Ping. https://lore.kernel.org/qemu-devel/[email protected]/
On Mon, May 11, 2026 at 10:01 AM Gabriel Brookman <[email protected]> wrote: > > This series implements ARM's Enhanced Memory Tagging Extension > (MTE4). MTE4 implies the presence of several subfeatures: > FEAT_MTE_CANONICAL_TAGS, FEAT_MTE_TAGGED_FAR, FEAT_MTE_STORE_ONLY, > FEAT_MTE_NO_ADDRESS_TAGS, and FEAT_MTE_PERM, none of which are > currently implemented in QEMU. This patch implements all five. > > Testing: > - Included for FAR and STORE_ONLY. > - The MTE_CANONICAL/NAT test from v2, modified so MTE_CANONICAL is > enabled in user mode (removed from tree in v3). > - A bare-metal testsuite that sets up page tables for S1 and S2 > translation, to test the Tagged NoTagAccess fault. > - The bare-metal testsuite also was used to test LDGM and similar > instructions not permitted in user-mode. > - The bare-metal testsuite also was used to test the mtx related > patches. > > Thanks, > Gabriel Brookman > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3116 > Signed-off-by: Gabriel Brookman <[email protected]> > --- > Changes in v6: > - Moved certain functions between patches (Richard) > - Added G_NORETURN to canonical_tag_write_fail > - Updated ldg and bounds check functions to Richard's versions, tested > these > - Link to v5: > https://lore.kernel.org/qemu-devel/[email protected] > > Changes in v5: > - MTX check feature split into three commits as per Richard's suggestion > - MTX passed down to instruction helpers in a new argument > - allocation_tag_mem_probe checks for probe in MTEPERM case > - tbi helper combined into tbi_or_mtx_helper > - MTX checks added to sme and sve functions > - bug with type conversion in LDGM helper fixed > - fixed multi-page tag-check bug and multi-page ST2G bug > - removed erroneous changes to _stub functions > - reorganized PAuth & MTX interactions to make them more readable > - Link to v4: > https://lore.kernel.org/qemu-devel/[email protected] > > Changes in v4: > - MTX now interacts with PAuth. > - Canonical tag checking only takes place in canonically tagged regions > - MTX bits enable tag checking > - MTX bits are placed in MTEDESC for access in mte_check helper > - Separate feature bits are used to delineate each feature > - PRCTL functions renamed and refactored as per Richard's suggestion > - Link to v3: > https://lore.kernel.org/qemu-devel/[email protected] > > Changes in v3: > - Added prctl for MTE_STORE_ONLY to linux-user > - mte_check is no longer generated on read when STORE_ONLY enabled > - Implemented LDGM instruction > - Removed "long" datatype as per Richard's suggestion > - Implemented masking for VA range checks when MTX bit enabled > - Implemented MTE_PERM, with NoTagAccess attribute > - Removed user-mode test for MTE_CANONICAL, since can't enable in > user-mode. > - Removed TBI from mte_check generation logic > - Link to v2: > https://lore.kernel.org/qemu-devel/[email protected] > > Changes in v2: > - Added tests for STORE_ONLY. > - Refined commit messages. > - Added FEAT_MTE_CANONICAL_TAGS and FEAT_MTE_NO_ADDRESS_TAGS + tests. > - fixed TCSO bit macro names. > - Link to v1: > https://lore.kernel.org/qemu-devel/[email protected] > > To: [email protected] > Cc: Peter Maydell <[email protected]> > Cc: [email protected] > Cc: Laurent Vivier <[email protected]> > Cc: Helge Deller <[email protected]> > Cc: Pierrick Bouvier <[email protected]> > > --- > Gabriel Brookman (15): > target/arm: implement MTE_PERM > target/arm: add TCSO bitmasks to SCTLR > target/arm: mte_check unemitted on STORE_ONLY load > linux-user: add MTE_STORE_ONLY to prctl > target/arm: emit tag check when MTX without TBI > target/arm: add MTX to MTEDESC and DisasContext > target/arm: add canonical tag check helper > target/arm: add canonical MTE check logic > target/arm: load on canonical tag loads ext bits > target/arm: fault on tag store to canonical tag > target/arm: skip tag bit bounds check if MTX is on > target/arm: tag is not a part of PAuth with MTX > docs: add MTE4 features to docs > tests/tcg: add test for MTE FAR > tests/tcg: add test for MTE_STORE_ONLY > > docs/system/arm/emulation.rst | 5 ++ > linux-user/aarch64/mte_user_helper.c | 11 ++- > linux-user/aarch64/mte_user_helper.h | 14 ++-- > linux-user/aarch64/target_prctl.h | 6 +- > target/arm/cpu-features.h | 15 ++++ > target/arm/cpu.h | 5 ++ > target/arm/gdbstub64.c | 2 +- > target/arm/helper.c | 36 +++++++-- > target/arm/internals.h | 40 ++++++++-- > target/arm/ptw.c | 60 ++++++++++++-- > target/arm/tcg/cpu64.c | 8 ++ > target/arm/tcg/helper-a64-defs.h | 16 ++-- > target/arm/tcg/helper-a64.c | 7 +- > target/arm/tcg/hflags.c | 25 +++++- > target/arm/tcg/mte_helper.c | 146 > +++++++++++++++++++++++++++++------ > target/arm/tcg/pauth_helper.c | 18 ++++- > target/arm/tcg/sme_helper.c | 4 +- > target/arm/tcg/sve_helper.c | 6 +- > target/arm/tcg/translate-a64.c | 45 +++++++---- > target/arm/tcg/translate.h | 3 + > tests/tcg/aarch64/Makefile.target | 2 +- > tests/tcg/aarch64/mte-10.c | 49 ++++++++++++ > tests/tcg/aarch64/mte-9.c | 48 ++++++++++++ > tests/tcg/aarch64/mte.h | 7 +- > 24 files changed, 487 insertions(+), 91 deletions(-) > --- > base-commit: ee7eb612be8f8886d48c1d0c1f1c65e495138f83 > change-id: 20251109-feat-mte4-6740a6202e83 > > Best regards, > -- > Gabriel Brookman <[email protected]> >
