From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 36/42] target/arm: Move mte check for store-exclusive
Date: Tue, 6 Jun 2023 10:48:08 +0100 [thread overview]
Message-ID: <20230606094814.3581397-37-peter.maydell@linaro.org> (raw)
In-Reply-To: <20230606094814.3581397-1-peter.maydell@linaro.org>
From: Richard Henderson <richard.henderson@linaro.org>
Push the mte check behind the exclusive_addr check.
Document the several ways that we are still out of spec
with this implementation.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230530191438.411344-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/tcg/translate-a64.c | 42 +++++++++++++++++++++++++++++-----
1 file changed, 36 insertions(+), 6 deletions(-)
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index adedebd1c22..aa93f37e216 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -2512,17 +2512,47 @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
*/
TCGLabel *fail_label = gen_new_label();
TCGLabel *done_label = gen_new_label();
- TCGv_i64 tmp, dirty_addr, clean_addr;
+ TCGv_i64 tmp, clean_addr;
MemOp memop;
- memop = (size + is_pair) | MO_ALIGN;
- memop = finalize_memop(s, memop);
-
- dirty_addr = cpu_reg_sp(s, rn);
- clean_addr = gen_mte_check1(s, dirty_addr, true, rn != 31, memop);
+ /*
+ * FIXME: We are out of spec here. We have recorded only the address
+ * from load_exclusive, not the entire range, and we assume that the
+ * size of the access on both sides match. The architecture allows the
+ * store to be smaller than the load, so long as the stored bytes are
+ * within the range recorded by the load.
+ */
+ /* See AArch64.ExclusiveMonitorsPass() and AArch64.IsExclusiveVA(). */
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
tcg_gen_brcond_i64(TCG_COND_NE, clean_addr, cpu_exclusive_addr, fail_label);
+ /*
+ * The write, and any associated faults, only happen if the virtual
+ * and physical addresses pass the exclusive monitor check. These
+ * faults are exceedingly unlikely, because normally the guest uses
+ * the exact same address register for the load_exclusive, and we
+ * would have recognized these faults there.
+ *
+ * It is possible to trigger an alignment fault pre-LSE2, e.g. with an
+ * unaligned 4-byte write within the range of an aligned 8-byte load.
+ * With LSE2, the store would need to cross a 16-byte boundary when the
+ * load did not, which would mean the store is outside the range
+ * recorded for the monitor, which would have failed a corrected monitor
+ * check above. For now, we assume no size change and retain the
+ * MO_ALIGN to let tcg know what we checked in the load_exclusive.
+ *
+ * It is possible to trigger an MTE fault, by performing the load with
+ * a virtual address with a valid tag and performing the store with the
+ * same virtual address and a different invalid tag.
+ */
+ memop = size + is_pair;
+ if (memop == MO_128 || !dc_isar_feature(aa64_lse2, s)) {
+ memop |= MO_ALIGN;
+ }
+ memop = finalize_memop(s, memop);
+ gen_mte_check1(s, cpu_reg_sp(s, rn), true, rn != 31, memop);
+
tmp = tcg_temp_new_i64();
if (is_pair) {
if (size == 2) {
--
2.34.1
next prev parent reply other threads:[~2023-06-06 9:51 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-06 9:47 [PULL 00/42] target-arm queue Peter Maydell
2023-06-06 9:47 ` [PULL 01/42] arm: move KVM breakpoints helpers Peter Maydell
2023-06-06 9:47 ` [PULL 02/42] hvf: handle access for more registers Peter Maydell
2023-06-06 9:47 ` [PULL 03/42] hvf: add breakpoint handlers Peter Maydell
2023-06-06 9:47 ` [PULL 04/42] hvf: add guest debugging handlers for Apple Silicon hosts Peter Maydell
2023-06-06 9:47 ` [PULL 05/42] hw/net/can: Introduce Xilinx Versal CANFD controller Peter Maydell
2023-06-06 9:47 ` [PULL 06/42] xlnx-versal: Connect Xilinx VERSAL CANFD controllers Peter Maydell
2023-06-06 9:47 ` [PULL 07/42] MAINTAINERS: Include canfd tests under Xilinx CAN Peter Maydell
2023-06-06 9:47 ` [PULL 08/42] tests/qtest: Introduce tests for Xilinx VERSAL CANFD controller Peter Maydell
2023-06-06 9:47 ` [PULL 09/42] hw: arm: Add bananapi M2-Ultra and allwinner-r40 support Peter Maydell
2023-06-06 9:47 ` [PULL 10/42] hw/arm/allwinner-r40: add Clock Control Unit Peter Maydell
2023-06-06 9:47 ` [PULL 11/42] hw: allwinner-r40: Complete uart devices Peter Maydell
2023-06-06 9:47 ` [PULL 12/42] hw: arm: allwinner-r40: Add i2c0 device Peter Maydell
2023-06-06 9:47 ` [PULL 13/42] hw/misc: Rename axp209 to axp22x and add support AXP221 PMU Peter Maydell
2023-06-06 9:47 ` [PULL 14/42] hw/arm/allwinner-r40: add SDRAM controller device Peter Maydell
2023-06-06 9:47 ` [PULL 15/42] hw: sd: allwinner-sdhost: Add sun50i-a64 SoC support Peter Maydell
2023-06-06 9:47 ` [PULL 16/42] hw: arm: allwinner-r40: Add emac and gmac support Peter Maydell
2023-06-06 9:47 ` [PULL 17/42] hw: arm: allwinner-sramc: Add SRAM Controller support for R40 Peter Maydell
2023-06-06 9:47 ` [PULL 18/42] tests: avocado: boot_linux_console: Add test case for bpim2u Peter Maydell
2023-06-29 11:35 ` Thomas Huth
2023-06-30 6:15 ` qianfan
2023-06-30 6:22 ` qianfan
2023-06-30 7:27 ` Thomas Huth
2023-06-30 8:45 ` qianfan
2023-06-30 8:53 ` Thomas Huth
2023-06-30 9:04 ` qianfan
2023-06-30 15:45 ` Thomas Huth
2023-07-03 11:14 ` Peter Maydell
2023-06-06 9:47 ` [PULL 19/42] docs: system: arm: Introduce bananapi_m2u Peter Maydell
2023-06-06 9:47 ` [PULL 20/42] target/arm: Add commentary for CPUARMState.exclusive_high Peter Maydell
2023-06-06 9:47 ` [PULL 21/42] target/arm: Add feature test for FEAT_LSE2 Peter Maydell
2023-06-06 9:47 ` [PULL 22/42] target/arm: Introduce finalize_memop_{atom,pair} Peter Maydell
2023-06-06 9:47 ` [PULL 23/42] target/arm: Use tcg_gen_qemu_ld_i128 for LDXP Peter Maydell
2023-06-06 9:47 ` [PULL 24/42] target/arm: Use tcg_gen_qemu_{st, ld}_i128 for do_fp_{st, ld} Peter Maydell
2023-06-06 9:47 ` [PULL 25/42] target/arm: Use tcg_gen_qemu_st_i128 for STZG, STZ2G Peter Maydell
2023-06-06 9:47 ` [PULL 26/42] target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, st}r Peter Maydell
2023-06-12 15:20 ` Jonathan Cameron via
2023-06-12 18:40 ` Mark Cave-Ayland
2023-06-13 9:26 ` Jonathan Cameron via
2023-06-06 9:47 ` [PULL 27/42] target/arm: Sink gen_mte_check1 into load/store_exclusive Peter Maydell
2023-06-06 9:48 ` [PULL 28/42] target/arm: Load/store integer pair with one tcg operation Peter Maydell
2023-06-06 9:48 ` [PULL 29/42] target/arm: Hoist finalize_memop out of do_gpr_{ld, st} Peter Maydell
2023-06-06 9:48 ` [PULL 30/42] target/arm: Hoist finalize_memop out of do_fp_{ld, st} Peter Maydell
2023-06-06 9:48 ` [PULL 31/42] target/arm: Pass memop to gen_mte_check1* Peter Maydell
2023-06-06 9:48 ` [PULL 32/42] target/arm: Pass single_memop to gen_mte_checkN Peter Maydell
2023-06-06 9:48 ` [PULL 33/42] target/arm: Check alignment in helper_mte_check Peter Maydell
2023-06-06 9:48 ` [PULL 34/42] target/arm: Add SCTLR.nAA to TBFLAG_A64 Peter Maydell
2023-06-06 9:48 ` [PULL 35/42] target/arm: Relax ordered/atomic alignment checks for LSE2 Peter Maydell
2023-06-06 9:48 ` Peter Maydell [this message]
2023-06-06 9:48 ` [PULL 37/42] tests/tcg/aarch64: Use stz2g in mte-7.c Peter Maydell
2023-06-06 9:48 ` [PULL 38/42] tests/tcg/multiarch: Adjust sigbus.c Peter Maydell
2023-06-06 9:48 ` [PULL 39/42] target/arm: Enable FEAT_LSE2 for -cpu max Peter Maydell
2023-06-06 9:48 ` [PULL 40/42] target/arm: allow DC CVA[D]P in user mode emulation Peter Maydell
2023-06-06 9:48 ` [PULL 41/42] tests/tcg/aarch64: add DC CVA[D]P tests Peter Maydell
2023-06-06 9:48 ` [PULL 42/42] target/arm: trap DCC access in user mode emulation Peter Maydell
2023-06-06 21:36 ` [PULL 00/42] target-arm queue Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230606094814.3581397-37-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.