5ekcS5pj7LUM/SybC0P2R7T3k= X-Received: by 2002:a05:6102:3a0c:b0:631:8665:3510 with SMTP id ada2fe7eead31-631dc7ac519mr3885381137.31.1778508081818; Mon, 11 May 2026 07:01:21 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:09 -0400 Subject: [PATCH v6 11/15] target/arm: skip tag bit bounds check if MTX is on MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-11-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=5222; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=8jE/ExnW0afjmNINEpEf2ghGWWW+eTv/eM0GgsItKvo=; b=IzdpqFoLBsC4f/A5VQt3FOCjt3HJPfl8/b+lLGMG4Wf+JhG9U/uYBm8GGrgbQQNtqhPh9lf7B nb1g7CQhkX8DpCHSUB3BqS1jOLvhe5aG4D9PWwp+Lhh9kaXL8rnOULl X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::e2d; envelope-from=brookmangabriel@gmail.com; helo=mail-vs1-xe2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508205184154100 Virtual address canonicity checks should ignore mismatch in tag bits during translation step if MTX is set. This mismatch is checked during the tag check instead, in that case. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/helper.c | 6 +++++- target/arm/internals.h | 1 + target/arm/ptw.c | 35 ++++++++++++++++++++++++++++++----- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 18352bd186..0e70822d34 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9693,7 +9693,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, { uint64_t tcr =3D regime_tcr(env, mmu_idx); bool epd, hpd, tsz_oob, ds, ha, hd, pie =3D false; - bool aie =3D false; + bool mtx, aie =3D false; int select, tsz, tbi, max_tsz, min_tsz, ps, sh; ARMGranuleSize gran; ARMCPU *cpu =3D env_archcpu(env); @@ -9730,6 +9730,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ha =3D extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu); hd =3D extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu); ds =3D extract64(tcr, 32, 1); + mtx =3D extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte_mtx, cp= u); } else { bool e0pd; =20 @@ -9745,6 +9746,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 12, 2); hpd =3D extract64(tcr, 41, 1); e0pd =3D extract64(tcr, 55, 1); + mtx =3D extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } else { tsz =3D extract32(tcr, 16, 6); gran =3D tg1_to_gran_size(extract32(tcr, 30, 2)); @@ -9752,6 +9754,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 28, 2); hpd =3D extract64(tcr, 42, 1); e0pd =3D extract64(tcr, 56, 1); + mtx =3D extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } ps =3D extract64(tcr, 32, 3); ha =3D extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu); @@ -9851,6 +9854,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, .gran =3D gran, .pie =3D pie, .aie =3D aie, + .mtx =3D mtx, }; } =20 diff --git a/target/arm/internals.h b/target/arm/internals.h index 779eafabc8..d313d36603 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1407,6 +1407,7 @@ typedef struct ARMVAParameters { ARMGranuleSize gran : 2; bool pie : 1; bool aie : 1; + bool mtx : 1; } ARMVAParameters; =20 /** diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 467d815e0d..64778a7649 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1951,9 +1951,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1T= ranslate *ptw, * validation to do here. */ if (inputsize < addrsize) { - uint64_t top_bits =3D sextract64(address, inputsize, - addrsize - inputsize); - if (-top_bits !=3D param.select) { + /* + * If MTX is enabled, bits 56-59 aren't checked for canonicity + * during translation, since they will later be checked during + * the tag check step. + */ + + uint64_t cmp_mask =3D MAKE_64BIT_MASK(inputsize, addrsize - inputs= ize); + + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if ((address ^ -param.select) & cmp_mask) { /* The gap between the two regions is a Translation fault */ goto do_translation_fault; } @@ -3513,15 +3522,31 @@ static bool get_phys_addr_disabled(CPUARMState *env, int pamax =3D arm_pamax(env_archcpu(env)); uint64_t tcr =3D env->cp15.tcr_el[r_el]; int addrtop, tbi; + bool bit55; =20 tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx); if (access_type =3D=3D MMU_INST_FETCH) { tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx); } - tbi =3D (tbi >> extract64(address, 55, 1)) & 1; + bit55 =3D extract64(address, 55, 1); + tbi =3D (tbi >> bit55) & 1; addrtop =3D (tbi ? 55 : 63); =20 - if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0) { + /* + * With MTX enabled, bits 56-59 are not checked according to + * AArch64.S1DisabledOutput. + */ + uint64_t cmp_mask =3D MAKE_64BIT_MASK(pamax, addrtop - pamax += 1); + + if (access_type !=3D MMU_INST_FETCH && + cpu_isar_feature(aa64_mte_mtx, env_archcpu(env))) { + int mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); + if (mtx & (1 << bit55)) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + } + + if (address & cmp_mask) { fi->type =3D ARMFault_AddressSize; fi->level =3D 0; fi->stage2 =3D false; --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508260; cv=none; d=zohomail.com; s=zohoarc; b=nvi+kC/fuexuAxjuUkBeA9LyrF8QUGEtKAQAB8d0t+RAywQY7xeQn2+Hv+D2G9Wn4X5V9eZ/ZyKJVE9erbGvyCrgVSbt2oF7qBZOVKhwg13BNPhKOWvayZV/phL/rUVAyka/dsLWVdv8+xSGKeTtPpR5KsM8891Oq4vjLwCvm4Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508260; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Z0It7ZRSCTmVvD9ADLP48nXZfmNmQA+tr9NQ0jfyGKw=; b=Mce/nVrVrjKSpjNcsnLi6JMJMuXNhSyQgdKAWBbB/XJegg4A5hfoNQA6E/5yDOg09+Eb+eKzWMuzY3L9nFMe6ky50fWqGziVYnDU6xoFISUjBLXepmj9F6S7onshEI47tvsce8DHb96g+VZQYT3kSG74HJDNGX9DAO44JR/F+Ps= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508260858290.3863291226701; Mon, 11 May 2026 07:04:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRE1-0005Mg-3W; Mon, 11 May 2026 10:03:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRDo-0005I8-9Q for qemu-devel@nongnu.org; Mon, 11 May 2026 10:03:03 -0400 Received: from mail-qk1-x72c.google.com ([2607:f8b0:4864:20::72c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRDm-0006Vx-G3 for qemu-devel@nongnu.org; Mon, 11 May 2026 10:02:59 -0400 Received: by mail-qk1-x72c.google.com with SMTP id af79cd13be357-8f231f3b130so323184585a.3 for ; Mon, 11 May 2026 07:02:58 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508177; x=1779112977; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Z0It7ZRSCTmVvD9ADLP48nXZfmNmQA+tr9NQ0jfyGKw=; b=o2tTHkfgAYwHIVIfM09K1zno74ald0u0VTcd9cDAvjr5OTgfwGHUJ9+5mNXRgvfClF yyNZhAYfcc2qEqcJZ5pEHqmbxxGt1FjUqXhYczP2LF+KIxwGl81O6NQy+8VtYoZIv24e QIrSpbu/tIdXRHmFZ2IM0g0KhglGETKsr2EjLE/ODHTdXC/owHAucLzvEuvB0HlmrUuf kC36aMeXn6RRXYhpv0A9NBIVqIbmW/bHriwxdylib8XMX2vxkT/jIw7i58GWXFys/2Jr 7rJEGngsu19cKai3bJ+izt4i8jjqADkEEuw2XSYsM68dFlBSSMWbDga8aozSlQlAAPWw NOmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508177; x=1779112977; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Z0It7ZRSCTmVvD9ADLP48nXZfmNmQA+tr9NQ0jfyGKw=; b=OuyCSUHGCXeGuJJWRHfngEFZaG0wjlSz20ekYEKtDx8E0+YDrzp/hV+tYfJcw2bikG 0k0nWwNqII285xA71WS+pGXXz0JuhTKogizSPq7LnKi1fvCi2Gsy6rANBsqZn8kaS75A btnlAVv/++xcAd9XRYOaIPhrOZaWVwDfHyhVM1OnIk23TwAcqIghiWUKDfzCxSHacNFZ eJshFv86JVs+VqhHz/RG/+ET/fB5JpQ6DHaDbGCB5Lq181POhqrmAYm0SjTGa9AUpndQ /RTTWYJ++6Q/rs2OmADT96YE/2Dp+ZllEBFLIbWbLXxV4FDJqPkz7xopeUE4KVaJjhdH qD7w== X-Gm-Message-State: AOJu0YxMRPMsm33d+kMNBlGTQnwnOraHQOUkO74O7hVmKwmb7x/nuW1B Ub4zWrHFJlR0GvrwiwQRqm5Jo3Y2dC40QaByztyuBapMYOk/XkXnVEaN X-Gm-Gg: Acq92OFvH0dsPvLm+bdfZ8iV1ZU4i3wNMj643Wm5sZh7o3INFu6/NHw49sifUdkTfXK UUjugkI7manXBkT4M4AN/EjLl3J7fhS/3EA1maQdx2ftezHZ7iuOdPCjGhmsBRtEBu1bra/5XAn BibifkBHyii/aoRfi7fKIv938U5RDiuFQMRwiBMz1Q/r8qjPWiNtWxTVdm7VwI1Ez0Abu1NZz6w LhU43Z1/X3HOUMd8FholJUuY7pglURNL3NJHPNKb5LQWrfmW9XPLAJrKM4lBEA2yRBVgwfqsHUa 4qJIQyPKGEQNLGxJP+YSsB9wunvQnOPAZbilxLgJ3mkoj0VAZj62eLE609tVVvtL7EvrohG+RXu ax6xfeeiTh4AkrQZmT5VTiIGv0++vzJ8PbeLidPzZKAtXsIB5owStcSEuTssPQswV6/K4MBoa0Z E8F+n7nrrmSoFiLPyArUxvakIArw1TVMebVBaAeUjbWsv/b5iCQBg= X-Received: by 2002:a05:6214:2b06:b0:8ae:655f:28a4 with SMTP id 6a1803df08f44-8bc45c270ffmr360030436d6.40.1778508086545; Mon, 11 May 2026 07:01:26 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:10 -0400 Subject: [PATCH v6 12/15] target/arm: tag is not a part of PAuth with MTX MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-12-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=3172; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=RY4Y7584EbsvGKO7XdM6s/BdRq7/FYp1wZOaWE4e+g8=; b=wDdxEc5bBmuhLGAaiwwac1GCFN6HDD+2N0iVSfXtEx38PtsXzaLwpyewr7ePbIzKf/t+cp+ky u6OCE78UDb4Dvd1OGp0hTttbVthDOT4WUdcz2DKnwN1mu+GHkHFuI/Q X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::72c; envelope-from=brookmangabriel@gmail.com; helo=mail-qk1-x72c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508261831158500 As described in the section on MTX, tag bits should not be used to store or compute the PAC when MTX is set. See also Authenticate(), InsertPAC(), and Strip(). Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 12 +++++++++++- target/arm/tcg/pauth_helper.c | 18 +++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index d313d36603..31b7e1c85e 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1809,7 +1809,17 @@ static inline uint64_t pauth_ptr_mask(ARMVAParameter= s param) int bot_pac_bit =3D 64 - param.tsz; int top_pac_bit =3D 64 - 8 * param.tbi; =20 - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); + uint64_t mask =3D MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_b= it); + + /* + * If mtx is enabled, second nibble is not part of PAC. See + * InsertPAC(). + */ + if (param.mtx) { + mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + + return mask; } =20 /* Add the cpreg definitions for debug related system registers */ diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c index 67c0d59d9e..3d83ca4c3c 100644 --- a/target/arm/tcg/pauth_helper.c +++ b/target/arm/tcg/pauth_helper.c @@ -342,9 +342,16 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, } =20 /* Build a pointer with known good extension bits. */ - top_bit =3D 64 - 8 * param.tbi; + top_bit =3D 64 - 8 * (param.tbi || param.mtx); bot_bit =3D 64 - param.tsz; ext_ptr =3D deposit64(ptr, bot_bit, top_bit - bot_bit, ext); + /* + * If mtx is active but not tbi, then the top 4 bits are replaced with= the + * ext bit, while leaving bits 56-59 alone. See InsertPAC(). + */ + if (param.mtx && !param.tbi) { + ext_ptr =3D deposit64(ext_ptr, 60, 4, ext); + } =20 pac =3D pauth_computepac(env, ext_ptr, modifier, *key); =20 @@ -377,6 +384,11 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, if (param.tbi) { ptr &=3D ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1); pac &=3D MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); + } else if (param.mtx) { + ptr &=3D ~(MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1)); + pac &=3D MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); } else { ptr &=3D MAKE_64BIT_MASK(0, bot_bit); pac &=3D ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit)); @@ -424,6 +436,10 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t = ptr, uint64_t modifier, cmp_mask =3D MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit); cmp_mask &=3D ~MAKE_64BIT_MASK(55, 1); =20 + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if (pauth_feature >=3D PauthFeat_2) { ARMPauthFeature fault_feature =3D is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC; --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508207; cv=none; d=zohomail.com; s=zohoarc; b=kIqZ0fYOaSe9Y/ccLNTUAvusFtcOtaHedxz+NuGJFgnFwWz8GUfMFwpgmD/GYSEVqfDMBgBx50nC9wzS6RKyKALSkuCqfVcGDj4Nkv5oBxftRoLQ6OkE0M269CgT1R4+gj9mbAUSB9VkIUWG4pLPj3lY9nozc2w5o/ak3hpymFc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508207; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=afJIVTz5uybzUW/+JHK7QLgA7117Iuvl2q4B8E8IFX5jrVMci2zWsgdZImAsxbK0mMmgrfn6LSQG130hlBTVZK/iq6YdbDdEI87ljfhmIj79W905tWNm29rju3ChasOHdmFPoK9QNWIn+Yv9OVvkig8uqiYwzJDGIeuSKoVERNA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508207206945.4812901913393; Mon, 11 May 2026 07:03:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDb-0004u1-Uk; Mon, 11 May 2026 10:02:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCN-0003xn-TR for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCM-00067H-0C for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:31 -0400 Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-679f6ee3fb0so1739422eaf.2 for ; Mon, 11 May 2026 07:01:29 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508089; x=1779112889; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=UBY1MUIACPLf3pvuVtFUk4UGEOP9ba0QK030NXUuRh+WPkuFvvGpvstlnyng7TM6C8 sAnHML0MFTgYEF6JEhRwYh5wSUZhUMoj8+naEdCv7Kw1bsTmBB0u44N2NmJxPXdU2jOq uWkNPzoe+4cKi88y+E3cNe0LR3MBrVCds1ZK/EYmUp4cMDDAi/8qn2X0luwp24Fi2qAl Wpk+mHt+cYXxoiUradYXYMrYaceOxTbec159+ONpCcr+BI48JuEXo+pJqOikY/hh/KP/ s0CUaUeFL/xA4i2GlrMyOxVYbi91Dmu9G7AwKYYwaMUdWYN9hW9gvd9Kp3gS4y0pGIoM Ycxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508089; x=1779112889; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/WgX7SoeZhIHg97bvyLdMZe+eYz+Kg1zGjHAsHbNvCs=; b=TK4yF0gy/BZnb7l9SFodHrejWi45FgQdxJmhvl3QyiCUbYHfC4eohdS/Q053neeqTe mN+eQ4c1+Ba99rdmjzYYw1/pmjVd4ik5tmzMBHdEBkOVUgrylp7LpVq9zq72RZqo08bq IC3uP2aCmdNYmO+v8XudFWHaJxzP4TCIm+ZcSqYsuvGdeq7F7UR3U+81uO4CWkCOupUD eYPyZTtWUjrPuhtI1yoA/8pGIyl3Tuqs0rcSudNvE6mVy4L+yh9NLUTFS/EPeqr0maJe Uwt4aOZnHRBmjnCPdagMXPK1TZW0jxC2148O4bupVH7WzL0Phh/BSRlWWUU+yrH5Ph8n 6Gyw== X-Gm-Message-State: AOJu0YxZzdUTuLCefZGZ3jfv1KxzgrK9HdIurKMIVZYVGDBNxPCEXsvJ gIMtBFLR6sWRv4ATzy3A6D+2ig1eM40zvfs0M6FlnRcNttsrGzxojQjt X-Gm-Gg: Acq92OHDiyqkbVcYdv5kZY0WeVvB8SqyTe4FWivL4hSfvtL0dVMc1yMxLTJ9PArZuIt lWHurKGoxn7f+0txkX4cH6sFSU6/hxIKFST6dJXN7mGTCU5m/0d+2iRbH4+IFMfw4g4bKrTc6UW Fpu8caN/zc0t4MKQsfTyj/kkEwMUhQwfgs1r5RkMdXokTgU1rpV02dd1FMi3TQyMLRzhoBx0byy 3nUrMGDXixvVhOfl/KculUQFiMgC2iP/iM+Ax/qOS1GUKcP2+Hh7CUoW4NtXHctoPHfZfcJ4GpA IBR6YpC6EVfjDO7+Yb3tf56L4agb0oQHf8OBqvuiUN/wcu7YPHsZ8XoU7MUMoZ+NrlZkJuXDbFm LT1fQMfBilOHzW7OyDdm0JTXd+9RMAr6yk4uaLm0gycTD90aziE5nYlbStYGD3TxDzfw3eORnOE ahfdt0KPBswsoR54abUxpO7b0xE9C1bCIXjhZI6+YuxeZ0tU3Z3r8= X-Received: by 2002:a05:6820:1993:b0:696:22dc:b4c1 with SMTP id 006d021491bc7-69998d1814cmr11770432eaf.29.1778508088525; Mon, 11 May 2026 07:01:28 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:11 -0400 Subject: [PATCH v6 13/15] docs: add MTE4 features to docs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-13-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=2273; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=ztIDgqfeOPD6qpIxmbbcUcgA0mWZp1FYw4KgD7jsfWo=; b=HzwKC+JzmmLiKYq7qv5jMsXvxhnE9DFGxM9tEQ4DCgS+bU07tUIolSoqg9GVLPhrVzP8bDBcC 4X7K1N24yeEDkfH01nOnDAwqrzQ4UTvHQV9eZmZnXddprxGoF9NOVA5 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c36; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc36.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508209196154100 The implemented MTE4 features are now present in docs/system/arm/emulation.rst Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- docs/system/arm/emulation.rst | 5 +++++ target/arm/tcg/cpu64.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index 8cd7fe7b00..c660074ec4 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -111,6 +111,11 @@ the following architecture extensions: - FEAT_MTE3 (MTE Asymmetric Fault Handling) - FEAT_MTE_ASYM_FAULT (Memory tagging asymmetric faults) - FEAT_MTE_ASYNC (Asynchronous reporting of Tag Check Fault) +- FEAT_MTE_PERM (NoTagAccess memory attribute) +- FEAT_MTE_TAGGED_FAR (Full address reporting of Tag Check Fault) +- FEAT_MTE_STORE_ONLY (Store-only tag checking) +- FEAT_MTE_CANONICAL_TAGS (Canonical tag checking) +- FEAT_MTE_NO_ADDRESS_TAGS (Address tagging disabled) - FEAT_NMI (Non-maskable Interrupt) - FEAT_NV (Nested Virtualization) - FEAT_NV2 (Enhanced nested virtualization support) diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c index 649d854a65..77b8c2a0a9 100644 --- a/target/arm/tcg/cpu64.c +++ b/target/arm/tcg/cpu64.c @@ -1291,8 +1291,16 @@ void aarch64_max_tcg_initfn(Object *obj) t =3D FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */ t =3D FIELD_DP64(t, ID_AA64PFR1, NMI, 1); /* FEAT_NMI */ t =3D FIELD_DP64(t, ID_AA64PFR1, GCS, 1); /* FEAT_GCS */ + t =3D FIELD_DP64(t, ID_AA64PFR1, + MTEX, 1); /* FEAT_MTE_NO_ADDRESS_TAGS + FEAT_MTE_CANONICAL_T= AGS */ SET_IDREG(isar, ID_AA64PFR1, t); =20 + t =3D GET_IDREG(isar, ID_AA64PFR2); + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEFAR, 1); /* FEAT_MTE_TAGGED_FAR= */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTESTOREONLY, 1); /* FEAT_MTE_STORE= _ONLY */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEPERM, 1); /* FEAT_MTE_PERM */ + SET_IDREG(isar, ID_AA64PFR2, t); + t =3D GET_IDREG(isar, ID_AA64MMFR0); t =3D FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */ t =3D FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 1); /* 16k pages supporte= d */ --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508451; cv=none; d=zohomail.com; s=zohoarc; b=ZNXumZjXN4sdMQeKheJQqv7nZYDKEVM1D4YdDkXnxLQJMKAuFhhsbBETgurQtrfwsEXj7y9ai5v7r68Us9ytcRzT+BlHySwkIyRP6p9nZxxNF0f9vClD317nO8ZMQeV20/32c3l0P4vzqEXG278X2ep6FIQpYHtB+VQ57FYbJKg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508451; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=hRw1N/5iYEpj5daBU0rucFYWRRtiI2ZuKHKI9SubYz7b4AbcmxD/ad8o2Yn8F574kLk7HZxh6GC/qB1eHGSH/yLRPMTUoyTB2eDAs3xo9HBDUUeMeYOHnoBhSfY6jPz4CkzblqCx8tMJifhlhWSdJYkQfgcdsOp1T/XAzg6aD98= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508451504850.8859898139032; Mon, 11 May 2026 07:07:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDR-0004OY-0f; Mon, 11 May 2026 10:02:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCQ-0003xt-PO for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:35 -0400 Received: from mail-oa1-x33.google.com ([2001:4860:4864:20::33]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCO-00068E-8h for qemu-devel@nongnu.org; Mon, 11 May 2026 10:01:34 -0400 Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-42fdab683a9so3255889fac.1 for ; Mon, 11 May 2026 07:01:31 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508090; x=1779112890; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=jkTqgAqPShZo8x++EoXwpyJOXlofoyVxtKWVr7bqWBsa1/U5kxvdt2Tgz2t3eDxYDr LAGK5/LF5HbsQgeHYCLi9zi223H+52XyaJfkh7glvJ77USFxx+3i6FqbsJYodWgoGTYP VZG/Hw2ZdlkP7h5G+3i8slAkAWGGPZZAq+zn3Y4yBLJTMlR+Z3UCpRJDKEzmVt5rA8pQ XyD2DmU3mL4mm3JCOO37T7WBSYuVaMWI13ggaDHD4BGheK8aNNOe8jS6dGnLJ+H4C5Rx L+uGiwlDbBO1DqrZbzeR+tXeuhv6oyD2cqJrqYO0R7oYClGmYmF7R8mQXxTTsRap/0gZ ad0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508090; x=1779112890; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=KyjyC48o4ijj/hNEqVxtYR5XSbWkf3xgJbecrizj6YJWDGvCCKnKR0UO7lDcfwK3r2 ZCaIlylmpAUW9kupVy15h8z2t5knc4hF+9FVfi8MA4UP8BEI/IvMDut8klA+QaoXzbw1 PCZ19TJrv2yWHHTkqtSuRgeWV3Wf1E+q5JyeoOtULGJNNGeWvger0MH3qMiElrIiHbau TWrSNJ+8ExPbbagCvDTizffxaOyWFB3o685POgiESQDyG4sg27TFsCqeTQwVuJKLiIH1 4xdY0CrPvk7P4IQIJn2CfQrEuEiW5eqdCDzzrGMxY5DcTba+fTuVPO+PXeWsbD5Yqddh 7OYw== X-Gm-Message-State: AOJu0YwAXRIO7S7iUUcS0aziGyMa9qN6EbMiU3mHtLKN18N74V12Lj/3 63J1pBWQkFyyBxBqS8fPk2ZPTiJDfapQyUBdyMqYowTzFInb1kv2RsKg X-Gm-Gg: Acq92OGgqJNwdFC8PK9zAM3Rqd1QNOmkP/e9OPj6xlWxmY1bqi8vLrX01utCj6B2bh5 Galomo98luNY2tHICHGMwH0jgDAAopXsQZFARz2UFh2latF3cg5Ht/Bp6OPr5Iaf5H6Mxnt/MoL MsPXqL5WS+rOaKxJDRYYDq5f4M05sju5ZmQp0tKAAqItMwK7JtKCwQ61cDM8WasQSHoVILQAMPP mFG0Aw61KXaDfGbBc+TWhsqmmYnVTAAtzsJpWjQC6VdgL6YaSjo2yEVh8jGzUUMWk4qA/g0PBYz p2+SQ+fPe31OQCg+fLHPuaFsQXzcp3elGKTTC2wnGerN61TRZQPWv3BTSEe0D5N6v33XpnSO6R3 cQiY6OkLTkERL2GdDYRZraC7GjANFyXORGjIuESYyO41sCZe/LyEHLyOln5a5oqUbxL5h7PdkV2 iDFc1Z3F/SsvXhmlwolCAJ6vLYje6z3TYqHHzYvhBw X-Received: by 2002:a05:6820:99a:b0:694:9f32:b with SMTP id 006d021491bc7-69998c834a0mr12651716eaf.6.1778508090183; Mon, 11 May 2026 07:01:30 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:12 -0400 Subject: [PATCH v6 14/15] tests/tcg: add test for MTE FAR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-14-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=2355; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=t9UKuOxOMkff21yBSwiqqFvgFWXDPNIeJTAexYT0IVc=; b=NriYzunSsNSBseoGW747LNEq11SNnkQzggStw8EU9AoPHAWCUhIl1EQ9S1xsPv3HSrlObGWuB 2XR/6E9mbJoCuFTLWrD4byQqJ9DJ5xWzkD4DkC9/JVu4AGuwe+Uc77w X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::33; envelope-from=brookmangabriel@gmail.com; helo=mail-oa1-x33.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508454388154100 This functionality was previously enabled but not advertised or tested. This commit adds a new test, mte-9, that tests the code for proper full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx report the full logical address, including tag bits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-9.c | 48 +++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index 9fa8687453..b491cfb5e1 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-9.c b/tests/tcg/aarch64/mte-9.c new file mode 100644 index 0000000000..9626a90c13 --- /dev/null +++ b/tests/tcg/aarch64/mte-9.c @@ -0,0 +1,48 @@ +/* + * Memory tagging, full-address reporting. + * + * Copyright (c) 2021 Linaro Ltd + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +static void *faulting_ptr; + +void pass(int sig, siginfo_t *info, void *uc) +{ + assert(faulting_ptr =3D=3D info->si_addr); + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + *p1 =3D 0; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + faulting_ptr =3D p2; + *p2 =3D 0; + + abort(); +} --=20 2.54.0 From nobody Sat May 30 17:44:12 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1778508450; cv=none; d=zohomail.com; s=zohoarc; b=Qfq/LqfUtEq9rIyZb4DFkJs3U8bbYjz8+KkFNL2Jty/48EfqSslUb4YxVMWmMs6Nq2SUQPWcfSnNk2+ZQ1//Bm79xAf/Aw4ojArJAKNkbIZtRXUbAqNA7J6gqrFSWH7BGALEetDD+9Nf77+SRqxHfEDsbT+sEdpKdfhpnEi1UA8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1778508450; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=WtSPB7vp4Zy8aN4FHnpodgrnGDzljURkl9k4qLP031XbXHXgwQzlRYZb5ktLnzRiVJQXcg9TRuSJ/za1Kn9SPHt/aRPXgjjuDyRVjNCHA4fVV4miBZIQ5UAkFViG3SeJJZ+3VzMYE41AkmuWtIavKQiJhkzpFjwizJ8C9oNTZqU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1778508450518456.1278183047822; Mon, 11 May 2026 07:07:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wMRDT-0004RT-JF; Mon, 11 May 2026 10:02:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wMRCw-000474-0l for qemu-devel@nongnu.org; Mon, 11 May 2026 10:02:08 -0400 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wMRCu-0006J1-6U for qemu-devel@nongnu.org; Mon, 11 May 2026 10:02:05 -0400 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-8b6ea7716bfso47697066d6.0 for ; Mon, 11 May 2026 07:02:02 -0700 (PDT) Received: from [192.168.1.160] ([2600:4041:54f3:a400:c013:3550:ed5f:a59a]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8bf39c7dd09sm94773756d6.31.2026.05.11.07.01.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 07:01:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778508122; x=1779112922; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=r4Pvz2caVt0QQyWCAW7uYmvZQ7GaCxNRRMvIMnObnwGOEIhHhJKdwcDDtOlDo0DTES P1G/1tugWIxHc9nZCl2mBtZVdJRcpIKo0s6/WaN40C43AqHpvitG7XOCFyYh8aZtBWP1 Mt21dUPOFDw1CWSKKTVg/BWuxd4cllQC3nvcyLAIrb3sSqXcu2JoPUeRiGi8V7wLYP7o Ehy57lR+C/u0GsY/cxz8ghyTWCPHq6XQp81ZXjjXXsV4rd6Od4l4NWUMbqc6pFUxyfr/ 2n4tncZRZ3z/rzoKPNpI48HyY1DOT6JCNBGFUtiKV7ggq2srq5434TQ+qZXLbM+iSh4Z +h7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778508122; x=1779112922; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=fiCl6dyn+n01xzIt9MdVDPJouSOlZhOxD95w7iGNyJX5Orn/2eAtcSdtLEwGuGyt/E jmB4XBWGTcbcmZz7VejAelnBlSf47xlki4644XNNMWJhS/GXpQW4FMPSh07nI2AwZGCL UIv8VaupCOHhanAqUNFzXgiK+bg8u5+E9eBTNJyukZ2rmkvBH0pehw3DWDz0vHeQuzFN b5VXF5wNHbXG9BDPth+e1WJRcapWQ9xerCvw6UZo37K932DSydfYu9+TWUNE3cxW4g6x 8ROb3DZRtmNNyG8ix1cx7ZYwWHENJs2SF3HcqfybOdHDr3uAhJaYaB+JCkMVn9yz5D2E sY0A== X-Gm-Message-State: AOJu0Yz6YC+qNV5GK91cWKR5F8F98FqN7sF+KisxGE6xqsYTvslpb4HN teE9b6SHimatb6fc30r8bVQTwBpetYx7n4Nuyfvcu6yNbXW5fEitvoT9 X-Gm-Gg: Acq92OHoXcneatGw7fb4zjXU68U+gt+3o5LOUPX2vMsgM8eztXUp3lDRpxhdahIqt0m mEsC1TbWxe3rXgWEWe5E0dfLLavsB0va4uiaSqv4tJTQNTQsUn9tftjlv8REbr1SV2YDnq/34+Q cw7v3LKFxzdTemrJVMEckPMck6835chPQkYmNnATflkEX9fLFofBeooKPgB4Udk5v/dHgFcWFB3 I1nTyoZQ1R/M9Twuy/tL3WP5dd49bMtosHhDJUvfXo8gDLwdiiBVQ5Ryq0mW+wn/Ij7Ommzgloj SMfn2ZfV0XWYkNr1D0qoY+gNl2IJvYfTovXrwAFm8qu71wu4hJyiY+h61TQzHY8HFaPujn1Rvrj kOCATxNkYJjSOmaMu9WW3A5cYTxAdx1kUdhQ6ya5zDpsJ5Pk8z+tL4Sf+RBWxu4TPIZlTHNaeLd 1IAKjrsRiKgUpAIOKRboGCy/Ixh0eXBdbf1xJxgGYv X-Received: by 2002:a05:6214:e6b:b0:8c3:1e96:1297 with SMTP id 6a1803df08f44-8c31e961420mr126144456d6.26.1778508091988; Mon, 11 May 2026 07:01:31 -0700 (PDT) From: Gabriel Brookman Date: Mon, 11 May 2026 10:01:13 -0400 Subject: [PATCH v6 15/15] tests/tcg: add test for MTE_STORE_ONLY MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260511-feat-mte4-v6-15-8557cc1313b9@gmail.com> References: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> In-Reply-To: <20260511-feat-mte4-v6-0-8557cc1313b9@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1778508062; l=2991; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=mAwPuGJQelulccRrIcbbltCeg9NHZ8EE7GZcbX8aqAw=; b=W6mkoNFIXSNDz4uQfV0q+kWjA4IMRY03K8JabjQGiHTqs1y8j8Vi2jL03yOM3GVVGyc+AdRiU QTRPeix4viDBaEIpZVkzX7BGg+VjjlmmLolRrYD+1oi/t10sjygwKBT X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::f2d; envelope-from=brookmangabriel@gmail.com; helo=mail-qv1-xf2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1778508452737154100 Added a test that checks that MTE checks are not performed on loads when MTE_STORE_ONLY is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-10.c | 49 +++++++++++++++++++++++++++++++++++= ++++ tests/tcg/aarch64/mte.h | 4 ++-- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index b491cfb5e1..6203ac9b51 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 m= te-10 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-10.c b/tests/tcg/aarch64/mte-10.c new file mode 100644 index 0000000000..46d26fe97f --- /dev/null +++ b/tests/tcg/aarch64/mte-10.c @@ -0,0 +1,49 @@ +/* + * Memory tagging, write-only tag checking + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +void pass(int sig, siginfo_t *info, void *uc) +{ + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC | PR_MTE_STORE_ONLY); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + /* + * We write to p1 (stg above makes this check pass) and read from + * p2 (improperly tagged, but since it's a read, we don't care). + */ + *p1 =3D *p2; + + /* enable handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + /* now we write to badly tagged p2, should fault. */ + *p2 =3D 0; + + abort(); +} diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 17b932f3f1..7093b93dc7 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -40,10 +40,10 @@ # define SEGV_MTESERR 9 #endif =20 -static void enable_mte(int tcf) +static void enable_mte(int flags) { int r =3D prctl(PR_SET_TAGGED_ADDR_CTRL, - PR_TAGGED_ADDR_ENABLE | tcf | (0xfffe << PR_MTE_TAG_SHIF= T), + PR_TAGGED_ADDR_ENABLE | flags | (0xfffe << PR_MTE_TAG_SH= IFT), 0, 0, 0); if (r < 0) { perror("PR_SET_TAGGED_ADDR_CTRL"); --=20 2.54.0