From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084422; cv=none; d=zohomail.com; s=zohoarc; b=Fexmy0+eAFSKCpWHn4TZIDblx/mRWL7b2w/6A1JiG+8xO9XSY/svNdPdbFbCDBrQEBZ6we/xSQ/UyuEHcOn7Bs890yISi+qsF5GRgGhbVqnznrXB1dWFn7pBOrpEct4mN4f2ffFoTe62k9DQITSf1IndIFXXisNKYgfNHqb18gg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084422; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=VbW6Hbyj3U6aT8UlGYOD2Cj2J91JoG8oSSN/XuQKEIk=; b=JpGFK2/DPCNQpSdcMyfEjUMpwB18IgcVZnWhXYPNV3Yo3FFaZP6ZzMu9YgZEdiKjlxNuGAhkFlEzPasNARk0Gw8/sngwHmLTdaPdS/JSnMB5uwhr3/GIsGOc6Ev9DyYHx+vRwJqxlXw1QsDw8QXF2dtm2aYD3Ggsv9rWmkd6CYE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17800844225441.34236053406039; Fri, 29 May 2026 12:53:42 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gh-00056M-Dv; Fri, 29 May 2026 15:53:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GS-0004xZ-EL for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:06 -0400 Received: from mail-oo1-xc2c.google.com ([2607:f8b0:4864:20::c2c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GO-0005X0-Ly for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:04 -0400 Received: by mail-oo1-xc2c.google.com with SMTP id 006d021491bc7-69d7f4cc61aso3251416eaf.0 for ; Fri, 29 May 2026 12:52:58 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.52.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:52:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084377; x=1780689177; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=VbW6Hbyj3U6aT8UlGYOD2Cj2J91JoG8oSSN/XuQKEIk=; b=cDYFgd69CFaxn9F0AnVm67sxkt9ZKY3ofb+/Bi1IuPZZHNgbC/V7Ncp8Y9OeFSDrdw CTPtUz6bQ/3aM02IeDplVQ9mDMZzNK1IZMkuOExpdWETFCot/DxN0kVEZLei+ClH12PS NAFCghLySURWJEN4kZx5ma+apSaDvXEcZv8ao32KDISKiaXZkaORCkixCralvqhAEcnt awN1Y84q0EJy7avVQlh0AkEtYuDhAVT0uvnEhWEFPYop4+xJUN2WPMPrXRwQy2f1Dkr8 FpTaOi/mgJ2HKQ6WmSCAd9mwoEpxH0xV8WQ4Vq8X1lisiB+6Io+ehXOitCn9x4R6R6cy CC/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084377; x=1780689177; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VbW6Hbyj3U6aT8UlGYOD2Cj2J91JoG8oSSN/XuQKEIk=; b=EwelyDa/7cJfhjDzYwn0xkyAvHpxyptGsgX3tE4AB1MjbRakivck4EIP00NOunAXg4 zMzVAr8rXuWesX4dSlVxVuFsD24Sye/rhlxLXeYli/k3WDjVZVoxCQ2Rqhf+SnOobdeq 33eFo6NC48iA4ubMC7X8aJ42V4uYZlpvq44J8GYxxmDRiNnzrCwZQgMqM9T7S9pKOfgv 98fihDJDwZpqcfE8jQyo+Eb/0ZDPB5O0Aj0PzJPgVUU480rh5xsDboXgcRurpTWSlT8U DbEtcJUzhZ0BjpoL/qpbsZNTibWcQHZOKL8HTAfN83bfqX7Ljux5+5BLYUpmoHd0YXAc aN0Q== X-Gm-Message-State: AOJu0YzhK7oIXy2t4xMrdqwyy6o/vftaejLVorRQ38NQGTGwZMjda1xU jY9NTjeoCaTD/bM8NOAvA+C3Vav2j5XnnRD8LBwAF222qaq9CTdIVdOT X-Gm-Gg: Acq92OELDG972xnKZIh+vDibK24BSBPKryODxgedEPg16HRiLm1Yus4L4xj9QlmKvLo MERIwCRtyfH8gCEwTWZL60qSycbWl9sXg7pTfdJswvQmS+un2scSpjcGfky8d4dBdJqjviDUwz/ NxHLo1OpWoxLufLvK9H+a/QEEd+QlpD/VaDPFSdBz4PI6M3C7jwRWBt/AZOq2UI7rDKnPAm2BLq H5fjZESlNPgjwOuQUElvTsrRTqgUnAvwEYTx6Rn3Qq/2QvOhXskMv8colRodbYhb2Ty1OmOTcW1 BBX9sVA/+kuGZVE8EQWVS+cZImtohjMY3JfkpBnw3Z6UriWTO1Pmt61qBifXJQPnPzCMQzMDv+o l1Xvw5u8y+fMVmdfEQuMCCvMz4ZbnV6IP8nb8HHdhHVb2XeA/flPh/IUezS5Lzc6UxBPjo2HPo+ SHmlBMpz1BPwfzfvXwK6OCQAHk5qEA4q7ibdVWQKXjamU= X-Received: by 2002:a05:6820:c82:b0:694:8fb2:2c35 with SMTP id 006d021491bc7-69e104765bcmr440621eaf.2.1780084377473; Fri, 29 May 2026 12:52:57 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:41 -0700 Subject: [PATCH v7 01/15] target/arm: implement MTE_PERM MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-1-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=4761; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=hMnVVCR5aDsXksNo9hA/xVe759MtMSZHmHwiTMnpTcw=; b=eryx34ZM8YCj6tPqJP5zRYRnuFQcK7VT5G4vzXX3GjiKJhXUtShKnz/cWCZH2vPSEDLH9zdje +IeHg37QIl7BBCaY9GckuTIoHDCCa8/i7qmJVkRlJhD/2FIaWZ6hzQ2 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2c; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084424112158500 Introduces a new stage 2 memory attribute, NoTagAccess, that raises a stage 2 data abort on a tag check, tag read, or tag write. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/ptw.c | 25 ++++++++++++++++++++++--- target/arm/tcg/mte_helper.c | 38 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index f9c979d20b..9451df3813 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1181,6 +1181,11 @@ static inline bool isar_feature_aa64_mte3(const ARMI= SARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTE) >=3D 3; } =20 +static inline bool isar_feature_aa64_mteperm(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 0a5201763a..6cb0fe5645 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -3415,7 +3415,7 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ARMCacheAttrs s1, ARMCacheAttrs s2) { ARMCacheAttrs ret; - bool tagged =3D false; + bool tagged =3D false, notagaccess =3D false; =20 assert(!s1.is_s2_format); ret.is_s2_format =3D false; @@ -3425,6 +3425,18 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, s1.attrs =3D 0xff; } =20 + if (hcr & HCR_FWB) { + if (s2.attrs >=3D 0xe) { + notagaccess =3D true; + s2.attrs =3D 0x7; + } + } else { + if (s2.attrs =3D=3D 0x4) { + notagaccess =3D true; + s2.attrs =3D 0xf; + } + } + /* Combine shareability attributes (table D4-43) */ if (s1.shareability =3D=3D 2 || s2.shareability =3D=3D 2) { /* if either are outer-shareable, the result is outer-shareable */ @@ -3456,9 +3468,16 @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, ret.shareability =3D 2; } =20 - /* TODO: CombineS1S2Desc does not consider transient, only WB, RWA. */ + /* + * The attr encoding 0xe0 corresponds to Tagged NoTagAccess and is only + * valid with FEAT_MTE_PERM (otherwise RESERVED, constrained + * unpredictable)). The presence of this feature is checked in + * allocation_tag_mem_probe, where Tagged NoTagAccess has its effect. = See + * J1.3.5.2 EncodePARAttrs. + * TODO: CombineS1S2Desc does not consider transient, only WB, RWA. + */ if (tagged && ret.attrs =3D=3D 0xff) { - ret.attrs =3D 0xf0; + ret.attrs =3D notagaccess ? 0xe0 : 0xf0; } =20 return ret; diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index a9fb979f63..bf35dc10ce 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -58,6 +58,27 @@ static int choose_nonexcluded_tag(int tag, int offset, u= int16_t exclude) return tag; } =20 +#ifndef CONFIG_USER_ONLY +/* + * Constructs S2 Permission Fault as described in ARM ARM "Stage 2 Memory + * Tagging Attributes". + */ +static void mte_perm_check_fail(CPUARMState *env, uint64_t dirty_ptr, + uintptr_t ra, bool is_write) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(0, 0, 0, 0, 0, is_write, 0); + + syn |=3D BIT_ULL(41); /* TagAccess is bit 41 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, 2, ra); + g_assert_not_reached(); +} +#endif + uint8_t *allocation_tag_mem_probe(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -117,8 +138,21 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, } assert(!(flags & TLB_INVALID_MASK)); =20 - /* If the virtual page MemAttr !=3D Tagged, access unchecked. */ - if (full->extra.arm.pte_attrs !=3D 0xf0) { + switch (full->extra.arm.pte_attrs) { + case 0xf0: /* Tagged */ + break; + + case 0xe0: /* NoTagAccess */ + if (cpu_isar_feature(aa64_mteperm, env_archcpu(env))) { + if (probe) { + return NULL; + } + assert(ra); + mte_perm_check_fail(env, ptr, ra, tag_access =3D=3D MMU_DATA_S= TORE); + } + /* fall through */ + + default: /* Not Tagged */ return NULL; } =20 --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084536; cv=none; d=zohomail.com; s=zohoarc; b=VSNXdzep1XHykVWmjyKgNaklvbmkEbjXqxhZKtWnp28n5bsYW7JiCQssyoqYMNUNO1C4GHCAHoL8cf6R1iw8L9Ffkg0Lq/oblsCW3DknntUOQJYcw6gYbrPk/Vx3IO5bL2S7tnwbSGeXmY8RvPgTmY+UGtpdYZy3pYiQHJv12tg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084536; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=oDpWaDAEPKN3RkVcJKACHpjqaDngYGGItVQvZeumSHU=; b=P+bv/K7PsnDqVIPFQw20oyFfTFn3JN79ZUBggXR6in1K5rzcV593P6OnGCDVlvZ7sKZw+ZpjA3D9aqJ1Xjt6kTQamgnUQ4eV1iZsTup5s5r2+hHZnimQa9BW1XFyVEpmlMcCUuUClxbXdC2DgDEtDkb7id2rhJ/FoDBzVdVMWfw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084536782163.63931768079578; Fri, 29 May 2026 12:55:36 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gj-0005IB-45; Fri, 29 May 2026 15:53:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GU-0004zO-AW for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:07 -0400 Received: from mail-ot1-x336.google.com ([2607:f8b0:4864:20::336]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GQ-0005XK-Gl for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:05 -0400 Received: by mail-ot1-x336.google.com with SMTP id 46e09a7af769-7e36bb16a92so7246757a34.2 for ; Fri, 29 May 2026 12:53:00 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.52.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:52:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084379; x=1780689179; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=oDpWaDAEPKN3RkVcJKACHpjqaDngYGGItVQvZeumSHU=; b=nZMUy+NegTwL5JbhcP7XYOB/k+wt2d8s2dDV7HQpy23u2MUPXqQOc/YLeJ29yjccI0 /X+e5EaRhi8Qc60aawHRfs/ggHxKRO4w/JWOWLtdt2p1/h5RVVpZJIdgh0sMrPCwM0uU Ti1mKX4BMaSKVRv5pI+6OLqIsSRXndhvgwErdeWAgK9hrXDq0aQ8QLu6rD0AWD9hBvnD 83piKQ2+IoH5Cl8l5mwoWdj0a5AvN2cHIc6DKByKIvSpnxDG8Brck84jEVULyVXiJJDN PI5N1BAEi2vLMLw47DBruyR9qZ5cXVg/N+SEPBCRUzRkPUvtykUeqfWMo030YveKIzWB oCMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084379; x=1780689179; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=oDpWaDAEPKN3RkVcJKACHpjqaDngYGGItVQvZeumSHU=; b=SBT5v0JOhhs6PwBTpqlmpPEYua7F1RzYgV9dNnxf/cknRoC+BzpktjRgdaU7hqMHZr wUKQJciqFNo0DJqQa2uFZi13oP31aeQm3CmhSipOPBNYTwLWWD9CUMpzGp2CQt/a65zp aj5vIC1xzRhNI8OEQ4pkqRNtWosWo9WEY3dqRGADe8SHe2k5YiTN/NZ9IierGkn20Sn2 8nTS3XZ7b7gcL/BXPQQLtX/TcKwPBPnV2G65QGYm8TZ30WO4Y62n9ieieDLgXmWWj/cp bKrwCIdMpjxVzgr/HSe6oTvT9BaqCqmHiyvTZMUn9JVFgpjVn7k9oZwrtrUb9VQXe6ri oB+g== X-Gm-Message-State: AOJu0Yww0kOWK4PVbyiowtZkqpd8vCMDJyQls5qw6BEOHzNwUlwXGWkW 2ONMQc5g2b7Y2p2ecUenETUjDK6VSaRiZ99ZebEHWt5NWqe9cEw4BhBG X-Gm-Gg: Acq92OFa+IEhTyQEHTf7t9A9D/fjAF0j8IVEVYieEmS+qhZloOFz8vix+YBDFEHBJUA qHdiEl9gxCmDMnfeAojNQwsSLvKHARxM4stzUKui7r+KgQ8g0DcCgoi9D9fgdzFS8ieeArK0N6c nu3JM6DPvSFgvrrRjf5OsYQLNIXTFEhwGqXqePQZLIjHBeehyezVUKhjTyUcByHjVBpOQAzRwvJ dGkGHRxtSzg0kFbRtpsYOUmNFqdJiSuWcTeUeKfXlvCe7ju7gOnXB49CMNjdgMeaBtYcCzGNxN1 UFe/dex+ZMQ6O4tc3vxLRSWDGzKJN2eusLtPvOPnQbT8PgEV1G0hKa1TvtkK6NsdUVZnk6GF4dW 3N9PWmP8VdpInok2xXvcGPuorAxdNk4cnI3BOheP2LJjTeddRYmvwWiVtHdaE6cDNYuSi7se3Jz vyAM/Iv0mHFc1ckytPDmM+/wSUAR/F5CtrpQlMt6wiBdHYvw0DL0Y1dA== X-Received: by 2002:a05:6820:8c8:b0:69d:fa9f:87c2 with SMTP id 006d021491bc7-69e104a732bmr416915eaf.24.1780084378974; Fri, 29 May 2026 12:52:58 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:42 -0700 Subject: [PATCH v7 02/15] target/arm: add TCSO bitmasks to SCTLR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-2-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=3108; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=huILfrJwVD2l0b9pcRxdCcvWAGfLEbWnfZgOCDiNqEs=; b=P43E8/9nhKW2MQT+J5O7l8vSD1Y3GoPDA9ZMxhg968EpzQ3eLoAqvdZ3QgHRaKo8+Kr9L4Fcl WTIHYHUQsTrC+Rw7kLQDVf3xjjIJUn9U11m/dvYwB6cbLCDNLbnzosI X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::336; envelope-from=brookmangabriel@gmail.com; helo=mail-ot1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084538848158500 These are the bitmasks used to control the FEAT_MTE_STORE_ONLY feature. They are now named and setting these fields of SCTLR is ignored if MTE or MTE4 is disabled, as per convention. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/cpu.h | 2 ++ target/arm/helper.c | 20 ++++++++++++++------ 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 9451df3813..0708e4c7d6 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1186,6 +1186,11 @@ static inline bool isar_feature_aa64_mteperm(const A= RMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTEPERM) >=3D 1; } =20 +static inline bool isar_feature_aa64_mte_store_only(const ARMISARegisters = *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 85552b573c..d9c03c9c2e 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1468,6 +1468,8 @@ void pmu_init(ARMCPU *cpu); #define SCTLR_EnAS0 (1ULL << 55) /* FEAT_LS64_ACCDATA */ #define SCTLR_EnALS (1ULL << 56) /* FEAT_LS64 */ #define SCTLR_EPAN (1ULL << 57) /* FEAT_PAN3 */ +#define SCTLR_TCSO0 (1ULL << 58) /* FEAT_MTE_STORE_ONLY */ +#define SCTLR_TCSO (1ULL << 59) /* FEAT_MTE_STORE_ONLY */ #define SCTLR_EnTP2 (1ULL << 60) /* FEAT_SME */ #define SCTLR_NMI (1ULL << 61) /* FEAT_NMI */ #define SCTLR_SPINTMASK (1ULL << 62) /* FEAT_NMI */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 34487eeaa3..6210e3abec 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3297,12 +3297,20 @@ static void sctlr_write(CPUARMState *env, const ARM= CPRegInfo *ri, =20 /* ??? Lots of these bits are not implemented. */ =20 - if (ri->state =3D=3D ARM_CP_STATE_AA64 && !cpu_isar_feature(aa64_mte, = cpu)) { - if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA); - } else { - value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | - SCTLR_ATA0 | SCTLR_ATA); + if (ri->state =3D=3D ARM_CP_STATE_AA64) { + if (!cpu_isar_feature(aa64_mte, cpu)) { + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA | SCTLR_T= CSO); + } else { + value &=3D ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF | + SCTLR_ATA0 | SCTLR_ATA | SCTLR_TCSO | SCTLR_TCS= O0); + } + } else if (!cpu_isar_feature(aa64_mte_store_only, cpu)) { /* not m= te4 */ + if (ri->opc1 =3D=3D 6) { /* SCTLR_EL3 */ + value &=3D ~SCTLR_TCSO; + } else { + value &=3D ~(SCTLR_TCSO | SCTLR_TCSO0); + } } } =20 --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084410; cv=none; d=zohomail.com; s=zohoarc; b=cNnkDrSXS0+UhN5qyoOA5cPH+J1NaIhCzV03COQ7kp0JnXQCYGYe+Y60XDqsZPuaRacisphKlEFUbubKGrJR5aBUs9JeYTS1It77UhGrm7dyTzuxzVByCI0VZsZu6zXloDVxgEQyuasj1t+Ft6wosaCmvnU+85G2IU55iCIChxU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084410; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jovH9veV+Mzo6mUlNsazHlccWGMJEwNuWJfNmm+BCNg=; b=FsjN5yNnppaKMBmrQ2Q4cXnNzPXai/cP8rEMgSLBC/GFdgluIINmK+3IswrN4/mK4kBzfGvF9z4jmZR6eenOXuZ/wTapE8GXLXcEHVOsshn19z8MrF+UFoY4zgGQDYkvNbQhN97oq+NAsJ3vE1Z/Xk4gQm5WClhe/XqpBkE3QKo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 178008441043829.90689507196896; Fri, 29 May 2026 12:53:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gk-0005Oc-6z; Fri, 29 May 2026 15:53:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GU-0004zV-Ax for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:07 -0400 Received: from mail-oo1-xc35.google.com ([2607:f8b0:4864:20::c35]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GQ-0005XW-Fl for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:05 -0400 Received: by mail-oo1-xc35.google.com with SMTP id 006d021491bc7-69dead44101so1962357eaf.3 for ; Fri, 29 May 2026 12:53:01 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.52.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:52:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084380; x=1780689180; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jovH9veV+Mzo6mUlNsazHlccWGMJEwNuWJfNmm+BCNg=; b=Tj+sW7g0/30IkdYTXHlfF00Fle5c7X3l7ztKKi7rnFY0cFj1M+hHwZzq0D+0/SsLeW bm38c6/3sNjd3IhL08AXAUqO0K9LDIvNqMXycwG0oENUCxnSkOxVOYrfHgeY5DjGGNEv l7HD4/8KFFAGRtMl0be36WtJw8myLElSvdqeF3PjAolRPqtZI3RI2OpMytRVXoUQZ84K ZdjtFqhYuQrq+ydo9d1X7YUhhr3uT1XKGWfgOKxgTuXeQeMpMc26BcwXmkHPmSHtCG0s UwXPzWeITkHW3PGDfSxUkC0gOi7OL0loJ6/MtjQ8dvzIe38TBtIzSfrd0GAvpadvpZRY IIMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084380; x=1780689180; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jovH9veV+Mzo6mUlNsazHlccWGMJEwNuWJfNmm+BCNg=; b=JEExrsnPEd3GRC7EH2n+yoEFvN/D3ta/In/Ao+9uv5BNZnU3I/Wf+TG/kJRov9fZfo nELkhJpsiv4GKijdI9IeA+TbwHY+K6lZbd5L5HxPJrzX90H06toBkY0VVM6/cPCRbBzM q/42JQ4Z8nqxxKUUs4RZWdXA3E22BMMllv/x7q7NITHHuc5oUXf3QzfT2ZZm7FefBpsb Cfg1FaIr/NgF+rlkFDZnFoPG9iURhEuNZ22/ETdZDacKELSQ1WW9eKnBlaBDTB9gFxDf Sh3MoFyfIXLwrUrWYrZd/IXhMMC9oUvLIgWS1h+k6eGIZqmJy1MpfEqVxkbqKt1+xkp2 f8og== X-Gm-Message-State: AOJu0YxUi9L8M25XFdl3ONrEN0vcNe+qvcoy9gzX7jkXWsJfRzIOGTg/ 2LlJpzl/qWAraTFpDlrav3dUCy4DnmLZdhREGQ/uNTej9B8Z8qtWh0m5 X-Gm-Gg: Acq92OGQyuriNZtBPEHiQF16BRIGFC2Jf+dv/fKlkR+SaQQFhfI2A4d6edYA0kLWSTQ iyiLufv3647VO9+LgrL+i6GhRRmioP6wsTHEtjCtG5s/V9qfgRwA0tyjq1l4pQLhPTGQ9Fxhp9Y iKINN7xVv+0v8mSzrMaGCBHozy+4Qfif+a7h3xJEKKU/x7htdhU2jpVKNKfj2kQCxcmUIBCGcWv pOukgtCiBNDAe3F2FYSuBJr9VJyovk1IDqTONfjIxAEXPpTWPR7sqyBLFSJWWzudEu0Lp1sfvQb nuPkDCEGwOCwLBMfWhQl3uCqBno2ozCnTtjEK0AZX8tUGzgo/wTpnFqLR6eZRuJXHHH3mHp1MHA XKrHEhHzL1aWBKPptUwEGo7mWhqmr0bKxK04B7DFhKQX49JjVVPklzgQT/FJAjLZRm3SzVUDsrf ZcXoYMhw4bV4klDiUGlBLCrODFu2Dgk8h+CuN/143pyGtNdU7aOAbeOg== X-Received: by 2002:a05:6820:2d4a:b0:69d:6bfd:5a29 with SMTP id 006d021491bc7-69e105a5e1bmr454225eaf.56.1780084380275; Fri, 29 May 2026 12:53:00 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:43 -0700 Subject: [PATCH v7 03/15] target/arm: mte_check unemitted on STORE_ONLY load MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-3-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=4550; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=7dxUnCrrHW7OTVsrkn7i1P2N75efUwHqPbYA2F7zfpE=; b=05/nOvHlwlAHioNyWTa5zvopOaBoKgIQfEnGpVlmsGOrRGD/rF7rE6rsA0GnJmzQwqMimaOfv 2NSvC41ABnsCdNZEe6Q8rSVScV6uFLNIc+xZIHvC3gTFeJuQgHG7/qo X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c35; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc35.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084412077158501 This feature disables generation of the mte check helper on loads when STORE_ONLY tag checking mode is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 2 ++ target/arm/tcg/hflags.c | 12 ++++++++++++ target/arm/tcg/translate-a64.c | 8 ++++++-- target/arm/tcg/translate.h | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index d9c03c9c2e..08f04a57af 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2534,6 +2534,8 @@ FIELD(TBFLAG_A64, GCS_EN, 41, 1) FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1) FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) FIELD(TBFLAG_A64, FPMR_EL, 45, 2) +FIELD(TBFLAG_A64, MTE_STORE_ONLY, 47, 1) +FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 48, 1) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 794cdf00b2..6be84b68ab 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -461,6 +461,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *e= nv, int el, int fp_el, */ DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); } + /* + * Repeat for MTE_STORE_ONLY + */ + if ((el =3D=3D 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr) { + DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } + } } } /* And again for unprivileged accesses, if required. */ @@ -470,6 +479,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + if (SCTLR_TCSO0 & sctlr) { + DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1); + } } /* * For unpriv tag-setting accesses we also need ATA0. Again, in diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 15b40090c0..a5850fb58d 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -302,7 +302,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, MemOp memop, bool is_unpriv, int core_idx) { - if (tag_checked && s->mte_active[is_unpriv]) { + if (tag_checked && s->mte_active[is_unpriv] && + (is_write || !s->mte_store_only[is_unpriv])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -334,7 +335,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr,= bool is_write, TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write, bool tag_checked, int total_size, MemOp single_mop) { - if (tag_checked && s->mte_active[0]) { + if (tag_checked && s->mte_active[0] && + (is_write || !s->mte_store_only[0])) { TCGv_i64 ret; int desc =3D 0; =20 @@ -10719,6 +10721,8 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->ata[1] =3D EX_TBFLAG_A64(tb_flags, ATA0); dc->mte_active[0] =3D EX_TBFLAG_A64(tb_flags, MTE_ACTIVE); dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); + dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); + dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index d4bcc5bad4..551c6ff347 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -140,6 +140,8 @@ typedef struct DisasContext { bool ata[2]; /* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */ bool mte_active[2]; + /* True if v8.5-MTE tag checks disabled for reads; index with is_unpri= v. */ + bool mte_store_only[2]; /* True with v8.5-BTI and SCTLR_ELx.BT* set. */ bool bt; /* True if any CP15 access is trapped by HSTR_EL2 */ --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084546; cv=none; d=zohomail.com; s=zohoarc; b=DCWD0c6tGxB+Q2HVxG4xfvML/vfu0whuzXvIuO58qELvK/pEDhbKYcmk6sL7xPPeqYCM3tHml0w53m50A7b6UNUegDRt0tuazGT/yBmSWPNwdRh+LJL0bmXqIiFCjDBSy6GB5qW/5IB/8MlEQKq9J0xAo0yN4PAOHw4VxE1ZcAQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084546; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=Y9zEW3L8w2PGjC9jfQ0yUxs81sblrFU0OlXxOoslUnIOinkWh8WGIVeDYf/mjFiVp4f7UCwiU/3Kb3VKh+vYtMUU97IGorAmXoJYHs1ReJlW/zKpPsbiBj9DhraYQb88nqQTSgADUF2nNGq3H9oDuyimZzfAfQiJznm6MqeE8WQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084546597744.5911383828221; Fri, 29 May 2026 12:55:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gi-0005Cg-1Y; Fri, 29 May 2026 15:53:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GU-0004zW-BE for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:07 -0400 Received: from mail-oo1-xc29.google.com ([2607:f8b0:4864:20::c29]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GR-0005Xh-7O for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:05 -0400 Received: by mail-oo1-xc29.google.com with SMTP id 006d021491bc7-69d8e55e76fso4671297eaf.2 for ; Fri, 29 May 2026 12:53:02 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084382; x=1780689182; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=L38I8+LQb0m3yp00jhSy3NKGrGovLPSnuLP3XNld/VQHwMzgH9uC3VerI5XmCn1op6 15Olt/tLGl3ZvE+5aRbBXfywwLFejDyqMChwyk5E7Lc7JBj9j5tWHUKITVJ65pUOt2ge gj0yhJ4KGqev+5fHIW+t0aFrWsAvQBUKlSiwyaZWU+/O308HjnsCzSFBZwYzk85ndP1a el0ZsPr2dTx8mbMhqBeHsLamnpZolyu/tK/91fzIntBcFbwG8NQpaeIeu37Wy0B/2aO6 lGAEvu5E37c/bqT/0c2YRXuXWMhys6gj1eHI7/qPJKPals6HsFqdYwEWto9XAMBUGkOp hahw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084382; x=1780689182; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KO7Mq8JRuwohDcM/67cxG4Kl5R8QIg4FU/azGfOw7c8=; b=Sro+wsBOOTTBjEdH9flq1CXFUjLjqZ5ONCo0pEtPgT9SqmuR8dTzW2XtEQPBA+qfLX DizqeoV024d9nqYX3lSRbMUgNidvuIg11E9lzVyx3sNmSVcQunxAPDFLnaeq2//gJQP7 ngwbhBxZwHDdXCI1pwF0lRAXGAdNH+iSyct0F4HluNNKN6gncoZ48RZ69q93rhVndfxb q37YluWDvPngh7UbbHDd855rIJRMsETnAIRepSYgfFTnwI2quUKXCq+5DWcHivyo1BEN cgQ+mK1F5kd6sNHP0kW9kVWijcYHyZOi/zkr0qHjjpBaAoMfEsxNAz5Oi+UCq9VCDOoC fExA== X-Gm-Message-State: AOJu0YyUG1fhHnsw4q1CPYlznJbCd8SylQ5V2tLtiglsVIep1MUzmWwp z/pLFpg5qzi0aiMqWO81EInQ3Z57l9oo8zWFndFNJourzOyh6y0tun68 X-Gm-Gg: Acq92OHYqrZbPBOnJhHTjUylnHM1/aw4efTYdWwDRpPkJY+Z34Cmpk4nGiQfAdy2KEz of91RhTSbdOro2ZVxcGIAhIbeLPPFi9uQH8lbG6NGcTGhgnr8ndtqkNx84NUjZfjzNdngPs/Jp6 9Y7rXQUelzWHdL0w/R3H/WaSN6YLMGNKwjlZG6YYzcb80gcV6LJljIyRWnNQNiKkufW3XUXrWES 80MuPjSnnNGDSHsTQ/OfmE1YdSAlbqukk5rjFLAbIIRw0luYHSdGiAzZjoA/bj15L9qlB8N1DIg UbZVrE+Z1jfc5+nyciTU27zp3vGhAZqjVbY0v8ur727CD20yYpcBwNGisyB8kZpJ9ha9rqs8P/6 gVdx+FaTawkJFh7hRJHrf7+ZRCPV22dAGxkjtcYcT88g5/k8QteyKGtGwg5dVBZbC+XilWtu2Ej P1x8vDkBkB6dNRy2tobCBiClnqiZnvs0OSsCb3uvDB1ks= X-Received: by 2002:a05:6820:1621:b0:694:8c67:5cb6 with SMTP id 006d021491bc7-69e1056f72cmr407587eaf.41.1780084381780; Fri, 29 May 2026 12:53:01 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:44 -0700 Subject: [PATCH v7 04/15] linux-user: add MTE_STORE_ONLY to prctl MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-4-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=4942; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=3NUHlDKCw8l8rqmAwbaWm0eM8fht4yd8LR/eAfpLXkM=; b=uoYIV86MDp6ZmD6M18GW4FynMVQVea2hopTLoocsSdrtpHP6Gp4PbAq3W79RqN3qQWzzIjA7Q uZ+/1njRRJ3BzT0SN7qIlQSXI2xxVIVaPCz1zetYvUTEOZTtpXZcUD8 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c29; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc29.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084548129154100 Linux-user processes can now control whether MTE_STORE_ONLY is enabled using the prctl syscall. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- linux-user/aarch64/mte_user_helper.c | 11 ++++++++++- linux-user/aarch64/mte_user_helper.h | 14 +++++++++----- linux-user/aarch64/target_prctl.h | 6 +++++- target/arm/gdbstub64.c | 2 +- tests/tcg/aarch64/mte.h | 3 +++ 5 files changed, 28 insertions(+), 8 deletions(-) diff --git a/linux-user/aarch64/mte_user_helper.c b/linux-user/aarch64/mte_= user_helper.c index a5b1c8503b..b5c4dafcda 100644 --- a/linux-user/aarch64/mte_user_helper.c +++ b/linux-user/aarch64/mte_user_helper.c @@ -10,7 +10,7 @@ #include "qemu.h" #include "mte_user_helper.h" =20 -void arm_set_mte_tcf0(CPUArchState *env, abi_long value) +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value) { /* * Write PR_MTE_TCF to SCTLR_EL1[TCF0]. @@ -32,4 +32,13 @@ void arm_set_mte_tcf0(CPUArchState *env, abi_long value) tcf =3D 2; } env->cp15.sctlr_el[1] =3D deposit64(env->cp15.sctlr_el[1], 38, 2, tcf); + + /* + * If MTE_STORE_ONLY is enabled, set the corresponding sctlr_el1 bit + */ + if (value & PR_MTE_STORE_ONLY) { + env->cp15.sctlr_el[1] |=3D SCTLR_TCSO0; + } else { + env->cp15.sctlr_el[1] &=3D ~SCTLR_TCSO0; + } } diff --git a/linux-user/aarch64/mte_user_helper.h b/linux-user/aarch64/mte_= user_helper.h index 0c53abda22..8a46f743f4 100644 --- a/linux-user/aarch64/mte_user_helper.h +++ b/linux-user/aarch64/mte_user_helper.h @@ -20,15 +20,19 @@ # define PR_MTE_TAG_SHIFT 3 # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif =20 /** - * arm_set_mte_tcf0 - Set TCF0 field in SCTLR_EL1 register + * arm_set_tagged_addr_ctrl - Set TCF0 and TCSO0 fields in SCTLR_EL1 regis= ter * @env: The CPU environment - * @value: The value to be set for the Tag Check Fault in EL0 field. + * @value: The value to be set for the Tag Check Fault and Tag Check Store= Only + * in EL0 field. * - * Only SYNC and ASYNC modes can be selected. If ASYMM mode is given, the = SYNC - * mode is selected instead. So, there is no way to set the ASYMM mode. + * Only SYNC and ASYNC modes can be selected for TCF0. If ASYMM mode is gi= ven, + * the SYNC mode is selected instead. So, there is no way to set the ASYMM= mode. */ -void arm_set_mte_tcf0(CPUArchState *env, abi_long value); +void arm_set_tagged_addr_ctrl(CPUArchState *env, abi_long value); =20 #endif /* AARCH64_MTE_USER_HELPER_H */ diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_= prctl.h index 621be5727f..d91e75d60d 100644 --- a/linux-user/aarch64/target_prctl.h +++ b/linux-user/aarch64/target_prctl.h @@ -168,6 +168,9 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) if (cpu_isar_feature(aa64_mte, cpu)) { valid_mask |=3D PR_MTE_TCF_MASK; valid_mask |=3D PR_MTE_TAG_MASK; + if (cpu_isar_feature(aa64_mte_store_only, cpu)) { + valid_mask |=3D PR_MTE_STORE_ONLY; + } } =20 if (arg2 & ~valid_mask) { @@ -176,7 +179,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) env->tagged_addr_enable =3D arg2 & PR_TAGGED_ADDR_ENABLE; =20 if (cpu_isar_feature(aa64_mte, cpu)) { - arm_set_mte_tcf0(env, arg2); + arm_set_tagged_addr_ctrl(env, arg2); =20 /* * Write PR_MTE_TAG to GCR_EL1[Exclude]. @@ -185,6 +188,7 @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchSt= ate *env, abi_long arg2) */ env->cp15.gcr_el1 =3D deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT); + arm_rebuild_hflags(env); } return 0; diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index a4fa740caf..0c3e5b30bd 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -684,7 +684,7 @@ int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *= buf, int reg) * expose options regarding the type of MTE fault that can be controll= ed at * runtime. */ - arm_set_mte_tcf0(env, tcf); + arm_set_tagged_addr_ctrl(env, tcf); =20 return 1; #else diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 0805676b11..17b932f3f1 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -20,6 +20,9 @@ #ifndef PR_TAGGED_ADDR_ENABLE # define PR_TAGGED_ADDR_ENABLE (1UL << 0) #endif +#ifndef PR_MTE_STORE_ONLY +# define PR_MTE_STORE_ONLY (1UL << 19) +#endif #ifndef PR_MTE_TCF_SHIFT # define PR_MTE_TCF_SHIFT 1 # define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT) --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084442; cv=none; d=zohomail.com; s=zohoarc; b=V354V9ezvsREWyAg3ossOfJMoKx8B20hIIjhgKe0fj0RSi0ot6wQJpn2YCdm2kD1N4qy2ukZRsLnpnvSQZKED+Hz/I6Mlb/URTmZ/KZFeY02LJWMOJVU6vsL1isaF5lqJirxUOtM6kj29A/RSiPS9DmeHsDVmkxjZYvGbnklxg4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084442; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=72eQJ6ePVe7hWJEJ8TUxs48y/b4PbTrVDSDol9yPiFw=; b=V4mWFm3/zKK8UGQos5T/PqPXPcxk4cjwo+qwE1Y3IW1ZAsGfeK5IZw3rpYTxBDoUVKlkPYh5VBUOXnY2HyxKLEHGjFrtVmoU3UM3ANf6jHU/alWvqRrO5HQuPByRtvLW9Hji6pLskWyJPft/h2HNCmxvv/O4dwfTv4vX22NLSD4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084442218712.4513747418856; Fri, 29 May 2026 12:54:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gk-0005PV-9N; Fri, 29 May 2026 15:53:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GW-00050D-BR for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:11 -0400 Received: from mail-oo1-xc2f.google.com ([2607:f8b0:4864:20::c2f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GS-0005YS-Hu for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:07 -0400 Received: by mail-oo1-xc2f.google.com with SMTP id 006d021491bc7-69d694cecd2so2815729eaf.3 for ; Fri, 29 May 2026 12:53:04 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084383; x=1780689183; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=72eQJ6ePVe7hWJEJ8TUxs48y/b4PbTrVDSDol9yPiFw=; b=RzieFgAblU4bamCCw95r+/l7hWEUXWQBk69J734K0tVp16D7st9MOW5ZSt9+PihrYU iiqrWVe1al/hhHgC3EnmEwrOxt5ea70p/2tFzqIwDR7leM9IR6VxBwGAMM8p4XOL1BTW 48rSoKqRMMi2KbGj+fHTKRIanK1gMXdYKRNLUyb8S2RokX9WxWH8dGQlo9/W+k33Ytvc MhNGK9vd6SXEHLbZRMi7bjtbOh3WfuITSnHNT85GDFeCg6hS8BugCE/wXoJeXljLLCwo GxRwg/L/aOrj5v7ELKuIvOlCbHYOU/k3XUczJyLwBGB0seIzoRCqJw3dCNvoieeJx2+K RH4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084383; x=1780689183; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=72eQJ6ePVe7hWJEJ8TUxs48y/b4PbTrVDSDol9yPiFw=; b=Ko/JhkL6RHk5RdxTB5caX62X8yvEZiYLnuHw42GWhpYKNOlYHJzzhDMJxDFxoWr4T0 ZXXLvJ/rb8hpRtiL1VjjPS4aYKJJEdmfDMncIOyhkgnhPQPO1nd2Qn5QidJpvWhTy1Rb hnHRtPiLg5W2Ocbq5zCweFirwHXfUptyoFTDFRtwrZ6I+nyAh9szDUfi4v0/5lt/y7M9 SUNUdLn3Cdkl7BsbSucrwsEPBPgTYAh9htPoBSr1N1Cs+jmAgdUHkd2MCzujs72bQw/7 1YAq201/MU0dmUv6pZkrcSwx6xQ7SP4Jt7pkL7gJTgUPX4YXYM2JPz9DbPxYyoGWstN7 QQZg== X-Gm-Message-State: AOJu0YxUByF0G4E89bxpqfT/O7uqBgxXfZPqwBQFcdKh6Y516VFOFHSF QlqlwV6CTwI6WrjF57K2GBmHkFSNlrxqvVF5+kpI3emoR9R7q4BXkV6U X-Gm-Gg: Acq92OGGpoXptdHupheYqAocSzWL1qrSQcifd61KyUFBQ6Dc0hWiwTKBzgoUlmO7Oyr 6hiHuBTaGCzo3KUVWZWh1aiF/cf9l4TTcdyGzJU438maDA+sIKssowWWSaYSRP1An4/rqzfeyH5 4J69BcgJTBOP1t26M8nNked0tzQTsc3MM6lf3y6ESPoT7elNGFgiSXYKgianLWgfwNBHgEz8Ezr XXzv6Gx4db2r9L7tvpT1bW4HvMs4e7lynrErrWJorapnorpvaFSiIHqqzhTO/PB8HAKA9w6TUw7 vY69ZeGuE4d1fSD3GYT0/H+q5bQCqgeU/MnyJMq1KCEVbKbVGGEzl4qJMp6SgB2VG14roo8xsrp pd9XxAsXeqHbFCMPKfOJKX/nxGlzu2RE8cnx7PWpzxiktU2V+OwwbDeuxTzmJbfw8o31YttHQ0C Tq0ZP0guh2KhIG0NU2gGGcvFuOKhtRGZVhgunhHKTj+eU= X-Received: by 2002:a05:6820:4d0b:b0:69d:889d:4ed2 with SMTP id 006d021491bc7-69e105d1f1dmr352805eaf.48.1780084383064; Fri, 29 May 2026 12:53:03 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:45 -0700 Subject: [PATCH v7 05/15] target/arm: emit tag check when MTX without TBI MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-5-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=10628; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=90fcYYNlCci8iZmGU/HSK7SfJ6HJ+1rxP3CNwl6XUxE=; b=V6hKC/iFWnJk8DJ1XEFpOarnLWtQ1a6/xYqQ7alsOyes4JP4lkSUY+6V66tFzx8vFt8V89pYW GbUKjjJuHGiBqGc6usdevN/WDlLJq6LnTw+CyERw+8JX2tTzQX7qqos X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2f; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084444335158500 Previously, the TBI bit was used to mediate whether tag checks happened. With MTE4, if the MTX bits are enabled, then tag checking happens even if TBI is disabled. See AccessIsTagChecked. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu-features.h | 5 +++++ target/arm/helper.c | 10 ++++++++++ target/arm/internals.h | 13 ++++++++----- target/arm/tcg/helper-a64.c | 7 ++++--- target/arm/tcg/hflags.c | 11 +++++++---- target/arm/tcg/mte_helper.c | 9 ++++++--- target/arm/tcg/sme_helper.c | 4 ++-- target/arm/tcg/sve_helper.c | 6 +++--- 8 files changed, 45 insertions(+), 20 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 0708e4c7d6..ebdc1e2855 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1191,6 +1191,11 @@ static inline bool isar_feature_aa64_mte_store_only(= const ARMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) =3D=3D 1; } =20 +static inline bool isar_feature_aa64_mte_mtx(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTEX) !=3D 0; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) !=3D 0; diff --git a/target/arm/helper.c b/target/arm/helper.c index 6210e3abec..902eac767b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9613,6 +9613,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index ae5afc5362..2abef67e03 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1435,6 +1435,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); =20 +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); @@ -1576,7 +1577,8 @@ FIELD(MTEDESC, TBI, 4, 2) FIELD(MTEDESC, TCMA, 6, 2) FIELD(MTEDESC, WRITE, 8, 1) FIELD(MTEDESC, ALIGN, 9, 3) -FIELD(MTEDESC, SIZEM1, 12, 32 - 12) /* size - 1 */ +FIELD(MTEDESC, MTX, 12, 2) +FIELD(MTEDESC, SIZEM1, 14, 32 - 14) /* size - 1 */ =20 bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr); uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_= t ra); @@ -1646,10 +1648,11 @@ static inline uint64_t address_with_allocation_tag(= uint64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 -/* Return true if tbi bits mean that the access is checked. */ -static inline bool tbi_check(uint32_t desc, int bit55) +/* Return true if tbi or mtx bits mean that the access is tag checked. */ +static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { - return (desc >> (R_MTEDESC_TBI_SHIFT + bit55)) & 1; + uint32_t mask =3D (1u << R_MTEDESC_TBI_SHIFT) | (1u << R_MTEDESC_MTX_S= HIFT); + return desc & (mask << bit55); } =20 /* Return true if tcma bits mean that the access is unchecked. */ @@ -1683,7 +1686,7 @@ static inline uint64_t useronly_maybe_clean_ptr(uint3= 2_t desc, uint64_t ptr) { #ifdef CONFIG_USER_ONLY int64_t clean_ptr =3D sextract64(ptr, 0, 56); - if (tbi_check(desc, clean_ptr < 0)) { + if (tbi_or_mtx_check(desc, clean_ptr < 0)) { ptr =3D clean_ptr; } #endif diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index 6505ee3c94..020ebf26a2 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1054,7 +1054,7 @@ static int mops_sizereg(uint32_t syndrome) } =20 /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA, TBI, and MTX bits mean we need to do MTE check= s. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) @@ -1062,12 +1062,13 @@ static bool mte_checks_needed(uint64_t ptr, uint32_= t desc) int bit55 =3D extract64(ptr, 55, 1); =20 /* - * Note that tbi_check() returns true for "access checked" but + * Note that tbi_or_mtx_check() return true for "access checked", but * tcma_check() returns true for "access unchecked". */ - if (!tbi_check(desc, bit55)) { + if (!tbi_or_mtx_check(desc, bit55)) { return false; } + return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } =20 diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 6be84b68ab..d9d783489c 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -283,13 +283,16 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, uint64_t tcr =3D regime_tcr(env, mmu_idx); uint64_t hcr =3D arm_hcr_el2_eff(env); uint64_t sctlr; - int tbii, tbid; + int tbii, tbid, mtx; =20 DP_TBFLAG_ANY(flags, AARCH64_STATE, 1); =20 /* Get control bits for tagged addresses. */ tbid =3D aa64_va_parameter_tbi(tcr, mmu_idx); tbii =3D tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx); + mtx =3D cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) ? + aa64_va_parameter_mtx(tcr, mmu_idx) : + 0; =20 DP_TBFLAG_A64(flags, TBII, tbii); DP_TBFLAG_A64(flags, TBID, tbid); @@ -441,14 +444,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *= env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, + * 1) If TBI and MTX are both unset, accesses are Unchecked. * 2) If Tag Check Override, then all accesses are Unchecked, * 3) If Tag Check Fail =3D=3D 0, then Checked access have no effe= ct, * 4) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid + if ((tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & (el =3D=3D 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); @@ -474,7 +477,7 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid + && (tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index bf35dc10ce..61cdf92c54 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -823,8 +823,11 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, bit55 =3D extract64(ptr, 55, 1); *fault =3D ptr; =20 - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + /* + * If TBI and MTX are disabled, the access is unchecked, and ptr is not + * dirty. + */ + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return -1; } =20 @@ -965,7 +968,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32= _t desc, uint64_t ptr) bit55 =3D extract64(ptr, 55, 1); =20 /* If TBI is disabled, the access is unchecked, and ptr is not dirty. = */ - if (unlikely(!tbi_check(desc, bit55))) { + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return ptr; } =20 diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index 0055e97a2b..2bfb12c086 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -674,7 +674,7 @@ void sme_ld1_mte(CPUARMState *env, void *za, uint64_t *= vg, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -856,7 +856,7 @@ void sme_st1_mte(CPUARMState *env, void *za, uint64_t *= vg, target_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c index a002006ea5..d05d8addfd 100644 --- a/target/arm/tcg/sve_helper.c +++ b/target/arm/tcg/sve_helper.c @@ -6388,7 +6388,7 @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -6750,7 +6750,7 @@ void sve_ldnfff1_r_mte(CPUARMState *env, void *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } @@ -7005,7 +7005,7 @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, ta= rget_ulong addr, int bit55 =3D extract64(addr, 55, 1); =20 /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc =3D 0; } --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084517; cv=none; d=zohomail.com; s=zohoarc; b=SlBoK2xa5UNjVoPnYeG1E4xCot4yep3Vpq/IHPYSkWsBkE9vgTdr8/nI6HgBTt8UC9p+V3rP5RbkUEcbfASHNwnAdTONFMm+R/ZXyVQ+eWSIVWrs8raJ2EGVGQc63qAOVqZ7/b9O/BKjBZT31aBZWzFdhxKRGxgRex9GNZdXDBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084517; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=AlrO//27Om236RSs+kJZmChk5zcuJ68zlH0WDU+6pyU=; b=ammc1QHVsQoonwFN3+YlCwZUuIwUHaSJ2XAoRm/lju61Zk9BOOdJQoeNUpPx3NGwqRZXC6HPkXmwn1sdMZ4NACbWxov6lRUU7AyenxelTyyR5gWI5rom2SPJFgqprO2AtUZR4AMXPgYx4WZhM5S+ZBxNzgjvVymhB24kRYEbo2w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084517014864.410496902842; Fri, 29 May 2026 12:55:17 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gj-0005Ko-HY; Fri, 29 May 2026 15:53:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GW-00050C-9l for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:11 -0400 Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GU-0005Yr-0L for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:07 -0400 Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-69d8f70cb0cso4722246eaf.0 for ; Fri, 29 May 2026 12:53:05 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084384; x=1780689184; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=AlrO//27Om236RSs+kJZmChk5zcuJ68zlH0WDU+6pyU=; b=Cj7E3mHiLFZ/Qpk3LPZc7y7Cl1rMvf3MIunLiMzFBaIm7glpEpzpAsZUyJiE3855W/ jcoUj5rscasgRVGHuIHxdxG9caluu1VGHP5FIvRCwncumL5WrTvelqe73I2XWoOqPocm fFwP/XxzPtDvnkp3xbki9tUHhwod/pX1U5gHdIL7zsR5aulvtShYcKVHTxTktf6zeMWr MrvWzdrHWU7OL6OzsBWk8L0z4wj4pN3PStg6CEZH2Mpe9qHBtYR6PC607oPcq+I915K+ WHW1vtx6gbAji3TVHuN2Vuf2Ab1bwU5Gu3uGOtcaZ9xs1VTcB7l0exIZkSMR8M4oQ27a RC5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084384; x=1780689184; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=AlrO//27Om236RSs+kJZmChk5zcuJ68zlH0WDU+6pyU=; b=YfbkmBPQd7CrVWaUuwsuKXzr/B1i+7Z04at16ke4zD7jiVxLFJlNisArNRaVCiC8lF 1TGIcMmaL597lTV2pCfOKUqnM+39CeG2F7u5MRrIetRE4bWhnlNoWlTeCZd3ctrQumL0 EdTrZtruivfQCpvYoFuaSA9p6EaOsusnnGZaR94kBimWXAmZPmjyZ94fb+coKXe5d79o SUJ9V/cBCbc5XbpDibzr7bQBgAdV2i0CyE6l2mJ0uytbQats8yCtjWunppfy32QdFzNy M5ohbFQ9EQY94boyXzniozkRE/OW68AyPEj5xfTUjylhOnVj3KtO1qJmaYyvBD+W2mY6 G/mA== X-Gm-Message-State: AOJu0YwT2SB/uxM9v9vYyhJ/vvSMaVi7BCQSkGgjKwd1eSOe7OpLp2lt WddZ/j1DSu6VzuPo/ZvnuT84Fp28IS/tY2+WZSsIGktYPyPDLMzXms40 X-Gm-Gg: Acq92OGRpqcyBN8AU0VHBzzjDc8X+B6zkOXXb5X7VjN8ojDbe8rfgE5PF/GN6D+JIlP cmemx7wAiszldyNpVcgwq1EL03Vq8DE1PMS3+OyrV5v6OvPCIN6tMs79ScfM20RH2qjUyRmxyYX dqZcXN+yvRf8x7eZ0nF4lisiv6JfCAQ6myeXySnJ6LKKFrpoQRBrt0K3NfabofdrxUbPu3QmukK HE8MHgM1A6Ozvk5RV++1dol77SwMxV4k/bWg+AWm3Wlf8x7JiJIHWDikCu6gGQRmUwqcjXZAZSd XYXKZKhNgqlJtZ/LdbqoLEr5nsakAo1Iifbbomc7kpOZ/wt0WvZiQKhnUUQdEyZ/74IvQg7sBu9 df4MtzQ/kBnYMDEWeJFgHbKpQQAlpjSExHDxBG1eRdnyYHGrHc83kutSrmSQUndguDKPaf27kod 0sVEsMqAf2i/rvgQbHTd9mnHrQupExl2s7rwcYldPOorU= X-Received: by 2002:a05:6820:4cc1:b0:69d:6a9e:e925 with SMTP id 006d021491bc7-69e104b941bmr395263eaf.27.1780084384184; Fri, 29 May 2026 12:53:04 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:46 -0700 Subject: [PATCH v7 06/15] target/arm: add MTX to MTEDESC and DisasContext MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-6-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=5379; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=AyoBnLhE7qQZx6eJGl83wzWfquYA0tuBBKvsqKudltE=; b=LdJc1ZrDb7S2/Ymzk6QSwMsKhhOP7WpAxyyahp3RKn9MM5g4W0blsx+/OmsfT5WPc6EKzkaP2 8FQSOfDjoLVDUio4zUnPv6EXwPyLWug6L/Yw8TV+neKPvZPAcUYtFlS X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c36; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc36.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084518606158500 Add fields for MTX to DisasContext and MTEDESC. With MTE4, the fields will be needed in future patches that alter tag check, tag load and tag store behavior. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/cpu.h | 1 + target/arm/tcg/hflags.c | 2 ++ target/arm/tcg/translate-a64.c | 7 +++++++ target/arm/tcg/translate.h | 1 + 4 files changed, 11 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 08f04a57af..dd939ab22b 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2536,6 +2536,7 @@ FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2) FIELD(TBFLAG_A64, FPMR_EL, 45, 2) FIELD(TBFLAG_A64, MTE_STORE_ONLY, 47, 1) FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 48, 1) +FIELD(TBFLAG_A64, MTX, 49, 2) =20 /* * Helpers for using the above. Note that only the A64 accessors use diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index d9d783489c..0716ca98fd 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -500,6 +500,8 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *en= v, int el, int fp_el, } /* Cache TCMA as well as TBI. */ DP_TBFLAG_A64(flags, TCMA, aa64_va_parameter_tcma(tcr, mmu_idx)); + /* Cache MTX. */ + DP_TBFLAG_A64(flags, MTX, mtx); } =20 if (cpu_isar_feature(aa64_gcs, env_archcpu(env))) { diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index a5850fb58d..036081d897 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -312,6 +312,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, = TCGv_i64 addr, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(mem= op)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, memop_size(memop) - 1); =20 ret =3D tcg_temp_new_i64(); @@ -345,6 +346,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr,= bool is_write, desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, is_write); desc =3D FIELD_DP32(desc, MTEDESC, ALIGN, memop_alignment_bits(sin= gle_mop)); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); desc =3D FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1); =20 ret =3D tcg_temp_new_i64(); @@ -3007,6 +3009,7 @@ static void handle_sys(DisasContext *s, bool isread, desc =3D FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s)); desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); =20 tcg_rt =3D tcg_temp_new_i64(); gen_helper_mte_check_zva(tcg_rt, tcg_env, @@ -4874,6 +4877,7 @@ static bool do_SET(DisasContext *s, arg_set *a, bool = is_epilogue, desc =3D FIELD_DP32(desc, MTEDESC, TBI, s->tbid); desc =3D FIELD_DP32(desc, MTEDESC, TCMA, s->tcma); desc =3D FIELD_DP32(desc, MTEDESC, WRITE, true); + desc =3D FIELD_DP32(desc, MTEDESC, MTX, s->mtx); /* SIZEM1 and ALIGN we leave 0 (byte write) */ } /* The helper function always needs the memidx even with MTE disabled = */ @@ -4928,11 +4932,13 @@ static bool do_CPY(DisasContext *s, arg_cpy *a, boo= l is_epilogue, CpyFn fn) if (s->mte_active[runpriv]) { rdesc =3D FIELD_DP32(rdesc, MTEDESC, TBI, s->tbid); rdesc =3D FIELD_DP32(rdesc, MTEDESC, TCMA, s->tcma); + rdesc =3D FIELD_DP32(rdesc, MTEDESC, MTX, s->mtx); } if (s->mte_active[wunpriv]) { wdesc =3D FIELD_DP32(wdesc, MTEDESC, TBI, s->tbid); wdesc =3D FIELD_DP32(wdesc, MTEDESC, TCMA, s->tcma); wdesc =3D FIELD_DP32(wdesc, MTEDESC, WRITE, true); + wdesc =3D FIELD_DP32(wdesc, MTEDESC, MTX, s->mtx); } /* The helper function needs these parts of the descriptor regardless = */ rdesc =3D FIELD_DP32(rdesc, MTEDESC, MIDX, rmemidx); @@ -10723,6 +10729,7 @@ static void aarch64_tr_init_disas_context(DisasCont= extBase *dcbase, dc->mte_active[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE); dc->mte_store_only[0] =3D EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY); dc->mte_store_only[1] =3D EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY); + dc->mtx =3D EX_TBFLAG_A64(tb_flags, MTX); dc->pstate_sm =3D EX_TBFLAG_A64(tb_flags, PSTATE_SM); dc->pstate_za =3D EX_TBFLAG_A64(tb_flags, PSTATE_ZA); dc->sme_trap_nonstreaming =3D EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTRE= AMING); diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h index 551c6ff347..37a7268b32 100644 --- a/target/arm/tcg/translate.h +++ b/target/arm/tcg/translate.h @@ -82,6 +82,7 @@ typedef struct DisasContext { uint8_t tbii; /* TBI1|TBI0 for insns */ uint8_t tbid; /* TBI1|TBI0 for data */ uint8_t tcma; /* TCMA1|TCMA0 for MTE */ + uint8_t mtx; /* MTX1|MTX0 for MTE */ bool ns; /* Use non-secure CPREG bank on access */ int fp_excp_el; /* FP exception EL or 0 if enabled */ int sve_excp_el; /* SVE exception EL or 0 if enabled */ --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084530; cv=none; d=zohomail.com; s=zohoarc; b=NDuoHdqmy2dlJSrsEa98lYj4Txi0aXSwyDCWlHUbNlZ2Y82bl5II39S9LhR+zSVOQo7isOb5gOLbNDrfrFLQeVQb+YixpzQXO8PU285dSuE12RWWrqH161KnGyai8RwNjPv+fgNu9edRvWkupsVhvDws10CwXDgBcyBj01e3BN8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084530; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=OtXXBqtV0wD8jsrwvKz8f2moqJX8dr6sPSmah2qwSio=; b=B+CcNgpGVn6RfthrS4pclKH3UK5gcA617rv1iPtkQUR1PiOQRXuTPOl8EVPII7ZXIX5vPSVvHkWjMPqin0aIC1zNbTaOmsTROMBwTJhM+fnqtHNu9xvte1Yx1Ik5CXh4py5GAXVWVddd0dd0AXiSAqy3rOrSa9gKTGprOXxCyrA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084530948181.75072766795574; Fri, 29 May 2026 12:55:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gj-0005MS-Q3; Fri, 29 May 2026 15:53:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GW-00050G-C5 for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:11 -0400 Received: from mail-oo1-xc2c.google.com ([2607:f8b0:4864:20::c2c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GU-0005Z6-LV for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:08 -0400 Received: by mail-oo1-xc2c.google.com with SMTP id 006d021491bc7-69d7cdd3b8eso3103498eaf.2 for ; Fri, 29 May 2026 12:53:06 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084385; x=1780689185; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=OtXXBqtV0wD8jsrwvKz8f2moqJX8dr6sPSmah2qwSio=; b=fjlFOSnWI4fzVT74nQIHJFm/wVtOrcxv9BHflpLKgRvqlPOR5xUbsjM75f+tJhNaOk 8lN0rwCzL7PmCrtEprp2/RFS+YpB2PvKB15WrCddcDbOKzlPBDTVYuG2WxXCgOQuHRc2 yOkHrT3KHqcBgKeEEsYIAyqXIVKam0USvy2P1sQHqCV6pL/ZE7SFJvJCTrHn3g7t4Wqy /H4FXBjRt277lCxdowvKq28/aherlhfML/7JpBO8skBEnUP39YO0dQsT3zct0VSTsz2v gWhgmVC+OzILN7ZJyue4N6TvqU/P7R/oE7TnUKNhMBvh3VI5tTy5Rx8cXvwJN1kixkTA 2bDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084385; x=1780689185; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OtXXBqtV0wD8jsrwvKz8f2moqJX8dr6sPSmah2qwSio=; b=PYnBPA5NLpgrv4xY7vwwr2vTukpBzwJFFG86poMkN8zam4DYiO6nrlKv3mFoyLm5Pb 0+wai+d+nmi1V+I5/XjSH+7FAE+43GISnpxRi3BB7UOUu8+ZWMnSRUUCE3Kir81ztVMW bJXycAd83h8lCkavqLgj5wEaUadgpcxOwepA6eS6PXySR3IwcHV8eRTzv5WHC5ApwYNx uGQMspiAcQ7rqFQ/Zm4BhuioZKZNhENc8kDqN6AEgSf30ZfI0l6iol6TA+LNGebm4All e/wDm8llDCtpEQcWYrdc8TAZH3KYnrMDdaHVpxsMfg4zwaZTSlsW3hl+2fAaNnXF6GwM tUOQ== X-Gm-Message-State: AOJu0YxOLM11bllS9GIKJLUzAquhLnbVK6JqUghrOmhQLjXBycs5WBQd mS1wtCoiDgcb4LtGv2O/tPkzLSZMpiBOCiJlkVf+Nkk69yZKWAKqvf99 X-Gm-Gg: Acq92OErU0UhqZE+4t95E+0NXA3pCDOC9xh3HFo/UJ+NnXzTdMdb52YUloeLiJmUZJR sdCnc2T8kSm0CYDo0nQA2wfL9ILbWu7f8BxEty3GiGbRtgCUFgEtT2LMvrievfuXVqibPvZH3+X h57QYVRrnjlGNZZSlLZRvOceYhcqKR5YfVGQxeJkhczQ7BgVzGukC4pN9BlRS/tU14FJTnzCZ3d Sac6IH/+LxcigooKb2BPIDQtGktNSucRXBuXZSzScJxw/XdjZgfWMrzHUEa+K/sImmb0fwFBaUn o12tqKUgKiiDFvWa8H2EnBVGC+ehj9QjT5cnyCJZrUrjoVwZ9UKho7EnOJmj58q6EmORYGDVACq vAnyrXn+71tmTgrVBAgF8mzPlUliK8pFBSg6B5WNt7dB1tYSfZFje5j3pCwYShX0/8/CiS/yz1u z5LrtHEWem/ekKsljmeKqPVQT9IZkp9Q3U3ulsmEvgyNg= X-Received: by 2002:a05:6820:4c15:b0:696:8e8b:20be with SMTP id 006d021491bc7-69e104765b1mr374420eaf.10.1780084385346; Fri, 29 May 2026 12:53:05 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:47 -0700 Subject: [PATCH v7 07/15] target/arm: add canonical tag check helper MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-7-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=1412; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=KZ5rd07qFUR2EFmgoE/ETK1HSHcIEDQXk34Kau6YNWs=; b=f139zGDKOrYh1AzD72WKsirz4Jmj3aOidiN/JeFQkieiGXDKo/F+L26XdNzYdoBGOJ4VG69+i GxL61DdUx0pD8zB5lHmK3tMszRDDj9Z1I/NjLJlC5dbTqFqfreZFIdk X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2c; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084531909154100 Add a helper that checks whether mtx is active from MTEDESC. Refactored an existing function to use it. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 2abef67e03..92941a3ac6 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1655,6 +1655,12 @@ static inline bool tbi_or_mtx_check(uint32_t desc, i= nt bit55) return desc & (mask << bit55); } =20 +/* Return whether or not the second nibble of a VA matches bit 55. */ +static inline bool tag_is_canonical(int ptr_tag, int bit55) +{ + return ((ptr_tag + bit55) & 0xf) =3D=3D 0; +} + /* Return true if tcma bits mean that the access is unchecked. */ static inline bool tcma_check(uint32_t desc, int bit55, int ptr_tag) { @@ -1662,7 +1668,7 @@ static inline bool tcma_check(uint32_t desc, int bit5= 5, int ptr_tag) * We had extracted bit55 and ptr_tag for other reasons, so fold * (ptr<59:55> =3D=3D 00000 || ptr<59:55> =3D=3D 11111) into a single = test. */ - bool match =3D ((ptr_tag + bit55) & 0xf) =3D=3D 0; + bool match =3D tag_is_canonical(ptr_tag, bit55); bool tcma =3D (desc >> (R_MTEDESC_TCMA_SHIFT + bit55)) & 1; return tcma && match; } --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084419; cv=none; d=zohomail.com; s=zohoarc; b=i+dQXuwclQZZo+uQ5b5qhwG9jsnneArZsskOln4qs0lLCxWwB+FhMs5ueS/lIYLR+B+6qLyN5zn1pwmjCsEuc+H88QJMe9NLgIYJ2WjdVSASYko4xLjwWfY2NmSvlXEfB28L3tmphCVPEISAD7zjX9vpGHN3CtzC/4CWMAQFJJc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084419; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=takdfyWiXXVLrnGTHIjqt065rtU2KRdDbRfE40YLLNU=; b=TSuVwvD2zybE9TkSJHD0Sdu/yuOQtSLDLr5wDyGTb9zI0namzUPyxJX/acxpJfHujfEg77P2ld4vgMm6C4EIQsX0485RA+xs/7tQ6HKLU+ijzspKMQ03/lJdWYgjimWy7SusRdXbzd7eewe/Zyjta/ZqR4QVD9LomwcazH+tA+0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084419121723.7448164012934; Fri, 29 May 2026 12:53:39 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gm-0005hN-Sk; Fri, 29 May 2026 15:53:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GX-00050J-KK for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:11 -0400 Received: from mail-oi1-x22a.google.com ([2607:f8b0:4864:20::22a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GV-0005Zo-Vn for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:09 -0400 Received: by mail-oi1-x22a.google.com with SMTP id 5614622812f47-4856128f670so5547506b6e.0 for ; Fri, 29 May 2026 12:53:07 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084386; x=1780689186; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=takdfyWiXXVLrnGTHIjqt065rtU2KRdDbRfE40YLLNU=; b=gU4pPh0eJsUu5cUmBWXd8dCu0PqwZW1e0xyHwQn1lJMjlH9pUYGcFc30NqjHt/tQV6 pg5n9SXv4QmUKn+Y0m2SmRjdacGJDs0dSVeQ40LhRFddmM48Co15T9pGFt/kZpfhJD7I 3+joSxsFQGoiM3N2bwD5xXlkuiSHUWHxq4uWxyrjRC1VLVugLHY8tW4IGK6xdwEUze0W uitr46361T3xgvyjKYB3tbXk6xuE9DOEUUId7alHVOcFmXEE8cBvBBKV0EndzYgkeNBy Ze5jfbbGoWpd9oehIDubT4HEkfbYPFIGRiJDSY0LjrqUjaywUC5g3LU1ZuJv1wbiVS3/ w25w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084386; x=1780689186; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=takdfyWiXXVLrnGTHIjqt065rtU2KRdDbRfE40YLLNU=; b=Yu4HfUGCoihVth0g4ImgwJr2M97EeTzJJyoNQwJSYUPFdw/8FU4bL5MBlSO8U3CkPi MnyZU2FcwVR8PinY0hjHeztJkM3RJYivmED/nU3sK09DOnqc2L/cv4+8qMialuDenia4 nkpn96ofAykJgJCxC46FoU22vB8jGCTAt6NMSjHN9cd3LoH2BUh5Wiw2zQd+Kevz7bbY JOVTL26IGD2b0OZWwiSt3Qea/2BTQziN9gKFHKMnegkmc/OFrcxrfupIvkjxC6m8bBhx 3EQ30bfgKKJEF7gbG/LuVw5UpW6i5zoA9sb8VXLy8UY0PiNwWjzMHvb28hR9EwwLbNJq c4Bw== X-Gm-Message-State: AOJu0Yyhvj+e03eUgudxwtjsEjNq/putsV3h7GK0JZsEwQKOKZquHp3p l+01rDGmFoI2I25yJZm+KyuYNI0XCBqoomo+qc+4XYhkj+GdjZah1TiQ X-Gm-Gg: Acq92OG0PIMxLCoCPz2ZhH56kPNardcQ0GzVQFBPphRGx2ZNX4BBDN/uUTBYyrVGK0W 9FgxVpaozD8cS8IXdlMZMxVL5r2cbnr8WiZqqFJP3f8Stg8H25MXt0JcuDpQLMJjxazKIC25Tad UtSYvEdhFVaatT0cH9BSVysX0a0yV2jK3jTfx6/spQ5nV098T95D5CgYt9HAVezgfXU+4z3G4fl ZjtwsiY2vFTC6VLs5d/73RiPx0Rf3Esv43Pk3PaRG5Y1nmEsI7wQE+7SUM7piTFcX3RrmL7VOek DIyWvFa/Y9SVcZ7uv0U0CONYfg3rlwoL8taiDQHdVyZY/TxUY8gzNtKvTMJed0KjDw7H5vslYoO 1kqADafSLzdi/cl/KI60VNPKiUpurAftca14XXz8GXOWJFYi9X63Nb9a6Tb/K5ZkXp4MzceTtk4 Yji8A4OUEW0ToCrpU52R6HDRn5DV3Xk7CYB6eOLQDbVlxPjrosMPeFPA== X-Received: by 2002:a05:6820:198c:b0:69d:fe0f:6a62 with SMTP id 006d021491bc7-69e103b6236mr417221eaf.41.1780084386537; Fri, 29 May 2026 12:53:06 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:48 -0700 Subject: [PATCH v7 08/15] target/arm: add canonical MTE check logic MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-8-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=3812; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=TQrho9CGEIkIuNRZMkdpuKAfRMf5fhwXjihR0xKAi0M=; b=+abtpZUcw8kdvptbuA9lHj8868oWKUCGZnIlqFKC8x/JQ11pxtWZRM8ALhQBvGrCNmKDkOq5z X44mGu5ftx/BMhhlzEGylkC+zcd9ShkfDCPTIHkSM4I8FclBnuyLsmT X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::22a; envelope-from=brookmangabriel@gmail.com; helo=mail-oi1-x22a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084420164158500 With MTX active, address tag bits are checked for canonicity if the corresponding memory regions are not allocation tagged. See AArch64_CheckTag. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 6 ++++++ target/arm/tcg/mte_helper.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 92941a3ac6..51d7f09889 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1648,6 +1648,12 @@ static inline uint64_t address_with_allocation_tag(u= int64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } =20 +/* Return true if mtx bits mean that the access is canonically checked. */ +static inline bool mtx_check(uint32_t desc, int bit55) +{ + return (desc >> (R_MTEDESC_MTX_SHIFT + bit55)) & 1; +} + /* Return true if tbi or mtx bits mean that the access is tag checked. */ static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 61cdf92c54..d35e3ef04d 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -858,6 +858,14 @@ static int mte_probe_int(CPUARMState *env, uint32_t de= sc, uint64_t ptr, mem1 =3D allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, MMU_DATA_LOAD, ra); if (!mem1) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTag= ged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55)) { + return tag_is_canonical(ptr_tag, bit55); + } return 1; } /* Perform all of the comparisons. */ @@ -873,18 +881,24 @@ static int mte_probe_int(CPUARMState *env, uint32_t d= esc, uint64_t ptr, =20 /* * Perform all of the comparisons. - * Note the possible but unlikely case of the operation spanning - * two pages that do not both have tagging enabled. + * Note the possible but unlikely case of the operation spanning t= wo + * pages that do not both have allocation tagging enabled. This can + * happen with or without mtx (canonical tagging) enabled. */ n =3D c =3D (next_page - tag_first) / TAG_GRANULE; if (mem1) { n =3D checkN(mem1, ptr & TAG_GRANULE, ptr_tag, c); + } else if (mtx_check(desc, bit55) && + !tag_is_canonical(ptr_tag, bit55)) { + return 0; } if (n =3D=3D c) { - if (!mem2) { + if (mem2) { + n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); + } else if (!mtx_check(desc, bit55) || + tag_is_canonical(ptr_tag, bit55)) { return 1; } - n +=3D checkN(mem2, 0, ptr_tag, tag_count - c); } } =20 @@ -999,6 +1013,14 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint= 32_t desc, uint64_t ptr) mem =3D allocation_tag_mem(env, mmu_idx, align_ptr, MMU_DATA_STORE, dcz_bytes, MMU_DATA_LOAD, ra); if (!mem) { + /* + * If mtx is enabled, then the access is MemTag_CanonicallyTagged, + * otherwise it is Untagged. See AArch64.S1DecodeMemAttrs and + * AArch64.S1DisabledOutput. + */ + if (mtx_check(desc, bit55) && !tag_is_canonical(ptr_tag, bit55)) { + mte_check_fail(env, desc, ptr, ra); + } goto done; } =20 --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084493; cv=none; d=zohomail.com; s=zohoarc; b=Dp86O1iJJRuUZraM6BedrqTFk3H7/7j2lEb/ABOUACqNOPqLsoE9D1uy4rR3ZYLNVy14YZIUlmtTjvWiZeArlaAiR+TsMF9qfjfyd9QEIu6/B/0XYaIfE4/AXh+oTBXB5Cf8GxDnNGlikQBeR63kQGhL4ETvfGnpDF6ljWkVw5A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084493; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=OJWK/EkTlXrsXIihSwbH79j1+Y9Z/xhoRkrOHiWGDKk=; b=J5CfCRVCwyu612LGdBo2oOARybK8XAliQOUrfcT8Y/EX09RRJV7hrTWApAhRB+5bKR4s1VGWk3QS+xCuPXdcM1Z+5GlQg0cYsCfS0mZTB+j2zW1MQadk1lpcbmvj7YIAQjSX7kBVouYdV/Ie5PkKbBXJw3lc5Bc3aehDyi9Bno0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084493745648.0444005505706; Fri, 29 May 2026 12:54:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gi-0005HU-Vd; Fri, 29 May 2026 15:53:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3GY-00050T-T0 for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:11 -0400 Received: from mail-oa1-x29.google.com ([2001:4860:4864:20::29]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GX-0005aM-2C for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:10 -0400 Received: by mail-oa1-x29.google.com with SMTP id 586e51a60fabf-43b6f19b7d4so5729241fac.0 for ; Fri, 29 May 2026 12:53:08 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084388; x=1780689188; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=OJWK/EkTlXrsXIihSwbH79j1+Y9Z/xhoRkrOHiWGDKk=; b=Qy3KWGOryzu0R/RDeo7KnWhOBpBipKfcYIcMqH6R/jPBtOR4FGIWpDbkKkXrUMVPCk wsoSWXyJhdsfD749YxPEJ5L71bdx6KAvvncbP/Leb157tYLVxjYK8M/7nxH2q9WFh79E 8gm6l4vGF7PtBJ5OQDJCqurJoSQpy8w/UNAC6LTbuXcO82qBWuPD0h4Q+p48V0ZH+MML YZD70B3HUEgjE0K2dhqZ7NQ0KTHjhBF8F3qn7CiB/ejqG+PL5b4di6+0Jwqds7PYrPFr wBMrIbbt28UjsMhWSUoYQ2yaypV9iUR+XK3oNdfuhQqikUhFyxwMJ3d9nNtRO62OWG/1 LZiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084388; x=1780689188; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OJWK/EkTlXrsXIihSwbH79j1+Y9Z/xhoRkrOHiWGDKk=; b=m5MJpIRokgFM48PMLk3srqz73AZh05t/G8OPFBUP3fSuspB9BUHd+6HidS9C6Ndc6i 7zvb0F5uNHskmi1WMHKrkJt6VKKM+ZFUqQUorSg+pwYPFZsKQi72g9/as0DIoNjxE6pk 296VbP+tIlN7KY/DRzRGLlbSQHbahhT0/gQ69B8+inWWNy+6wWH+rS1+6eFRnYWjCx3C IATFW4nRJoGZ85j99wbM/J9M0EaeMr5VE3b8SRSvVLH7xjq24l/gryNR2W0Du1wQ6RyW 8MuoTkim7QdRKRMWOhgLTbQ2L+csukLCs3IXiU6m5gzHqU/IbaVtR2vTwiPd2yzf4b++ mrIg== X-Gm-Message-State: AOJu0YyEQpLCekrmtJPVWsSblTRQMRdHsXY7lSFgORLn3/XihIkHrge4 cSesLCaZdtIRUT2sTsyihSGldBPubcRXECMHZIsh/jdFypp8P30ejbw5 X-Gm-Gg: Acq92OF/AjVI/aWuDLtsFRMvtCWYtYTiiTE2L5KNqqAUzfihRenStYEAm1wL7l+1BYW +HuQTYroYDpKg8PbTaVKWlrK6Pe8CiQKqj92/zn2Xx3LBpu9UXmgGa0M08VfBUdKqw+ofvQ363m kBZAneCYUHzOZvbJ3G4DPdIcMwZGjuPNQk1EMOkqB3yqxl6F+YwiXqOnUV7InJCXRHwtRIFxPiw vagWkM8mCxDkWBVE1eW7e+ULjI0jwvAEHbWl0YYM7hhIe5hr8FZxtkKjCnzBf6hkxDo4mrQIvWM dQjj5RVyADKiV8WBvUYVVYU1fN886k/IUfchuHEMGuE+viIF2V2BENmmhvnvVT/J337Blnv9xG2 xmkdudYsS2cZ4xH2KeeuuEqPTmB8RdLSYkWHSd5QE3LUuIE/i0MnNRslz5D6Kg8wzgBXRO7HMDw gX/EvHvP8096zx7Tpsowivkk2RKLBoODmu9n2DXqC0hzr+BfsYfuT/qA== X-Received: by 2002:a05:6820:2906:b0:69d:f794:5959 with SMTP id 006d021491bc7-69e105c89bbmr380990eaf.56.1780084387759; Fri, 29 May 2026 12:53:07 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:49 -0700 Subject: [PATCH v7 09/15] target/arm: load on canonical tag loads ext bits MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-9-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=4424; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=ucqsYSjKNLvRjA8zNnf+RDqvB6/wlstLRsyvDgUe30c=; b=uTgMOcWX5l91glXE/ctf6rvfNpOSuGieGWKAhAlj4MWi7/Kw7JfHSOqHippSJuKyE2bs0lXw1 OHuoZoqmQAaC0p0nW60B2jxYiX8pNq7pgTtafpnIUMdMyA14VB4mOEO X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2001:4860:4864:20::29; envelope-from=brookmangabriel@gmail.com; helo=mail-oa1-x29.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084494607158500 Loading tags from canonically tagged regions should use the canonical tags (extension bits), not allocation tags. See AArch64_MemTagRead(). Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/helper-a64-defs.h | 4 ++-- target/arm/tcg/mte_helper.c | 14 ++++++++++++-- target/arm/tcg/translate-a64.c | 4 ++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index b7880f773e..c196c927f4 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -102,14 +102,14 @@ DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, en= v, i32, i64) DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) -DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64) +DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64) +DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) =20 diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index d35e3ef04d..c382f0149f 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -304,7 +304,7 @@ int load_tag1(uint64_t ptr, uint8_t *mem) return extract32(*mem, ofs, 4); } =20 -uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t= mtx) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -317,6 +317,9 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, ui= nt64_t xt) /* Load if page supports tags. */ if (mem) { rtag =3D load_tag1(ptr, mem); + } else if (mtx) { + uint64_t bit55 =3D extract64(ptr, 55, 1); + rtag =3D 0xF * bit55; } =20 return address_with_allocation_tag(xt, rtag); @@ -458,7 +461,7 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) } } =20 -uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) +uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, uint32_t mtx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); @@ -476,6 +479,13 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) =20 /* The tag is squashed to zero if the page does not support tags. */ if (!tag_mem) { + /* Load canonical value if mtx is set (untagged memory region) */ + if (mtx) { + bool bit55 =3D extract64(ptr, 55, 1); + ret =3D extract64(-bit55, 0, 1 << gm_bs); + shift =3D extract64(ptr, LOG2_TAG_GRANULE, 4) * 4; + return ret << shift; + } return 0; } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 036081d897..852578aae1 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -4715,7 +4715,7 @@ static bool trans_LDGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_ldgm(tcg_rt, tcg_env, addr); + gen_helper_ldgm(tcg_rt, tcg_env, addr, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_LOAD; int size =3D 4 << s->gm_blocksize; @@ -4750,7 +4750,7 @@ static bool trans_LDG(DisasContext *s, arg_ldst_tag *= a) tcg_gen_andi_i64(addr, addr, -TAG_GRANULE); tcg_rt =3D cpu_reg(s, a->rt); if (s->ata[0]) { - gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt); + gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt, tcg_constant_i32(s->= mtx)); } else { /* * Tag access disabled: we must check for aborts on the load --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084417; cv=none; d=zohomail.com; s=zohoarc; b=fPf6Flcu3zd7dqALzd7rAGAdTE8JTL0u8mmowTn2vwYCFTQ6SllyhEJpXDjp5AntTL/Fkz0BAjADpRgli2v7Vo7njfKfjK7dCTVXjs4AXp9kgowEzlI7VgVIMf7xHWIijnFM4ZuV93dtEP1DZwGz94ZVfo68UwjE+QZh1gbAO68= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084417; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=3uOtwdatmeRlBBkbGde0Ch5zJnEnTZkD0jjTjy83AM8=; b=iIDCM/A32GtUObVRIyhXjP0AFG0ggYHmR/FhuhTX3P3+9E9TYQ/npxHdZVFL/ZNfV/1VMrwKhXj8SdV7FF6LP1Fui2pWDMqrmhvTlkmngbzwwpTtUR3WGTRtfBxABpYniNhVva61SXqOA7PB4704wAUS2FsIZ6MsdGjuaBfZ0wM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084417725954.2733892939564; Fri, 29 May 2026 12:53:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gl-0005YP-Cf; Fri, 29 May 2026 15:53:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Gb-00053X-EJ for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:13 -0400 Received: from mail-oo1-xc2a.google.com ([2607:f8b0:4864:20::c2a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GZ-0005b4-9e for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:13 -0400 Received: by mail-oo1-xc2a.google.com with SMTP id 006d021491bc7-69de16f5f79so1704453eaf.0 for ; Fri, 29 May 2026 12:53:10 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084389; x=1780689189; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=3uOtwdatmeRlBBkbGde0Ch5zJnEnTZkD0jjTjy83AM8=; b=fIN6XIFB+MOsvcOQrjhXjrwWOjpenX8NXowkjsTz+IifnJMk7C3Vxv4eg7m4pAVNyr R2ipZwi/6iiJIwAEhO9nnFim1d2xRvzSBmU/TZDEsAYGSOeg4PAw0w6/fgLE/X3j07BW cOFC6qfl4zKYZmgJU3Oi7YcR4udUJzvkwx5xCXLxoVxu0gEBTSUCJY/Ipdr6IAm5gMmG 9XjUWx6jJAeTog0wDR2b+V247Dk3AcjvIRM1fup+GVGT26GMY7JCjpZ7NI8cg8HizggR LsGNIKS/FnETR3PkUhXM39UKyKuO8ZqmbxzK9OWyJb4VJNi002ovfl6EaaYDBfD49Qlk zhbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084389; x=1780689189; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3uOtwdatmeRlBBkbGde0Ch5zJnEnTZkD0jjTjy83AM8=; b=WcWtXyEs7Zl0Fx1CE9OAg4BPw9JMXyAFBAkIIGH9h+AuX0MpK+JmTHf7c+abT/lYJf D2Y1s+BW4UKdznXbkPv5NB7YDOyhhDdz0O6D4HDb4LQG5VP0Lycg9M3m1CSeM7M0RU+A le0VsCOcf+j6zZ7RXC5m7LSqvde2iW410fsHk+XHrmmDJDkZ9cyBFmU1QF6/WxZYQE2+ tUvJ9CEi1hGnSO53kvVwcSbB601CLwwheIiywnZDwsH7fMdzpP1bfyU/wBZzZAdSlmMT VC1k7/hb9B2OR94M+W8smYwg+S63sVd1Z2RLpbY7x+O2T5k2hqCvoy37asWOAE+cvhro tL3w== X-Gm-Message-State: AOJu0YxFzK4OzzIZ3fblaKuls36CS/Ayb61ueOfAVlfveSVwRPDnLial 35TKrwdZTmKwp3tk1Jw8R8XGOPcYbaxh0gzYky8Tq7EpCm25jYPg1VMo X-Gm-Gg: Acq92OG4aHZyih0JOgArNYMzmoCauNXsYIYhSG+7pecPZiF3gVadPmOrWsLfw/hhyS/ 44fPl+VGqQtZi9GX+hRMUq0R4wtxDKR2Fj0w2XeH4HOSbNB46Kcy8TFGNbAhacsynIv4Xt6Ecds 4ww01gvneFehxveFxQ7wDGDo1TPFeIG/EjAdyNJp8cLg6BN3xzZFZd7JCKD0/zpTuxxxLn+o9oo y2TtRA0huMnI7y07Uch/WgYqtpCRCDQifYbSEJAeYu9b3hjNkggd9KmrV6PVWOP+h761UtqjeD8 f6aFeb7PiZH+iIB8NQoTG337wkixNUXEdO1YqJs/oLvZ0ruq/TJVnWFA4NyyvajyUz7oPnOeObj /qiSMOw4E8hK1ktu3qNfRc8r2q8PeUg7o1wCSRfPymlb8sCwp2NBHdulzDWcndfeSIt7e2pz1aC +fqU9ofwd0u6V5OZGK/QkPtGGAEowiHqwTSY2DqhYDk1iMXnRAqMfmsw== X-Received: by 2002:a05:6820:168c:b0:69e:1ef:7eb5 with SMTP id 006d021491bc7-69e10382c1dmr331535eaf.38.1780084388949; Fri, 29 May 2026 12:53:08 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:50 -0700 Subject: [PATCH v7 10/15] target/arm: fault on tag store to canonical tag MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-10-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=11322; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=bjx4rkGbaThabjT+6UMg0dO1cos2GSV78m3uYkm3+rg=; b=73LXh8abHivAiXkTzq+kbT2XpnoQmv+428uw4Y1xzi5pC+ec+T8oqjP7S36O1Jh5Li0VhLy0+ NWxJLDZCqglCxaaM4aIQwXntCccDcyieTW0dvDl3uZaKMJobzDBoyJD X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2a; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084417955158500 According to ARM ARM, section "Memory region tagging types", tag-store instructions targeting canonically tagged regions cause a stage 1 permission fault with MTX enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/tcg/helper-a64-defs.h | 12 ++++----- target/arm/tcg/mte_helper.c | 55 +++++++++++++++++++++++++++++++-----= ---- target/arm/tcg/translate-a64.c | 26 +++++++++++-------- 3 files changed, 65 insertions(+), 28 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-d= efs.h index c196c927f4..02ea317444 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -103,15 +103,15 @@ DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64= , env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) -DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stg, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(st2g, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) -DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) -DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) +DEF_HELPER_FLAGS_4(stgm, TCG_CALL_NO_WG, void, env, i64, i64, i32) +DEF_HELPER_FLAGS_4(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64, i32) =20 DEF_HELPER_FLAGS_4(unaligned_access, TCG_CALL_NO_WG, noreturn, env, i64, i32, i32) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index c382f0149f..dca4ef5a94 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -231,6 +231,19 @@ uint8_t *allocation_tag_mem_probe(CPUARMState *env, in= t ptr_mmu_idx, #endif } =20 +static G_NORETURN void canonical_tag_write_fail(CPUARMState *env, + uint64_t dirty_ptr, uintptr_t ra) +{ + uint64_t syn; + + env->exception.vaddress =3D dirty_ptr; + + syn =3D syn_data_abort_no_iss(arm_current_el(env) !=3D 0, 0, 0, 0, 0, = 1, 0); + syn |=3D BIT_ULL(42); /* TnD is bit 42 */ + + raise_exception_ra(env, EXCP_DATA_ABORT, syn, exception_target_el(env)= , ra); +} + static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx, uint64_t ptr, MMUAccessType ptr_access, int ptr_size, MMUAccessType tag_access, @@ -360,7 +373,7 @@ static void store_tag1_parallel(uint64_t ptr, uint8_t *= mem, int tag) typedef void stg_store1(uint64_t, uint8_t *, int); =20 static inline void do_stg(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); uint8_t *mem; @@ -374,17 +387,20 @@ static inline void do_stg(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page supports tags. */ if (mem) { store1(ptr, mem, allocation_tag_from_addr(xt)); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 -void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_stg(env, ptr, xt, GETPC(), store_tag1_parallel); + do_stg(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) @@ -397,7 +413,7 @@ void HELPER(stg_stub)(CPUARMState *env, uint64_t ptr) } =20 static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt, - uintptr_t ra, stg_store1 store1) + uint32_t mtx, uintptr_t ra, stg_store1 store1) { int mmu_idx =3D arm_env_mmu_index(env); int tag =3D allocation_tag_from_addr(xt); @@ -420,9 +436,13 @@ static inline void do_st2g(CPUARMState *env, uint64_t = ptr, uint64_t xt, /* Store if page(s) support tags. */ if (mem1) { store1(TAG_GRANULE, mem1, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } if (mem2) { store1(0, mem2, tag); + } else if (mtx) { + canonical_tag_write_fail(env, ptr + TAG_GRANULE, ra); } } else { /* Two stores aligned mod TAG_GRANULE*2 -- modify one byte. */ @@ -431,18 +451,22 @@ static inline void do_st2g(CPUARMState *env, uint64_t= ptr, uint64_t xt, if (mem1) { tag |=3D tag << 4; qatomic_set(mem1, tag); + } else if (mtx) { + /* Writing tags to canonically tagged memory region: faults */ + canonical_tag_write_fail(env, ptr, ra); } } } =20 -void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mt= x) { - do_st2g(env, ptr, xt, GETPC(), store_tag1); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1); } =20 -void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt) +void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt, + uint32_t mtx) { - do_st2g(env, ptr, xt, GETPC(), store_tag1_parallel); + do_st2g(env, ptr, xt, mtx, GETPC(), store_tag1_parallel); } =20 void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) @@ -528,7 +552,7 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, u= int32_t mtx) return ret << shift; } =20 -void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val, uint32_t m= tx) { int mmu_idx =3D arm_env_mmu_index(env); uintptr_t ra =3D GETPC(); @@ -548,6 +572,10 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint= 64_t val) * and if the OS has enabled access to the tags. */ if (!tag_mem) { + /* Storing tags to canonically tagged region: fault. */ + if (mtx) { + canonical_tag_write_fail(env, ptr, ra); + } return; } =20 @@ -577,7 +605,8 @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint6= 4_t val) } } =20 -void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val) +void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val, + uint32_t mtx) { uintptr_t ra =3D GETPC(); int mmu_idx =3D arm_env_mmu_index(env); @@ -601,6 +630,8 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr,= uint64_t val) if (mem) { int tag_pair =3D (val & 0xf) * 0x11; memset(mem, tag_pair, tag_bytes); + } else if (mtx) { + canonical_tag_write_fail(env, ptr, ra); } } =20 diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index 852578aae1..c37d9d0623 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -3035,7 +3035,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3052,7 +3053,8 @@ static void handle_sys(DisasContext *s, bool isread, /* Extract the tag from the register to match STZGM. */ tag =3D tcg_temp_new_i64(); tcg_gen_shri_i64(tag, tcg_rt, 56); - gen_helper_stzgm_tags(tcg_env, clean_addr, tag); + gen_helper_stzgm_tags(tcg_env, clean_addr, tag, + tcg_constant_i32(s->mtx)); } } return; @@ -3869,9 +3871,11 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair= *a) /* Perform the tag store, if tag access enabled. */ if (s->ata[0]) { if (tb_cflags(s->base.tb) & CF_PARALLEL) { - gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg_parallel(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg(tcg_env, dirty_addr, dirty_addr); + gen_helper_stg(tcg_env, dirty_addr, dirty_addr, + tcg_constant_i32(s->mtx)); } } =20 @@ -4651,7 +4655,7 @@ static bool trans_STZGM(DisasContext *s, arg_ldst_tag= *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stzgm_tags(tcg_env, addr, tcg_rt); + gen_helper_stzgm_tags(tcg_env, addr, tcg_rt, tcg_constant_i32(s->m= tx)); } /* * The non-tags portion of STZGM is mostly like DC_ZVA, @@ -4683,7 +4687,7 @@ static bool trans_STGM(DisasContext *s, arg_ldst_tag = *a) tcg_rt =3D cpu_reg(s, a->rt); =20 if (s->ata[0]) { - gen_helper_stgm(tcg_env, addr, tcg_rt); + gen_helper_stgm(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc =3D MMU_DATA_STORE; int size =3D 4 << s->gm_blocksize; @@ -4799,15 +4803,17 @@ static bool do_STG(DisasContext *s, arg_ldst_tag *a= , bool is_zero, bool is_pair) } } else if (tb_cflags(s->base.tb) & CF_PARALLEL) { if (is_pair) { - gen_helper_st2g_parallel(tcg_env, addr, tcg_rt); + gen_helper_st2g_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } else { - gen_helper_stg_parallel(tcg_env, addr, tcg_rt); + gen_helper_stg_parallel(tcg_env, addr, tcg_rt, + tcg_constant_i32(s->mtx)); } } else { if (is_pair) { - gen_helper_st2g(tcg_env, addr, tcg_rt); + gen_helper_st2g(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx= )); } else { - gen_helper_stg(tcg_env, addr, tcg_rt); + gen_helper_stg(tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)= ); } } =20 --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084433; cv=none; d=zohomail.com; s=zohoarc; b=nFXm8cyQ22rhh8kpYt+EkIerM8wwQGm4CbM/gOlc4UumfbBjlYGIZXZUBc+SAwCVAioT0hFXktpXZqdY2md6oAgIxvFV70rLv3r49WO5zJjoMnIzXViODOfpdGu33xtfjD9oIhlnNoBBs6A6+lUC/tNzaxUr+/fiezsdfVu0eTs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084433; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=P9vcQsGYUow+REMAsX6whxxeUVOLdzVNMd+75Ix9S9s=; b=aDvS++iA47IspAfa5aJc+hIPgQbePnBgDEjNNOc+zDtCIkJM1+Y28KNqTvd/Jwbw5xcrqZrBlR5O7lDK+jv4K8thLo9kqS9EIm/zUkDZFbPW1AgqRNU5s+i1stfPZ5XB/pbgx509YEPOMejoUQkx2WDTGvVX3ESEqCDAq0qVaI8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084433194333.89817831811195; Fri, 29 May 2026 12:53:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gn-0005nK-Sb; Fri, 29 May 2026 15:53:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Gb-00053W-D3 for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:13 -0400 Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3GZ-0005bF-Ky for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:13 -0400 Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-69dc2c38f6dso2269713eaf.2 for ; Fri, 29 May 2026 12:53:11 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084390; x=1780689190; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=P9vcQsGYUow+REMAsX6whxxeUVOLdzVNMd+75Ix9S9s=; b=pHm9yvECCeTPdA5//t0f2pzZL6asiSJtbf0L3+ltuwBqyapDEYAdgv5U1g8XtE9cKV /i39UiI8r0jScrzCqniqQKgVJtAf4wr5sm2LfCH5GQ493yIbb3DLjKYXh+7hgwvCg439 3hOgIPB5+tPeLQN8wAqdxSs4lLXafdVJ4RV5C6QtmCx8Kve09nQVaRkGqSlVLju2b9OU b0Pm9+oRAeLe41nGZSp5VbncvAjr4IiMBDWaBJZtkqVT4y4cniNjzYlhoQqainPt/9K5 tIWYEoOv0EAkxL6h8fv/MZ7jG41k2SgCozmLWEarg7NNgz+VJpRb9CMCxjfGa7UGpson KMUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084390; x=1780689190; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=P9vcQsGYUow+REMAsX6whxxeUVOLdzVNMd+75Ix9S9s=; b=h6yQzk4wcE3lPsboZ/wFMN69Fz5Fh4CLiq4FqejUmN1NKexjxg41EQsJG5ZWk2RIuc qTyjCjD0zVqE0RaiKMCVLNb5PZu8PYlDQl1Xcjg7G4idp9QX+J+4V2bB0iHDcjcaqwOS +4mW0H9EBwRel7PUKsrS6sQKK86OFpsZwzNRER+NCj6/rSp65U8sMkjrLQ5KjXsDsCun As3JNZsNvh9P1o5qICjPRO0SsPbsWSbOkyZTrqs9sd/h6kcEc4U1PUYjIcEI+/is0eKn PU+7bex/IrHpYl3mloYE/xEJU7bmMZ5rto3RLfbgM+nSTtSNFkHtBYUyjGJ9eO7P4myD Vmhg== X-Gm-Message-State: AOJu0YyUm0UPZNrLGzY0Avpn8jgp4FzQU7L9YeRFLnnWvlnrrEJFqC06 3sclKmoWErZ+IqoIPpGTsCUXV+jY/nVWrFQziQnhCPITGwzBHvrtGSpf X-Gm-Gg: Acq92OEIi0Ja13vCUcE9FdygwaOAOwOCDzf0ZSqz8FECepJmFvKRp/3i1MpVv7bWPw7 CfJX+GPrCY9JkvOPWlB+iHww0x3uz07NdcNyqbjG4aU4kyvUZw5Mok+xjTjYhhqU8qs/mi5gxuO OwMtYnoh1bEpkv5ha/2MVTUOAyVUuQhowNnOVtOe/wPyPTPKbFyCk/02cGr6rJ8+vGPL8lTNQot M1cy1LtpbyFozkMYM29FB33voylnnGo/Bux2zTsk5zV9l4/RypbMxMLOqcwTsDYNLmmK21GDvDe Llm6baFwi+sm5MeWqWPNEsmPcLWdlAUjo6WRwsnjSvNQFAJLUmGG0aQitqLumwlYzbd4ciD4jeG 3FvwD7efmGKdat2QLyGd8mtNVotJ/TOnYyPCl1TiG7PF+PVziq7vqNKp0sSd3p8H3xTO/NLvaYo L3iE2CJ1DjkTn5/kmMWgiqF8Iy5jNtdbSysEUtJhVU4pA= X-Received: by 2002:a05:6820:168f:b0:69b:56e5:e4ce with SMTP id 006d021491bc7-69e1038ec57mr396066eaf.37.1780084390227; Fri, 29 May 2026 12:53:10 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:51 -0700 Subject: [PATCH v7 11/15] target/arm: skip tag bit bounds check if MTX is on MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-11-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=5285; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=IZ61zED50gBFn/PGhlxkZeDoDl0hStihhPseolkq5Us=; b=Zu5DHA0GS+3Jttn3qugbbVTLlUtMk1olwHkqT6UOFpgAxEdt2J4T7qHHNTu6oZg20qXf2GWTy hspkKtbCo/2D0gojQjQJ/tSeaV0lRQCEMhoj8LCMig7kvrjnTXtQdjl X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c36; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc36.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084434266158500 Virtual address canonicity checks should ignore mismatch in tag bits during translation step if MTX is set. This mismatch is checked during the tag check instead, in that case. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/helper.c | 6 +++++- target/arm/internals.h | 1 + target/arm/ptw.c | 35 ++++++++++++++++++++++++++++++----- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 902eac767b..768a8e977d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9747,7 +9747,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, { uint64_t tcr =3D regime_tcr(env, mmu_idx); bool epd, hpd, tsz_oob, ds, ha, hd, pie =3D false; - bool aie =3D false; + bool mtx, aie =3D false; int select, tsz, tbi, max_tsz, min_tsz, ps, sh; ARMGranuleSize gran; ARMCPU *cpu =3D env_archcpu(env); @@ -9784,6 +9784,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, ha =3D extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu); hd =3D extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu); ds =3D extract64(tcr, 32, 1); + mtx =3D extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte_mtx, cp= u); } else { bool e0pd; =20 @@ -9799,6 +9800,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 12, 2); hpd =3D extract64(tcr, 41, 1); e0pd =3D extract64(tcr, 55, 1); + mtx =3D extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } else { tsz =3D extract32(tcr, 16, 6); gran =3D tg1_to_gran_size(extract32(tcr, 30, 2)); @@ -9806,6 +9808,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, sh =3D extract32(tcr, 28, 2); hpd =3D extract64(tcr, 42, 1); e0pd =3D extract64(tcr, 56, 1); + mtx =3D extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte_mtx= , cpu); } ps =3D extract64(tcr, 32, 3); ha =3D extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu); @@ -9905,6 +9908,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, = uint64_t va, .gran =3D gran, .pie =3D pie, .aie =3D aie, + .mtx =3D mtx, }; } =20 diff --git a/target/arm/internals.h b/target/arm/internals.h index 51d7f09889..d8f68270a1 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1420,6 +1420,7 @@ typedef struct ARMVAParameters { ARMGranuleSize gran : 2; bool pie : 1; bool aie : 1; + bool mtx : 1; } ARMVAParameters; =20 /** diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 6cb0fe5645..8b54018c98 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1951,9 +1951,18 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1T= ranslate *ptw, * validation to do here. */ if (inputsize < addrsize) { - uint64_t top_bits =3D sextract64(address, inputsize, - addrsize - inputsize); - if (-top_bits !=3D param.select) { + /* + * If MTX is enabled, bits 56-59 aren't checked for canonicity + * during translation, since they will later be checked during + * the tag check step. + */ + + uint64_t cmp_mask =3D MAKE_64BIT_MASK(inputsize, addrsize - inputs= ize); + + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if ((address ^ -param.select) & cmp_mask) { /* The gap between the two regions is a Translation fault */ goto do_translation_fault; } @@ -3514,15 +3523,31 @@ static bool get_phys_addr_disabled(CPUARMState *env, int pamax =3D arm_pamax(env_archcpu(env)); uint64_t tcr =3D env->cp15.tcr_el[r_el]; int addrtop, tbi; + bool bit55; =20 tbi =3D aa64_va_parameter_tbi(tcr, mmu_idx); if (access_type =3D=3D MMU_INST_FETCH) { tbi &=3D ~aa64_va_parameter_tbid(tcr, mmu_idx); } - tbi =3D (tbi >> extract64(address, 55, 1)) & 1; + bit55 =3D extract64(address, 55, 1); + tbi =3D (tbi >> bit55) & 1; addrtop =3D (tbi ? 55 : 63); =20 - if (extract64(address, pamax, addrtop - pamax + 1) !=3D 0) { + /* + * With MTX enabled, bits 56-59 are not checked according to + * AArch64.S1DisabledOutput. + */ + uint64_t cmp_mask =3D MAKE_64BIT_MASK(pamax, addrtop - pamax += 1); + + if (access_type !=3D MMU_INST_FETCH && + cpu_isar_feature(aa64_mte_mtx, env_archcpu(env))) { + int mtx =3D aa64_va_parameter_mtx(tcr, mmu_idx); + if (mtx & (1 << bit55)) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + } + + if (address & cmp_mask) { fi->type =3D ARMFault_AddressSize; fi->level =3D 0; fi->stage2 =3D false; --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084493; cv=none; d=zohomail.com; s=zohoarc; b=Y0jcaT9V3FBTytBQmkBo3QTxLRjaK4CZNwDvM3OtxXuFZoF3n7Dxl1uwu+eaFqV8pRhm3ypEa1tA7WXGb0dxQCpGY7lNmZr6RbG0nKGdqpIWebgB5H7z+NtfSho9XIqbXSY1ncF70Z0GWcwdPUnTr7ygtnVDCUGnSWzHDvf+uDM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084493; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uG643tu811i2RyupvUx8FjabEhHNQ3DPT6SS/v3k6L4=; b=d6Enu04hpYAve36AU5P8aCNy7CBj1x2ALH1ugl736tfNYKy5BWci2j4V1It2bSK6cnoQLg1UY4cQ7fao3IGrvD3edr6TD80bD5LmcG/JTGiyWdfT5le4OnbDFUq4uyek1w7G4ON/f7uvxv1LwAr1SAvsWPMsquQ8SuRfNvx8sVY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084493779795.8506146005997; Fri, 29 May 2026 12:54:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Go-0005oC-0E; Fri, 29 May 2026 15:53:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Gc-00055D-GY for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:15 -0400 Received: from mail-oo1-xc34.google.com ([2607:f8b0:4864:20::c34]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3Ga-0005bk-QP for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:14 -0400 Received: by mail-oo1-xc34.google.com with SMTP id 006d021491bc7-69de512e923so1232811eaf.1 for ; Fri, 29 May 2026 12:53:12 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084391; x=1780689191; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=uG643tu811i2RyupvUx8FjabEhHNQ3DPT6SS/v3k6L4=; b=shF0ZCjMF/RUPYZWlRTSU3loOArDiXc6+cKdxmQJGhjCnhd8YaGKV1rlLmXGHXOD8d IPgIMzIFGyuv6SBDbXleff7H6reCkX1KqUPKtqA7GQxGzIIwtwpK/ZE2ry8vQyZBYdkU P1wiZGa3JQWDdMvTOj9hssehT7F0jAbQgSS4bUfDOFbCehD9x8NrmK1CNva8Za56STuz D5y1EuKJM9H/1jGyc/vcbSnvCqbffV0PCZdG1lnC6RXy6aTOGB7qdstT5HJQLWFg/I9c QgORIIyOtC7A3GEneogkMGnSZuS90cou8nZgU5m8oaciXjuGCJ7YQCZw3n+ZDJ2ur7WR aWGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084391; x=1780689191; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uG643tu811i2RyupvUx8FjabEhHNQ3DPT6SS/v3k6L4=; b=XyrdqfVHm4GxU50MJOe1BH3NXw/jOIsXUrwHnKhzkV+O8pIofwh26JpF0U6GECGzH6 W7L53bY8OQXGQfVtcQ4n025cUQzTohonCWLXGTqCo4devqhJwwG+f/JWPHqmT12hhHaZ yc+Jcjh2di5z6ktuWoAgCPpf3MmJCpHvER/Cd+1s5PVlP8b9S1lOqjH/zWmbZKXaWMIT TSXjLTs2b6O7roBQsIqtqF8UW/v/EqW6K3RA4b8WnoviQRidZ/qTLqkZ7b1OercNsKpK P5PrbNZiZHCZUDrwATkaIpRVdkdlup6aAJ8WHGcs1c7jyH35u1zJHs2PvkKiGhmNRcm4 pFqQ== X-Gm-Message-State: AOJu0YyoOyvV9fYzlLChKLQ+cCeBJ78NgsMpRzNcKuwlsjQWctNeSK23 Rrfvg3VJjAS40OBMcPtwq0/raQsuDXaKuT4c65ZKhViUfMM7YM1a3SEp X-Gm-Gg: Acq92OFn21XUIlRFWjUgtIcQw9s59a8PxQZJcRYMT7sQhtRCxRbDVksqQ7W89QBxOgU Gaj0/3FPr7pBaTmuCthgPKIabstHqzeugaIBpC+dXWx4MfjtTkGth36HJjXRwonH6uQoge96Ip0 pxR8uI4IT8ou5I8bZXLXRz1/uUxD2DjP1jzgrunWWPc3e+qDuJaIwtts+IHr02U+pQgy8BvGkAi O9HMgX18TfgeafBwPfbsDGYtzI6FUjU6lRtoroNsTUUz9YpkD5CGpp8iyYAzyWL4VuDUuj5ctjR Rt7HhgM5cn+m/ZfJz0tdVMBQ6hn4KzKH96bON7mN4pCsi0pJap1IjvopT1BpIO7e68P/vuVINa3 Mr3kyCBqest3rI5jFEsY1bL7SwGWzUy5po/AEA53/3bPWbhMVtm6wONsgAmcRkIHK3MH9xLGvQu R4HfVLi5uKXMuKP6pv3pLmYGeXC/j5CPigH53PVWaMbWo= X-Received: by 2002:a05:6820:810b:b0:696:637e:4831 with SMTP id 006d021491bc7-69e104ac67cmr405920eaf.25.1780084391501; Fri, 29 May 2026 12:53:11 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:52 -0700 Subject: [PATCH v7 12/15] target/arm: tag is not a part of PAuth with MTX MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-12-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=3172; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=YfgMyLN2bJKpX8wpLh8+0FfCnvekaoE0/S1YuNxPG7U=; b=A0P85TCMGJcble0rXA/UVw0J9v0XNAgIB9CJRTe5hezbtzui5iHWCnLSag53AJFD1y8BjFZkm 8rKfAwhSV0oDa/P6/mT9a6JN2d8zxMaL8DR0/MUbqTMTo0X5O/vq5lC X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c34; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc34.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084495458154100 As described in the section on MTX, tag bits should not be used to store or compute the PAC when MTX is set. See also Authenticate(), InsertPAC(), and Strip(). Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- target/arm/internals.h | 12 +++++++++++- target/arm/tcg/pauth_helper.c | 18 +++++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index d8f68270a1..359b495bbe 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1830,7 +1830,17 @@ static inline uint64_t pauth_ptr_mask(ARMVAParameter= s param) int bot_pac_bit =3D 64 - param.tsz; int top_pac_bit =3D 64 - 8 * param.tbi; =20 - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); + uint64_t mask =3D MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_b= it); + + /* + * If mtx is enabled, second nibble is not part of PAC. See + * InsertPAC(). + */ + if (param.mtx) { + mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + + return mask; } =20 /* Add the cpreg definitions for debug related system registers */ diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c index 67c0d59d9e..3d83ca4c3c 100644 --- a/target/arm/tcg/pauth_helper.c +++ b/target/arm/tcg/pauth_helper.c @@ -342,9 +342,16 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, } =20 /* Build a pointer with known good extension bits. */ - top_bit =3D 64 - 8 * param.tbi; + top_bit =3D 64 - 8 * (param.tbi || param.mtx); bot_bit =3D 64 - param.tsz; ext_ptr =3D deposit64(ptr, bot_bit, top_bit - bot_bit, ext); + /* + * If mtx is active but not tbi, then the top 4 bits are replaced with= the + * ext bit, while leaving bits 56-59 alone. See InsertPAC(). + */ + if (param.mtx && !param.tbi) { + ext_ptr =3D deposit64(ext_ptr, 60, 4, ext); + } =20 pac =3D pauth_computepac(env, ext_ptr, modifier, *key); =20 @@ -377,6 +384,11 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_= t ptr, uint64_t modifier, if (param.tbi) { ptr &=3D ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1); pac &=3D MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); + } else if (param.mtx) { + ptr &=3D ~(MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1)); + pac &=3D MAKE_64BIT_MASK(60, 4) | + MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1); } else { ptr &=3D MAKE_64BIT_MASK(0, bot_bit); pac &=3D ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit)); @@ -424,6 +436,10 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t = ptr, uint64_t modifier, cmp_mask =3D MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit); cmp_mask &=3D ~MAKE_64BIT_MASK(55, 1); =20 + if (param.mtx) { + cmp_mask &=3D ~MAKE_64BIT_MASK(56, 4); + } + if (pauth_feature >=3D PauthFeat_2) { ARMPauthFeature fault_feature =3D is_combined ? PauthFeat_FPACCOMBINED : PauthFeat_FPAC; --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084493; cv=none; d=zohomail.com; s=zohoarc; b=hozdvPmD42tT8ENJIRj1hgYwXxKQie3gdnNadA6ijMNL2tZwBI9vltXUtHAlZ/MY1uE/vUhXfIHog2wamvgQF46Z0UoLzHnmIIEeGPmbQvT08TgHkEmHzEkr/NtQmxY4eGWEhP1pli5JQlRo961Ez7dkb+4rEic+riR9CfiKK1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084493; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TJKw9ntV/Q2yFHpEVRYGUEahB0rXJZjAtu4I0qozEHc=; b=fJBnHAIPHHgDvVSVfjQWFcNAUEUbGNXQVCqG8I1hmWfaBhadUFsxqzIqubTyjL07h8JeQslFI5kfEu/aUnRVbfIEquEVPbkRzF7XVeDNOmdf/mybX3c0ll792aWV4FB9CTz7Gi6lmyr379p7OD3Rx6sQ58YU5anyllCdO3CASaQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084493410901.8109300904496; Fri, 29 May 2026 12:54:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Go-0005uR-Q3; Fri, 29 May 2026 15:53:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Gd-00055r-Kt for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:16 -0400 Received: from mail-oo1-xc2e.google.com ([2607:f8b0:4864:20::c2e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3Gc-0005cG-11 for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:15 -0400 Received: by mail-oo1-xc2e.google.com with SMTP id 006d021491bc7-69d8f70cb0cso4722327eaf.0 for ; Fri, 29 May 2026 12:53:13 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084393; x=1780689193; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=TJKw9ntV/Q2yFHpEVRYGUEahB0rXJZjAtu4I0qozEHc=; b=i/Y0maWg6s+jvV9wgwq9TysI+7tWu8F++YPfRZy8cs+FpzwCE/YwQATAfr32vLUicL WQ5v9T7+QumIL+DOMgcoGJcqCwrfINnI/6HEZinHMZj9LpwB/E3hswqCkKRSvVMQekJN 66cPxk5VsIptcr/5sSC9Ora/2e1VsIkv9TwDYDQt0STrJfbMprThjKCyM0mU+ivzGuxL N082f+P+0kC6SDgbFRDKXFR0/OXmWpAxxBuxBK6/ttpmoxYIjG2vEeOES3g20mjL6lwR FzuRvmuxnulrEiE0H7mVTbailke/p3OifsADUc1pgTs1Jjfh7Z8cAi9t5hRizN77X8jW vWrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084393; x=1780689193; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=TJKw9ntV/Q2yFHpEVRYGUEahB0rXJZjAtu4I0qozEHc=; b=p2K4AOF5o4SbCtm2zLIdCPXDhHtwQicpC6EtvFiLFbI9NsoTnZ82YNa+Mbb30VzGYm Fzxz6P00QYzHhi/bOeEZ+fT56OxfJ8Gb4IsNfnAFJQlDjVui83WtbuMAjpfKJ539qJrH Gzu0nIeEx5IqbFFdebVLlzKpLcn98AeiZbVA4PczsiohCDOb+cbmhTqoEMc6jq6Fsd0X JD7SKBWJq01Z+udvfI/pYaVGI3Ys0/M0MRB/6VYvwLrrslnROyoDFKi7wfKW1UxxSd6U Gq97mMTUMXPRygCwKVyS4kaRpuiaDERTo6Pm6jugyFhvVZt2IIpCCnVumoryTujYsuB1 E7Qw== X-Gm-Message-State: AOJu0YxtQDXEt7PlxQF2+zcqZ11+hEhil01IwK/hqBx/nB4J5XEtipio Jrz9hBy0pAa4fuw0UnR2YylQHEe/RlT0SLhPaXot1PnF2SVEjRiqDDvY X-Gm-Gg: Acq92OEuxVMpP4FLRgpCxMRrEHoeKH/Bz+mvlZPUSQcZBweY8mDGnmaoDLP5dgd5F2N JTbsMw52uaNnWiGaexGnNcY0ky0srVUHomcGXanjsTlS8nOxUn98oP9nkL3rxdo0tBrq0IElkDI vRVP+lSBttTZqQxkNg+uUb1dJTxyk5SvKv7wim4iiV6jl42To1ABLNwJk/PLzv5NUEkx0ezXBpk I2Ow4waBsjHNdudiG6vhZyZoLUfllOl/toRCOUv7OtAszVeTM+hDwKsnAJOp+706mmENwvhtk0Q lZlNi3Il3wvgANn4cYTZBrgvm9853DLgLaciUU3vmzI6+csSGbjTdYTj8ZMxaND9GqBTJxCMZ5g 6N4EVKXi+oPTQ6uWUVwvoq9EsKv5wnwIcqHdjnVaGapnjoU2/fBqc28Be+WoVDHdWp0bRjmOvdd id3Ao3j7SgEiPR6Oh/4KmRlTP4xS5VmPVCRxHLEj3KJ14= X-Received: by 2002:a05:6820:1986:b0:699:b131:d587 with SMTP id 006d021491bc7-69e10436d38mr383784eaf.11.1780084392825; Fri, 29 May 2026 12:53:12 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:53 -0700 Subject: [PATCH v7 13/15] docs: add MTE4 features to docs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-13-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=2175; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=dYDek0cM2AigowKbRtIvnJyxcZsnT2aDCHX5pbUTS+M=; b=HV302SNuYCnwzJLjqOjay3OIwb1ZFNnrKsTekrmU31CT+vp40YQasOAjETXYzNIgCc3ye5oj8 H4EsvWl4ksGBQVeuM+SPQop1thKvT+qq5Hq6qEsVNjG8BNf7iFaCGBq X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2e; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084495487154100 The implemented MTE4 features are now present in docs/system/arm/emulation.rst Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- docs/system/arm/emulation.rst | 5 +++++ target/arm/tcg/cpu64.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst index e44b3016be..eddbc12ae7 100644 --- a/docs/system/arm/emulation.rst +++ b/docs/system/arm/emulation.rst @@ -113,6 +113,11 @@ the following architecture extensions: - FEAT_MTE3 (MTE Asymmetric Fault Handling) - FEAT_MTE_ASYM_FAULT (Memory tagging asymmetric faults) - FEAT_MTE_ASYNC (Asynchronous reporting of Tag Check Fault) +- FEAT_MTE_CANONICAL_TAGS (Canonical tag checking) +- FEAT_MTE_NO_ADDRESS_TAGS (Address tagging disabled) +- FEAT_MTE_PERM (NoTagAccess memory attribute) +- FEAT_MTE_STORE_ONLY (Store-only tag checking) +- FEAT_MTE_TAGGED_FAR (Full address reporting of Tag Check Fault) - FEAT_NMI (Non-maskable Interrupt) - FEAT_NV (Nested Virtualization) - FEAT_NV2 (Enhanced nested virtualization support) diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c index a377f67b9c..eb4003c732 100644 --- a/target/arm/tcg/cpu64.c +++ b/target/arm/tcg/cpu64.c @@ -1295,10 +1295,15 @@ void aarch64_max_tcg_initfn(Object *obj) t =3D FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */ t =3D FIELD_DP64(t, ID_AA64PFR1, NMI, 1); /* FEAT_NMI */ t =3D FIELD_DP64(t, ID_AA64PFR1, GCS, 1); /* FEAT_GCS */ + /* FEAT_MTE_NO_ADDRESS_TAGS + FEAT_MTE_CANONICAL_TAGS */ + t =3D FIELD_DP64(t, ID_AA64PFR1, MTEX, 1); SET_IDREG(isar, ID_AA64PFR1, t); =20 t =3D GET_IDREG(isar, ID_AA64PFR2); t =3D FIELD_DP64(t, ID_AA64PFR2, FPMR, 1); /* FEAT_FPMR */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEFAR, 1); /* FEAT_MTE_TAGGED_FAR= */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTESTOREONLY, 1); /* FEAT_MTE_STORE= _ONLY */ + t =3D FIELD_DP64(t, ID_AA64PFR2, MTEPERM, 1); /* FEAT_MTE_PERM */ SET_IDREG(isar, ID_AA64PFR2, t); =20 t =3D GET_IDREG(isar, ID_AA64MMFR0); --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084422; cv=none; d=zohomail.com; s=zohoarc; b=GjmLpzpDwxftgep36uIGgdXcLwvAlYmtYcu8UmgJkEebvFTqbn3c+KQvslxHx7T8yvSBoI+59TwOIX6ZtxMEhxcvGlMwcRzmg4ra1i59/cByqPyOkWIGFohksW+8QNFAte+8ng7DOc5MsmCiWbBByzjXgMOrawQmvZDEOuZalXk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084422; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=Cq8nmllSo+dtXIwrhTawAIhA0EUqJ4TaieRZZuRcIhECHAoR1j1EtJ3+k5Zof81cCK52RxFgaxHMMj2fTVFTjywSx5vMRGW7xfDURkh/EpxHSzgG+Y7bqjuv5rO43r9nN3qXW1V3MhlVmHqYVfdtXdpiXI5PZS4qFIWEiEHWQzo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084422794968.4925867833041; Fri, 29 May 2026 12:53:42 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gq-00064r-HV; Fri, 29 May 2026 15:53:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Ge-00056N-PB for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:17 -0400 Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3Gd-0005cl-55 for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:16 -0400 Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-69d774f16ffso3102885eaf.3 for ; Fri, 29 May 2026 12:53:14 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084394; x=1780689194; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=fe+EH+PPineqjit5rcKFEs2zujjotQiRnBM2gNr95lDunfs9vLQ5Uz063XxFBwT5m7 CP4JWtXNpQ3AKZ7cZCSRwQHlrzTA1RjaZyDJ7LrbZRwm0CP3wA/WgpBRBfr9Lcnd6xQv pHtRpZ7GRtWmbom7F+L8Ui7BxTIz2Q6CNWhh06VxZbRRKCIfPa4Ikjw0Q9tVum06wyi5 Sy9p25uHX6lJYkiVCC4Xs1K7Qe+Lf5aFrLhzAOwtqHznJcrJ/i4ZD94LsoCMSu57NQOR DCcu33zRF1EFf2F3xfRhgPmndAIAxrahinxV+XB2vgH1HXyPlHv1jyfKyporsOXAwGjv gJ9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084394; x=1780689194; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=i0UGA6W7acHfQzFgg07ojZd+ADYp8WlSjAFL26/Ip64=; b=M10it/gRHDTBCw2YZIApYIkzoCpxivgNxRLfFzXRaD/pSN9ECw/kXYp2jKqXC/QKUm VidDINiTemFyomqpNcgKB+w0Vp59q542/xLc3y2dtTFoUBK92OFzwA2uzk5nfS82/r7R kPf3kByDdXljO3ucajg0tnSYK6oZu46+K9VXzuwzvu0WC3tQxl3lvrNQbMQjH8k+RGdB P+oBRst6ogPk4tyZ7OgXkTd38nUEUpxVftYI9432APmQ99CziOUaqocRSw6sERT7DrSz SojILWMgqJALZl9mCCXXidE7kgZ0FOZNcbdUtu5j5p6gTStKn2gh6mPDFQnNgZ3szvy8 kozA== X-Gm-Message-State: AOJu0Yw/CcklB5nw6UBBohrPWd+TeSvbZgJmnWWVKI+yJGb+2iqGdlXN wpevA+BFwNkcjQSJBIbFRGNVML2XrXbna8P2GVH4HA4jjlbUXi9UovXA X-Gm-Gg: Acq92OEh5H++56h7EOcj9KZ6qiORp0ZXeFMFZV4fmITL8VZwg+J4HVC62NmBvgpMl+m gZSJbzJ+ohKfnsO3xZIofqX+VXouV/8WrsSiVYRr3KvNa9k5xozqZuMUZ2R2lk2yg94Qwgc9xrb fFZqmpF4lTPmGuUiyI15PyZPtEkVLRB1E6lD9hbbm4MKh5Jytw8SFu7LYkVt9qdw5Z7gCly6Hz9 LvCZv1p4mbZ3Ti6fuI9xbLJLRV+rrRQpPKgsvZ3XMN6aKBkY/ZayvJoCLx/4OtFXvg/aZ6dsFbL cgB2BRzUvKN6QV2BTxcmy1mUUHAlap5vNCN4gKBs6q7iiBHGustprCrsUheOeyySgf9UH1XQC/I ysr2G0YJ789m6iFtHEEqcH+RdtkcPDxz85wQh2YTC1KQOQlrCj10DtWEimrCEW+a3r42+xujShF bSEgZRXNdBXDrGCWyS2DgNH4clAD4rsoqJoxNoO3L6C8o= X-Received: by 2002:a05:6820:168f:b0:69d:c596:8cc9 with SMTP id 006d021491bc7-69e101a90camr444753eaf.11.1780084394019; Fri, 29 May 2026 12:53:14 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:54 -0700 Subject: [PATCH v7 14/15] tests/tcg: add test for MTE FAR MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-14-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=2355; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=t9UKuOxOMkff21yBSwiqqFvgFWXDPNIeJTAexYT0IVc=; b=x0orTOCypGXifzrK5BDUMMfeWUXOlFokLjIDg0KOXWNk8eSn3YikyOBRDKFYU3pBJHiKNc9TV lPdNKXO4r0NDo4xIcqgbuNEO6NpGtiTjL41jVsqXqieFls44c9Y4Bu2 X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c36; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc36.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084424170154100 This functionality was previously enabled but not advertised or tested. This commit adds a new test, mte-9, that tests the code for proper full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx report the full logical address, including tag bits. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-9.c | 48 +++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index 9fa8687453..b491cfb5e1 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-9.c b/tests/tcg/aarch64/mte-9.c new file mode 100644 index 0000000000..9626a90c13 --- /dev/null +++ b/tests/tcg/aarch64/mte-9.c @@ -0,0 +1,48 @@ +/* + * Memory tagging, full-address reporting. + * + * Copyright (c) 2021 Linaro Ltd + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +static void *faulting_ptr; + +void pass(int sig, siginfo_t *info, void *uc) +{ + assert(faulting_ptr =3D=3D info->si_addr); + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + *p1 =3D 0; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + faulting_ptr =3D p2; + *p2 =3D 0; + + abort(); +} --=20 2.54.0 From nobody Sat May 30 17:44:09 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1780084423; cv=none; d=zohomail.com; s=zohoarc; b=l3gFCKFDFysC2F8Jd6N6fXvRK1wQ4t3GruPavl8Z6w+UXZN6VVTQcfvg2Mpq40hfpUpkiF92g9Dak1+aV6wF8B5tzj5XKUadsowjSChk2f2ULph0Pkqc1Isw8Jf6TI48jrqaBHZiifC4RWV7Fsp/LGy4HgKTAMlFlWznPTnlJAE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1780084423; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=Ij1wGoSBaX9hHnb7DRn95irXz2iPtDB+Ggzagh6oRzqlYpZXFkYaoWcOIZOS26OEHLktuwCB1jASCmRwTu381ZBUlvyrBV6EKUQKvdCZI4PwhiQ/IUbBavr3jrAOhBbsaFDOsYOlnfmg6e22L3AOuYIsdzT+RNHqIdWxAGWYv3Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1780084423103891.7724585908568; Fri, 29 May 2026 12:53:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wT3Gm-0005eB-FH; Fri, 29 May 2026 15:53:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wT3Gg-00057a-5n for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:19 -0400 Received: from mail-oo1-xc2d.google.com ([2607:f8b0:4864:20::c2d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1wT3Ge-0005dE-Bb for qemu-devel@nongnu.org; Fri, 29 May 2026 15:53:17 -0400 Received: by mail-oo1-xc2d.google.com with SMTP id 006d021491bc7-69de16f5e80so1744865eaf.0 for ; Fri, 29 May 2026 12:53:15 -0700 (PDT) Received: from [10.21.163.79] ([146.74.94.63]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-69e06587eecsm1626692eaf.0.2026.05.29.12.53.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2026 12:53:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780084395; x=1780689195; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=HHmkrOkBrcTks/IkabWW4KsGC4aV6ee1wbEl+RABifJ85Y/Kas2IyVaKrVan/Ge1nc tmzPxuJ1M29aJ4ZDsL/Ar0SDwRbnp3wGjhwiNd/DcXftlivRItDYuaAICZsC5DWLm0Lu uNi8iiLIFTxItwnXRxc6ELCCoMTUztG2TrcFgzj7wzAf7mxtS8B295PYSN39PT44ehuP nC6AxGTP9Kff8e7Aj/Tnkwp84ry22cDa9Mcr8sZ/z5xRKtESWXdQtRT76dce4629gduu uhJZJZGa/qXFSXQbaVzTGvD3qarjzJSjGsM4+q2hu0uo2awxhHdvipiQBhUWum7LDr5j WPQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780084395; x=1780689195; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=foXIRPjA5gS3G5f+1cVTKO/YSOx+Ynfsprdlu+eUN/8=; b=r+u1TunszwBFhlJADtvNiAhuErpkeAovfpr9vtcr9b0oDk2cv+KrjlMDLApvZeF7J9 F8SqEbRxcvp4v8o3jbmK45zmz/nt8pbvq2RnMZaTk0kGcH/mZNC6WsAXghPUR6Z57Eqo m0pfc5p5VLDc43n5nz18VTByt3SOpBl1Uvnsr5GHlrz1d7q8JaHT1+uKnpf+HZXUjO+N AfQVczI6mHqMlP6Ym4lWC0fTJBCWN4sG7VLur02vKDKmSDYhJ/vEDXajDo+1e8XqncEU zbmOzDujdeTX6o+RP+OHgKufdx+2Bx9NYRZBosnKI48TfwIc7/GE4Z0AIyA75l2ZvLU5 mjKw== X-Gm-Message-State: AOJu0Yzjmeb7rmNPJp9qcqqZ+pvv/iVRtaenS3//O/42n0kXM9XOns6r fVEaMNIqORyneNJD4c7iQQUI6q8P40hZW/H2aGEsoRgwXsZk91XJO5Yr X-Gm-Gg: Acq92OHm7OVzRRJ9JF641Dt5NVrAOxp+B0gEIXqzVz9j+/PH0MSVILi5JevVhnE5EsO RnuKOhwLZXOgu8fMizc2yf+WCqEeEpT7gqZ+dhRxs1GkB00xvvxkg+dI69i3y3T+NY+U2z1rc1w KAsOe8OCE/VDPEnBf+cQfgOIrmf//xL4A6rGIhYGC8L8rXD3fGUP5tWNyntJZuh2F7GRafWxg9z NiyV7YvKsGkQ5jcfqZ/yoAGOkh/nIxRHX3BQcfKQQi6/pyIPPA/rHBxvXzQQEyGfxLlHhkfKck8 2l7zClqo/gMoz1cmRoB1p7UrbbTQTxPYIlvtXaw9ZWwGoKYwmUw7nNJ9MePnrn2B0Fgrd2x1JrB lk93JUJFIF0xhPug6VwAbMqQ8XjXWEQg8gfe16kRSvQ+20nFm0tE+B0aSyzeN+S9bhkL87A0fzy y/eEbKicBO6xUuPfOUgrY7SpqUkUzTf0Yck0/nZELiUPQ= X-Received: by 2002:a05:6820:827:b0:696:8ccc:5588 with SMTP id 006d021491bc7-69e103cc45bmr388456eaf.42.1780084395206; Fri, 29 May 2026 12:53:15 -0700 (PDT) From: Gabriel Brookman Date: Fri, 29 May 2026 12:52:55 -0700 Subject: [PATCH v7 15/15] tests/tcg: add test for MTE_STORE_ONLY MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260529-feat-mte4-v7-15-ccbd3c14eb3c@gmail.com> References: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> In-Reply-To: <20260529-feat-mte4-v7-0-ccbd3c14eb3c@gmail.com> To: qemu-devel@nongnu.org Cc: Peter Maydell , Gustavo Romero , Richard Henderson , qemu-arm@nongnu.org, Laurent Vivier , Gabriel Brookman , Helge Deller , Pierrick Bouvier , Pierrick Bouvier X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780084373; l=2991; i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id; bh=mAwPuGJQelulccRrIcbbltCeg9NHZ8EE7GZcbX8aqAw=; b=3JpN1NWhlsn+xZKv7pYxFrPc/dCM75WHtfx+BtUY8UlprEmsG6bf517qrCKRKFEkb7YjRLXq+ g4erT6/54WnCP+5+NMQ4mwYUBWY8xz3kZb90ZhiDl8Mee0yvwg68hTj X-Developer-Key: i=brookmangabriel@gmail.com; a=ed25519; pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::c2d; envelope-from=brookmangabriel@gmail.com; helo=mail-oo1-xc2d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1780084424221154100 Added a test that checks that MTE checks are not performed on loads when MTE_STORE_ONLY is enabled. Signed-off-by: Gabriel Brookman Reviewed-by: Richard Henderson --- tests/tcg/aarch64/Makefile.target | 2 +- tests/tcg/aarch64/mte-10.c | 49 +++++++++++++++++++++++++++++++++++= ++++ tests/tcg/aarch64/mte.h | 4 ++-- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile= .target index b491cfb5e1..6203ac9b51 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -64,7 +64,7 @@ AARCH64_TESTS +=3D bti-2 =20 # MTE Tests ifneq ($(CROSS_CC_HAS_ARMV8_MTE),) -AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 +AARCH64_TESTS +=3D mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7 mte-8 mte-9 m= te-10 mte-%: CFLAGS +=3D $(CROSS_CC_HAS_ARMV8_MTE) endif =20 diff --git a/tests/tcg/aarch64/mte-10.c b/tests/tcg/aarch64/mte-10.c new file mode 100644 index 0000000000..46d26fe97f --- /dev/null +++ b/tests/tcg/aarch64/mte-10.c @@ -0,0 +1,49 @@ +/* + * Memory tagging, write-only tag checking + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "mte.h" + +void pass(int sig, siginfo_t *info, void *uc) +{ + exit(0); +} + +int main(int ac, char **av) +{ + struct sigaction sa; + int *p0, *p1, *p2; + long excl =3D 1; + + enable_mte(PR_MTE_TCF_SYNC | PR_MTE_STORE_ONLY); + p0 =3D alloc_mte_mem(sizeof(*p0)); + + /* Create two differently tagged pointers. */ + asm("irg %0,%1,%2" : "=3Dr"(p1) : "r"(p0), "r"(excl)); + asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1)); + assert(excl !=3D 1); + asm("irg %0,%1,%2" : "=3Dr"(p2) : "r"(p0), "r"(excl)); + assert(p1 !=3D p2); + + /* Store the tag from the first pointer. */ + asm("stg %0, [%0]" : : "r"(p1)); + + /* + * We write to p1 (stg above makes this check pass) and read from + * p2 (improperly tagged, but since it's a read, we don't care). + */ + *p1 =3D *p2; + + /* enable handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction =3D pass; + sa.sa_flags =3D SA_SIGINFO; + sigaction(SIGSEGV, &sa, NULL); + + /* now we write to badly tagged p2, should fault. */ + *p2 =3D 0; + + abort(); +} diff --git a/tests/tcg/aarch64/mte.h b/tests/tcg/aarch64/mte.h index 17b932f3f1..7093b93dc7 100644 --- a/tests/tcg/aarch64/mte.h +++ b/tests/tcg/aarch64/mte.h @@ -40,10 +40,10 @@ # define SEGV_MTESERR 9 #endif =20 -static void enable_mte(int tcf) +static void enable_mte(int flags) { int r =3D prctl(PR_SET_TAGGED_ADDR_CTRL, - PR_TAGGED_ADDR_ENABLE | tcf | (0xfffe << PR_MTE_TAG_SHIF= T), + PR_TAGGED_ADDR_ENABLE | flags | (0xfffe << PR_MTE_TAG_SH= IFT), 0, 0, 0); if (r < 0) { perror("PR_SET_TAGGED_ADDR_CTRL"); --=20 2.54.0