Loading tags from canonically tagged regions should use the canonical tags (extension bits), not allocation tags. See AArch64_MemTagRead().
Signed-off-by: Gabriel Brookman <[email protected]> --- target/arm/tcg/helper-a64-defs.h | 4 ++-- target/arm/tcg/mte_helper.c | 14 ++++++++++++-- target/arm/tcg/translate-a64.c | 4 ++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/target/arm/tcg/helper-a64-defs.h b/target/arm/tcg/helper-a64-defs.h index 3c3c5dddb7..c08c8c3991 100644 --- a/target/arm/tcg/helper-a64-defs.h +++ b/target/arm/tcg/helper-a64-defs.h @@ -102,14 +102,14 @@ DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64) DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64) DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64) DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32) -DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64) +DEF_HELPER_FLAGS_4(ldg, TCG_CALL_NO_WG, i64, env, i64, i64, i32) DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(stg_stub, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_2(st2g_stub, TCG_CALL_NO_WG, void, env, i64) -DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64) +DEF_HELPER_FLAGS_3(ldgm, TCG_CALL_NO_WG, i64, env, i64, i32) DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64) DEF_HELPER_FLAGS_3(stzgm_tags, TCG_CALL_NO_WG, void, env, i64, i64) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index d35e3ef04d..c382f0149f 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -304,7 +304,7 @@ int load_tag1(uint64_t ptr, uint8_t *mem) return extract32(*mem, ofs, 4); } -uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt) +uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt, uint32_t mtx) { int mmu_idx = arm_env_mmu_index(env); uint8_t *mem; @@ -317,6 +317,9 @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt) /* Load if page supports tags. */ if (mem) { rtag = load_tag1(ptr, mem); + } else if (mtx) { + uint64_t bit55 = extract64(ptr, 55, 1); + rtag = 0xF * bit55; } return address_with_allocation_tag(xt, rtag); @@ -458,7 +461,7 @@ void HELPER(st2g_stub)(CPUARMState *env, uint64_t ptr) } } -uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) +uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr, uint32_t mtx) { int mmu_idx = arm_env_mmu_index(env); uintptr_t ra = GETPC(); @@ -476,6 +479,13 @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr) /* The tag is squashed to zero if the page does not support tags. */ if (!tag_mem) { + /* Load canonical value if mtx is set (untagged memory region) */ + if (mtx) { + bool bit55 = extract64(ptr, 55, 1); + ret = extract64(-bit55, 0, 1 << gm_bs); + shift = extract64(ptr, LOG2_TAG_GRANULE, 4) * 4; + return ret << shift; + } return 0; } diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c index cd86178d56..5fbc54de4b 100644 --- a/target/arm/tcg/translate-a64.c +++ b/target/arm/tcg/translate-a64.c @@ -4711,7 +4711,7 @@ static bool trans_LDGM(DisasContext *s, arg_ldst_tag *a) tcg_rt = cpu_reg(s, a->rt); if (s->ata[0]) { - gen_helper_ldgm(tcg_rt, tcg_env, addr); + gen_helper_ldgm(tcg_rt, tcg_env, addr, tcg_constant_i32(s->mtx)); } else { MMUAccessType acc = MMU_DATA_LOAD; int size = 4 << s->gm_blocksize; @@ -4746,7 +4746,7 @@ static bool trans_LDG(DisasContext *s, arg_ldst_tag *a) tcg_gen_andi_i64(addr, addr, -TAG_GRANULE); tcg_rt = cpu_reg(s, a->rt); if (s->ata[0]) { - gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt); + gen_helper_ldg(tcg_rt, tcg_env, addr, tcg_rt, tcg_constant_i32(s->mtx)); } else { /* * Tag access disabled: we must check for aborts on the load -- 2.54.0
