Previously, the TBI bit was used to mediate whether tag checks happened. With MTE4, if the MTX bits are enabled, then tag checking happens even if TBI is disabled. See AccessIsTagChecked.
Signed-off-by: Gabriel Brookman <[email protected]> Reviewed-by: Richard Henderson <[email protected]> --- target/arm/cpu-features.h | 5 +++++ target/arm/helper.c | 10 ++++++++++ target/arm/internals.h | 13 ++++++++----- target/arm/tcg/helper-a64.c | 7 ++++--- target/arm/tcg/hflags.c | 11 +++++++---- target/arm/tcg/mte_helper.c | 9 ++++++--- target/arm/tcg/sme_helper.c | 4 ++-- target/arm/tcg/sve_helper.c | 6 +++--- 8 files changed, 45 insertions(+), 20 deletions(-) diff --git a/target/arm/cpu-features.h b/target/arm/cpu-features.h index 8ec8d9a2e3..23429d6491 100644 --- a/target/arm/cpu-features.h +++ b/target/arm/cpu-features.h @@ -1167,6 +1167,11 @@ static inline bool isar_feature_aa64_mte_store_only(const ARMISARegisters *id) return FIELD_EX64_IDREG(id, ID_AA64PFR2, MTESTOREONLY) == 1; } +static inline bool isar_feature_aa64_mte_mtx(const ARMISARegisters *id) +{ + return FIELD_EX64_IDREG(id, ID_AA64PFR1, MTEX) != 0; +} + static inline bool isar_feature_aa64_sme(const ARMISARegisters *id) { return FIELD_EX64_IDREG(id, ID_AA64PFR1, SME) != 0; diff --git a/target/arm/helper.c b/target/arm/helper.c index ddf44f4306..18352bd186 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9559,6 +9559,16 @@ uint64_t arm_sctlr(CPUARMState *env, int el) return env->cp15.sctlr_el[el]; } +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx) +{ + if (regime_has_2_ranges(mmu_idx)) { + return extract64(tcr, 60, 2); + } else { + /* Replicate the single MTX bit so we always have 2 bits. */ + return extract64(tcr, 33, 1) * 3; + } +} + int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx) { if (regime_has_2_ranges(mmu_idx)) { diff --git a/target/arm/internals.h b/target/arm/internals.h index a632584a4e..6df2c547c5 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1422,6 +1422,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, ARMMMUIdx mmu_idx, bool data, bool el1_is_aa32); +int aa64_va_parameter_mtx(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx); int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx); @@ -1557,7 +1558,8 @@ FIELD(MTEDESC, TBI, 4, 2) FIELD(MTEDESC, TCMA, 6, 2) FIELD(MTEDESC, WRITE, 8, 1) FIELD(MTEDESC, ALIGN, 9, 3) -FIELD(MTEDESC, SIZEM1, 12, 32 - 12) /* size - 1 */ +FIELD(MTEDESC, MTX, 12, 2) +FIELD(MTEDESC, SIZEM1, 14, 32 - 14) /* size - 1 */ bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr); uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra); @@ -1627,10 +1629,11 @@ static inline uint64_t address_with_allocation_tag(uint64_t ptr, int rtag) return deposit64(ptr, 56, 4, rtag); } -/* Return true if tbi bits mean that the access is checked. */ -static inline bool tbi_check(uint32_t desc, int bit55) +/* Return true if tbi or mtx bits mean that the access is tag checked. */ +static inline bool tbi_or_mtx_check(uint32_t desc, int bit55) { - return (desc >> (R_MTEDESC_TBI_SHIFT + bit55)) & 1; + uint32_t mask = (1u << R_MTEDESC_TBI_SHIFT) | (1u << R_MTEDESC_MTX_SHIFT); + return desc & (mask << bit55); } /* Return true if tcma bits mean that the access is unchecked. */ @@ -1664,7 +1667,7 @@ static inline uint64_t useronly_maybe_clean_ptr(uint32_t desc, uint64_t ptr) { #ifdef CONFIG_USER_ONLY int64_t clean_ptr = sextract64(ptr, 0, 56); - if (tbi_check(desc, clean_ptr < 0)) { + if (tbi_or_mtx_check(desc, clean_ptr < 0)) { ptr = clean_ptr; } #endif diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c index dd1f9c6dc6..9eef2f7e6d 100644 --- a/target/arm/tcg/helper-a64.c +++ b/target/arm/tcg/helper-a64.c @@ -1054,7 +1054,7 @@ static int mops_sizereg(uint32_t syndrome) } /* - * Return true if TCMA and TBI bits mean we need to do MTE checks. + * Return true if the TCMA, TBI, and MTX bits mean we need to do MTE checks. * We only need to do this once per MOPS insn, not for every page. */ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) @@ -1062,12 +1062,13 @@ static bool mte_checks_needed(uint64_t ptr, uint32_t desc) int bit55 = extract64(ptr, 55, 1); /* - * Note that tbi_check() returns true for "access checked" but + * Note that tbi_or_mtx_check() return true for "access checked", but * tcma_check() returns true for "access unchecked". */ - if (!tbi_check(desc, bit55)) { + if (!tbi_or_mtx_check(desc, bit55)) { return false; } + return !tcma_check(desc, bit55, allocation_tag_from_addr(ptr)); } diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 75c55b1a6d..9fa63cd568 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -245,13 +245,16 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, uint64_t tcr = regime_tcr(env, mmu_idx); uint64_t hcr = arm_hcr_el2_eff(env); uint64_t sctlr; - int tbii, tbid; + int tbii, tbid, mtx; DP_TBFLAG_ANY(flags, AARCH64_STATE, 1); /* Get control bits for tagged addresses. */ tbid = aa64_va_parameter_tbi(tcr, mmu_idx); tbii = tbid & ~aa64_va_parameter_tbid(tcr, mmu_idx); + mtx = cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) ? + aa64_va_parameter_mtx(tcr, mmu_idx) : + 0; DP_TBFLAG_A64(flags, TBII, tbii); DP_TBFLAG_A64(flags, TBID, tbid); @@ -403,14 +406,14 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, /* * Set MTE_ACTIVE if any access may be Checked, and leave clear * if all accesses must be Unchecked: - * 1) If no TBI, then there are no tags in the address to check, + * 1) If TBI and MTX are both unset, accesses are Unchecked. * 2) If Tag Check Override, then all accesses are Unchecked, * 3) If Tag Check Fail == 0, then Checked access have no effect, * 4) If no Allocation Tag Access, then all accesses are Unchecked. */ if (allocation_tag_access_enabled(env, el, sctlr)) { DP_TBFLAG_A64(flags, ATA, 1); - if (tbid + if ((tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & (el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); @@ -436,7 +439,7 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, } /* And again for unprivileged accesses, if required. */ if (EX_TBFLAG_A64(flags, UNPRIV) - && tbid + && (tbid || mtx) && !(env->pstate & PSTATE_TCO) && (sctlr & SCTLR_TCF0) && allocation_tag_access_enabled(env, 0, sctlr)) { diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index bf35dc10ce..61cdf92c54 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -823,8 +823,11 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr, bit55 = extract64(ptr, 55, 1); *fault = ptr; - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */ - if (unlikely(!tbi_check(desc, bit55))) { + /* + * If TBI and MTX are disabled, the access is unchecked, and ptr is not + * dirty. + */ + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return -1; } @@ -965,7 +968,7 @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32_t desc, uint64_t ptr) bit55 = extract64(ptr, 55, 1); /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */ - if (unlikely(!tbi_check(desc, bit55))) { + if (unlikely(!tbi_or_mtx_check(desc, bit55))) { return ptr; } diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c index ab5999c592..68684d1f87 100644 --- a/target/arm/tcg/sme_helper.c +++ b/target/arm/tcg/sme_helper.c @@ -680,7 +680,7 @@ void sme_ld1_mte(CPUARMState *env, void *za, uint64_t *vg, int bit55 = extract64(addr, 55, 1); /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc = 0; } @@ -862,7 +862,7 @@ void sme_st1_mte(CPUARMState *env, void *za, uint64_t *vg, target_ulong addr, int bit55 = extract64(addr, 55, 1); /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc = 0; } diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c index 062d8881bd..c5e6d58a7e 100644 --- a/target/arm/tcg/sve_helper.c +++ b/target/arm/tcg/sve_helper.c @@ -6375,7 +6375,7 @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr, int bit55 = extract64(addr, 55, 1); /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc = 0; } @@ -6737,7 +6737,7 @@ void sve_ldnfff1_r_mte(CPUARMState *env, void *vg, target_ulong addr, int bit55 = extract64(addr, 55, 1); /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc = 0; } @@ -6992,7 +6992,7 @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr, int bit55 = extract64(addr, 55, 1); /* Perform gross MTE suppression early. */ - if (!tbi_check(mtedesc, bit55) || + if (!tbi_or_mtx_check(mtedesc, bit55) || tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) { mtedesc = 0; } -- 2.54.0
