* [Qemu-devel] [PATCH v4 01/22] target/arm: Add MTE_ACTIVE to tb_flags
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 02/22] target/arm: Extract TCMA with ARMVAParameters Richard Henderson
` (22 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
When MTE is fully enabled, i.e. access to tags are enabled and
tag checks affect the PE, then arrange to perform the check
while stripping the TBI.
The check is not yet implemented, just the plumbing to that point.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Clean TBI bits exactly.
Fix license to lgpl 2.1.
v3: Remove stub helper_mte_check; moved to a later patch.
---
target/arm/cpu.h | 12 +++++++++
target/arm/internals.h | 18 ++++++++++++++
target/arm/translate.h | 2 ++
target/arm/helper.c | 51 ++++++++++++++++++++++++++++++--------
target/arm/translate-a64.c | 1 +
5 files changed, 73 insertions(+), 11 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5f23c62132..0cf9eacebe 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1214,6 +1214,7 @@ void pmu_init(ARMCPU *cpu);
#define PSTATE_BTYPE (3U << 10)
#define PSTATE_IL (1U << 20)
#define PSTATE_SS (1U << 21)
+#define PSTATE_TCO (1U << 25)
#define PSTATE_V (1U << 28)
#define PSTATE_C (1U << 29)
#define PSTATE_Z (1U << 30)
@@ -3127,6 +3128,7 @@ FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
FIELD(TBFLAG_A64, BT, 9, 1)
FIELD(TBFLAG_A64, BTYPE, 10, 2)
FIELD(TBFLAG_A64, TBID, 12, 2)
+FIELD(TBFLAG_A64, MTE_ACTIVE, 14, 1)
static inline bool bswap_code(bool sctlr_b)
{
@@ -3507,6 +3509,16 @@ static inline bool isar_feature_aa64_bti(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0;
}
+static inline bool isar_feature_aa64_mte_insn_reg(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, MTE) != 0;
+}
+
+static inline bool isar_feature_aa64_mte(const ARMISARegisters *id)
+{
+ return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, MTE) >= 2;
+}
+
/*
* Forward to the above feature tests given an ARMCPU pointer.
*/
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 587a1ddf58..6c018e773c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -983,4 +983,22 @@ static inline int exception_target_el(CPUARMState *env)
return target_el;
}
+/* Determine if allocation tags are available. */
+static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
+ uint64_t sctlr)
+{
+ if (el < 3
+ && arm_feature(env, ARM_FEATURE_EL3)
+ && !(env->cp15.scr_el3 & SCR_ATA)) {
+ return false;
+ }
+ if (el < 2
+ && arm_feature(env, ARM_FEATURE_EL2)
+ && !(arm_hcr_el2_eff(env) & HCR_ATA)) {
+ return false;
+ }
+ sctlr &= (el == 0 ? SCTLR_ATA0 : SCTLR_ATA);
+ return sctlr != 0;
+}
+
#endif
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 912cc2a4a5..e07c2c3330 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -70,6 +70,8 @@ typedef struct DisasContext {
bool ss_same_el;
/* True if v8.3-PAuth is active. */
bool pauth_active;
+ /* True if v8.5-MTE tag checks affect the PE. */
+ bool mte_active;
/* True with v8.5-BTI and SCTLR_ELx.BT* set. */
bool bt;
/*
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2607d39ad1..90d15578ca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1863,6 +1863,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
if (cpu_isar_feature(aa64_pauth, cpu)) {
valid_mask |= SCR_API | SCR_APK;
}
+ if (cpu_isar_feature(aa64_mte, cpu)) {
+ valid_mask |= SCR_ATA;
+ }
/* Clear all-context RES0 bits. */
value &= valid_mask;
@@ -4050,22 +4053,31 @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
{
ARMCPU *cpu = arm_env_get_cpu(env);
- if (raw_read(env, ri) == value) {
- /* Skip the TLB flush if nothing actually changed; Linux likes
- * to do a lot of pointless SCTLR writes.
- */
- return;
- }
-
if (arm_feature(env, ARM_FEATURE_PMSA) && !cpu->has_mpu) {
/* M bit is RAZ/WI for PMSA with no MPU implemented */
value &= ~SCTLR_M;
}
- raw_write(env, ri, value);
+ if (!cpu_isar_feature(aa64_mte, cpu)) {
+ if (ri->opc1 == 6) { /* SCTLR_EL3 */
+ value &= ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA);
+ } else {
+ value &= ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF |
+ SCTLR_ATA0 | SCTLR_ATA);
+ }
+ }
+
/* ??? Lots of these bits are not implemented. */
- /* This may enable/disable the MMU, so do a TLB flush. */
- tlb_flush(CPU(cpu));
+
+ if (raw_read(env, ri) != value) {
+ /*
+ * This may enable/disable the MMU, so do a TLB flush.
+ * Skip the TLB flush if nothing actually changed;
+ * Linux likes to do a lot of pointless SCTLR writes.
+ */
+ raw_write(env, ri, value);
+ tlb_flush(CPU(cpu));
+ }
}
static CPAccessResult fpexc32_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4561,6 +4573,9 @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
if (cpu_isar_feature(aa64_pauth, cpu)) {
valid_mask |= HCR_API | HCR_APK;
}
+ if (cpu_isar_feature(aa64_mte, cpu)) {
+ valid_mask |= HCR_ATA;
+ }
/* Clear RES0 bits. */
value &= valid_mask;
@@ -12869,6 +12884,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
if (is_a64(env)) {
ARMCPU *cpu = arm_env_get_cpu(env);
uint64_t sctlr;
+ int tbid;
*pc = env->pc;
flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
@@ -12877,7 +12893,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
{
ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
ARMVAParameters p0 = aa64_va_parameters_both(env, 0, stage1);
- int tbii, tbid;
+ int tbii;
/* FIXME: ARMv8.1-VHE S2 translation regime. */
if (regime_el(env, stage1) < 2) {
@@ -12930,6 +12946,19 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
}
flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
}
+
+ /*
+ * If MTE is enabled, and tag checks affect the PE,
+ * then we check the tag as we strip the TBI field.
+ * Note that if TBI is disabled, all accesses are unchecked.
+ */
+ if (tbid
+ && cpu_isar_feature(aa64_mte, cpu)
+ && allocation_tag_access_enabled(env, current_el, sctlr)
+ && !(env->pstate & PSTATE_TCO)
+ && (sctlr & (current_el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) {
+ flags = FIELD_DP32(flags, TBFLAG_A64, MTE_ACTIVE, 1);
+ }
} else {
*pc = env->regs[15];
flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 1959046343..d971b57037 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14351,6 +14351,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
+ dc->mte_active = FIELD_EX32(tb_flags, TBFLAG_A64, MTE_ACTIVE);
dc->vec_len = 0;
dc->vec_stride = 0;
dc->cp_regs = arm_cpu->cp_regs;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 02/22] target/arm: Extract TCMA with ARMVAParameters
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 01/22] target/arm: Add MTE_ACTIVE to tb_flags Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers Richard Henderson
` (21 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 1 +
target/arm/helper.c | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 6c018e773c..2922324f63 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -959,6 +959,7 @@ typedef struct ARMVAParameters {
bool tbid : 1;
bool epd : 1;
bool hpd : 1;
+ bool tcma : 1;
bool using16k : 1;
bool using64k : 1;
} ARMVAParameters;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 90d15578ca..ab8006291b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10599,7 +10599,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
{
uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
uint32_t el = regime_el(env, mmu_idx);
- bool tbi, tbid, epd, hpd, using16k, using64k;
+ bool tbi, tbid, epd, hpd, tcma, using16k, using64k;
int select, tsz;
/*
@@ -10614,11 +10614,12 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
using16k = extract32(tcr, 15, 1);
if (mmu_idx == ARMMMUIdx_S2NS) {
/* VTCR_EL2 */
- tbi = tbid = hpd = false;
+ tbi = tbid = hpd = tcma = false;
} else {
tbi = extract32(tcr, 20, 1);
hpd = extract32(tcr, 24, 1);
tbid = extract32(tcr, 29, 1);
+ tcma = extract32(tcr, 30, 1);
}
epd = false;
} else if (!select) {
@@ -10629,6 +10630,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
tbi = extract64(tcr, 37, 1);
hpd = extract64(tcr, 41, 1);
tbid = extract64(tcr, 51, 1);
+ tcma = extract64(tcr, 57, 1);
} else {
int tg = extract32(tcr, 30, 2);
using16k = tg == 1;
@@ -10638,6 +10640,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
tbi = extract64(tcr, 38, 1);
hpd = extract64(tcr, 42, 1);
tbid = extract64(tcr, 52, 1);
+ tcma = extract64(tcr, 58, 1);
}
tsz = MIN(tsz, 39); /* TODO: ARMv8.4-TTST */
tsz = MAX(tsz, 16); /* TODO: ARMv8.2-LVA */
@@ -10649,6 +10652,7 @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va,
.tbid = tbid,
.epd = epd,
.hpd = hpd,
+ .tcma = tcma,
.using16k = using16k,
.using64k = using64k,
};
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 01/22] target/arm: Add MTE_ACTIVE to tb_flags Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 02/22] target/arm: Extract TCMA with ARMVAParameters Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-08 10:31 ` Laurent Desnogues
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 04/22] target/arm: Add helper_mte_check{1, 2} Richard Henderson
` (20 subsequent siblings)
23 siblings, 1 reply; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
This is TFSRE0_EL1, TFSR_EL1, TFSR_EL2, TFSR_EL3,
RGSR_EL1, GCR_EL1, GMID_EL1, and PSTATE.TCO.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v3: Add GMID; add access_mte.
---
target/arm/cpu.h | 3 ++
target/arm/internals.h | 6 ++++
target/arm/helper.c | 66 ++++++++++++++++++++++++++++++++++++++
target/arm/translate-a64.c | 11 +++++++
4 files changed, 86 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 0cf9eacebe..b9b33bc285 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -495,6 +495,9 @@ typedef struct CPUARMState {
uint64_t pmccfiltr_el0; /* Performance Monitor Filter Register */
uint64_t vpidr_el2; /* Virtualization Processor ID Register */
uint64_t vmpidr_el2; /* Virtualization Multiprocessor ID Register */
+ uint64_t tfsr_el[4]; /* tfsrel0_el1 is index 0. */
+ uint64_t gcr_el1;
+ uint64_t rgsr_el1;
} cp15;
struct {
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 2922324f63..fbfa770c23 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1002,4 +1002,10 @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
return sctlr != 0;
}
+/*
+ * The log2 of the words in the tag block, for GMID_EL1.BS.
+ * The is the maximum, 256 bytes, which manipulates 64-bits of tags.
+ */
+#define GMID_EL1_BS 6
+
#endif
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ab8006291b..7b30e1a1a9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5732,6 +5732,69 @@ static const ARMCPRegInfo pauth_reginfo[] = {
.fieldoffset = offsetof(CPUARMState, apib_key.hi) },
REGINFO_SENTINEL
};
+
+static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ int el = arm_current_el(env);
+
+ if (el < 2 &&
+ arm_feature(env, ARM_FEATURE_EL2) &&
+ !(arm_hcr_el2_eff(env) & HCR_ATA)) {
+ return CP_ACCESS_TRAP_EL2;
+ }
+ if (el < 3 &&
+ arm_feature(env, ARM_FEATURE_EL3) &&
+ !(env->cp15.scr_el3 & SCR_ATA)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
+static uint64_t tco_read(CPUARMState *env, const ARMCPRegInfo *ri)
+{
+ return env->pstate & PSTATE_TCO;
+}
+
+static void tco_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t val)
+{
+ env->pstate = (env->pstate & ~PSTATE_TCO) | (val & PSTATE_TCO);
+}
+
+static const ARMCPRegInfo mte_reginfo[] = {
+ { .name = "TFSRE0_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 6, .opc2 = 1,
+ .access = PL1_RW, .accessfn = access_mte,
+ .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[0]) },
+ { .name = "TFSR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 5, .opc2 = 0,
+ .access = PL1_RW, .accessfn = access_mte,
+ .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[1]) },
+ { .name = "TFSR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 5, .opc2 = 0,
+ .access = PL2_RW, .accessfn = access_mte,
+ .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[2]) },
+ { .name = "TFSR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 6, .crm = 6, .opc2 = 0,
+ .access = PL3_RW,
+ .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[3]) },
+ { .name = "RGSR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 5,
+ .access = PL1_RW, .accessfn = access_mte,
+ .fieldoffset = offsetof(CPUARMState, cp15.rgsr_el1) },
+ { .name = "GCR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 6,
+ .access = PL1_RW, .accessfn = access_mte,
+ .fieldoffset = offsetof(CPUARMState, cp15.gcr_el1) },
+ { .name = "TCO", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 7,
+ .type = ARM_CP_NO_RAW,
+ .access = PL0_RW, .readfn = tco_read, .writefn = tco_write },
+ { .name = "GMID_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 4,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = GMID_EL1_BS },
+ REGINFO_SENTINEL
+};
#endif
static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -6676,6 +6739,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
if (cpu_isar_feature(aa64_pauth, cpu)) {
define_arm_cp_regs(cpu, pauth_reginfo);
}
+ if (cpu_isar_feature(aa64_mte_insn_reg, cpu)) {
+ define_arm_cp_regs(cpu, mte_reginfo);
+ }
#endif
/*
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index d971b57037..128b7f2e32 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1746,6 +1746,17 @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
s->base.is_jmp = DISAS_UPDATE;
break;
+ case 0x1c: /* TCO */
+ if (!dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ }
+ if (crm & 1) {
+ set_pstate_bits(PSTATE_TCO);
+ } else {
+ clear_pstate_bits(PSTATE_TCO);
+ }
+ break;
+
default:
do_unallocated:
unallocated_encoding(s);
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers Richard Henderson
@ 2019-03-08 10:31 ` Laurent Desnogues
2019-03-08 10:37 ` Laurent Desnogues
0 siblings, 1 reply; 30+ messages in thread
From: Laurent Desnogues @ 2019-03-08 10:31 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, Peter Maydell
Hello,
On Thu, Mar 7, 2019 at 6:09 PM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> This is TFSRE0_EL1, TFSR_EL1, TFSR_EL2, TFSR_EL3,
> RGSR_EL1, GCR_EL1, GMID_EL1, and PSTATE.TCO.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> v3: Add GMID; add access_mte.
> ---
> target/arm/cpu.h | 3 ++
> target/arm/internals.h | 6 ++++
> target/arm/helper.c | 66 ++++++++++++++++++++++++++++++++++++++
> target/arm/translate-a64.c | 11 +++++++
> 4 files changed, 86 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 0cf9eacebe..b9b33bc285 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -495,6 +495,9 @@ typedef struct CPUARMState {
> uint64_t pmccfiltr_el0; /* Performance Monitor Filter Register */
> uint64_t vpidr_el2; /* Virtualization Processor ID Register */
> uint64_t vmpidr_el2; /* Virtualization Multiprocessor ID Register */
> + uint64_t tfsr_el[4]; /* tfsrel0_el1 is index 0. */
> + uint64_t gcr_el1;
> + uint64_t rgsr_el1;
> } cp15;
>
> struct {
> diff --git a/target/arm/internals.h b/target/arm/internals.h
> index 2922324f63..fbfa770c23 100644
> --- a/target/arm/internals.h
> +++ b/target/arm/internals.h
> @@ -1002,4 +1002,10 @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
> return sctlr != 0;
> }
>
> +/*
> + * The log2 of the words in the tag block, for GMID_EL1.BS.
> + * The is the maximum, 256 bytes, which manipulates 64-bits of tags.
> + */
> +#define GMID_EL1_BS 6
> +
> #endif
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index ab8006291b..7b30e1a1a9 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -5732,6 +5732,69 @@ static const ARMCPRegInfo pauth_reginfo[] = {
> .fieldoffset = offsetof(CPUARMState, apib_key.hi) },
> REGINFO_SENTINEL
> };
> +
> +static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
> + bool isread)
> +{
> + int el = arm_current_el(env);
> +
> + if (el < 2 &&
> + arm_feature(env, ARM_FEATURE_EL2) &&
> + !(arm_hcr_el2_eff(env) & HCR_ATA)) {
> + return CP_ACCESS_TRAP_EL2;
> + }
arm_hcr_el2_eff seems to be clearing HCR_ATA bit. I think it needs to
be updated.
Thanks,
Laurent
> + if (el < 3 &&
> + arm_feature(env, ARM_FEATURE_EL3) &&
> + !(env->cp15.scr_el3 & SCR_ATA)) {
> + return CP_ACCESS_TRAP_EL3;
> + }
> + return CP_ACCESS_OK;
> +}
> +
> +static uint64_t tco_read(CPUARMState *env, const ARMCPRegInfo *ri)
> +{
> + return env->pstate & PSTATE_TCO;
> +}
> +
> +static void tco_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t val)
> +{
> + env->pstate = (env->pstate & ~PSTATE_TCO) | (val & PSTATE_TCO);
> +}
> +
> +static const ARMCPRegInfo mte_reginfo[] = {
> + { .name = "TFSRE0_EL1", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 6, .opc2 = 1,
> + .access = PL1_RW, .accessfn = access_mte,
> + .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[0]) },
> + { .name = "TFSR_EL1", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 5, .opc2 = 0,
> + .access = PL1_RW, .accessfn = access_mte,
> + .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[1]) },
> + { .name = "TFSR_EL2", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 5, .opc2 = 0,
> + .access = PL2_RW, .accessfn = access_mte,
> + .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[2]) },
> + { .name = "TFSR_EL3", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 6, .crn = 6, .crm = 6, .opc2 = 0,
> + .access = PL3_RW,
> + .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[3]) },
> + { .name = "RGSR_EL1", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 5,
> + .access = PL1_RW, .accessfn = access_mte,
> + .fieldoffset = offsetof(CPUARMState, cp15.rgsr_el1) },
> + { .name = "GCR_EL1", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 6,
> + .access = PL1_RW, .accessfn = access_mte,
> + .fieldoffset = offsetof(CPUARMState, cp15.gcr_el1) },
> + { .name = "TCO", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 7,
> + .type = ARM_CP_NO_RAW,
> + .access = PL0_RW, .readfn = tco_read, .writefn = tco_write },
> + { .name = "GMID_EL1", .state = ARM_CP_STATE_AA64,
> + .opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 4,
> + .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = GMID_EL1_BS },
> + REGINFO_SENTINEL
> +};
> #endif
>
> static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri,
> @@ -6676,6 +6739,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
> if (cpu_isar_feature(aa64_pauth, cpu)) {
> define_arm_cp_regs(cpu, pauth_reginfo);
> }
> + if (cpu_isar_feature(aa64_mte_insn_reg, cpu)) {
> + define_arm_cp_regs(cpu, mte_reginfo);
> + }
> #endif
>
> /*
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index d971b57037..128b7f2e32 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -1746,6 +1746,17 @@ static void handle_msr_i(DisasContext *s, uint32_t insn,
> s->base.is_jmp = DISAS_UPDATE;
> break;
>
> + case 0x1c: /* TCO */
> + if (!dc_isar_feature(aa64_mte_insn_reg, s)) {
> + goto do_unallocated;
> + }
> + if (crm & 1) {
> + set_pstate_bits(PSTATE_TCO);
> + } else {
> + clear_pstate_bits(PSTATE_TCO);
> + }
> + break;
> +
> default:
> do_unallocated:
> unallocated_encoding(s);
> --
> 2.17.2
>
>
^ permalink raw reply [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers
2019-03-08 10:31 ` Laurent Desnogues
@ 2019-03-08 10:37 ` Laurent Desnogues
0 siblings, 0 replies; 30+ messages in thread
From: Laurent Desnogues @ 2019-03-08 10:37 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel, Peter Maydell
On Fri, Mar 8, 2019 at 11:31 AM Laurent Desnogues
<laurent.desnogues@gmail.com> wrote:
>
> Hello,
>
> On Thu, Mar 7, 2019 at 6:09 PM Richard Henderson
> <richard.henderson@linaro.org> wrote:
[...]
> > +static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
> > + bool isread)
> > +{
> > + int el = arm_current_el(env);
> > +
> > + if (el < 2 &&
> > + arm_feature(env, ARM_FEATURE_EL2) &&
> > + !(arm_hcr_el2_eff(env) & HCR_ATA)) {
> > + return CP_ACCESS_TRAP_EL2;
> > + }
>
> arm_hcr_el2_eff seems to be clearing HCR_ATA bit. I think it needs to
> be updated.
Forget that. I read it wrong and that's my test that is buggy!
Perhaps the comment about ARMv8.4 in arm_hcr_el2_eff should be updated?
Sorry,
Laurent
^ permalink raw reply [flat|nested] 30+ messages in thread
* [Qemu-devel] [PATCH v4 04/22] target/arm: Add helper_mte_check{1, 2}
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (2 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 03/22] target/arm: Add MTE system registers Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 05/22] target/arm: Suppress tag check for sp+offset Richard Henderson
` (19 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Implements the rules of "PE generation of Checked and Unchecked
accesses" which aren't already implied by TB_FLAGS_MTE_ACTIVE.
Implements the rules of "PE handling of Tag Check Failure".
Does not implement tag physical address space, so all operations
reduce to unchecked so far.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Fix TFSR update.
v3: Split helper_mte_check per {1,2} IAs; take tbi data from translate.
---
target/arm/helper-a64.h | 3 +
target/arm/mte_helper.c | 133 +++++++++++++++++++++++++++++++++++++
target/arm/translate-a64.c | 14 +++-
target/arm/Makefile.objs | 2 +-
4 files changed, 150 insertions(+), 2 deletions(-)
create mode 100644 target/arm/mte_helper.c
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index a915c1247f..c88797a922 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -102,3 +102,6 @@ DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
+
+DEF_HELPER_FLAGS_2(mte_check1, TCG_CALL_NO_WG, i64, env, i64)
+DEF_HELPER_FLAGS_3(mte_check2, TCG_CALL_NO_WG, i64, env, i64, i32)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
new file mode 100644
index 0000000000..bcd82a9be0
--- /dev/null
+++ b/target/arm/mte_helper.c
@@ -0,0 +1,133 @@
+/*
+ * ARM v8.5-MemTag Operations
+ *
+ * Copyright (c) 2019 Linaro, Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "internals.h"
+#include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
+#include "exec/helper-proto.h"
+
+
+static int get_allocation_tag(CPUARMState *env, uint64_t ptr, uintptr_t ra)
+{
+ /* Tag storage not implemented. */
+ return -1;
+}
+
+static int allocation_tag_from_addr(uint64_t ptr)
+{
+ ptr += 1ULL << 55; /* carry ptr[55] into ptr[59:56]. */
+ return extract64(ptr, 56, 4);
+}
+
+/*
+ * Perform a checked access for MTE.
+ * On arrival, TBI is known to enabled, as is allocation_tag_access_enabled.
+ */
+static uint64_t do_mte_check(CPUARMState *env, uint64_t dirty_ptr,
+ uint64_t clean_ptr, uint32_t select,
+ uintptr_t ra)
+{
+ int ptr_tag, mem_tag;
+
+ /*
+ * If TCMA is enabled, then physical tag 0 is unchecked.
+ * Note the rules R0076 & R0077 are written with logical tags,
+ * and we need the physical tag below anyway.
+ */
+ ptr_tag = allocation_tag_from_addr(dirty_ptr);
+ if (ptr_tag == 0) {
+ ARMMMUIdx stage1 = arm_stage1_mmu_idx(env);
+ ARMVAParameters p = aa64_va_parameters(env, dirty_ptr, stage1, true);
+ if (p.tcma) {
+ return clean_ptr;
+ }
+ }
+
+ /*
+ * If an access is made to an address that does not provide tag storage,
+ * the result is implementation defined (R0006). We choose to treat the
+ * access as unchecked.
+ * This is similar to MemAttr != Tagged, which are also unchecked.
+ */
+ mem_tag = get_allocation_tag(env, clean_ptr, ra);
+ if (mem_tag < 0) {
+ return clean_ptr;
+ }
+
+ /* If the tags do not match, the tag check operation fails. */
+ if (unlikely(ptr_tag != mem_tag)) {
+ int tcf, el = arm_current_el(env);
+
+ if (el == 0) {
+ /* FIXME: ARMv8.1-VHE S2 translation regime. */
+ tcf = extract64(env->cp15.sctlr_el[1], 38, 2);
+ } else {
+ tcf = extract64(env->cp15.sctlr_el[el], 40, 2);
+ }
+ if (tcf == 1) {
+ /*
+ * Tag check fail causes a synchronous exception.
+ *
+ * In restore_state_to_opc, we set the exception syndrome
+ * for the load or store operation. Do that first so we
+ * may overwrite that with the syndrome for the tag check.
+ */
+ cpu_restore_state(ENV_GET_CPU(env), ra, true);
+ env->exception.vaddress = dirty_ptr;
+ raise_exception(env, EXCP_DATA_ABORT,
+ syn_data_abort_no_iss(el != 0, 0, 0, 0, 0, 0x11),
+ exception_target_el(env));
+ } else if (tcf == 2) {
+ /* Tag check fail causes asynchronous flag set. */
+ env->cp15.tfsr_el[el] |= 1 << select;
+ }
+ }
+
+ return clean_ptr;
+}
+
+/*
+ * Perform check in translation regime w/single IA range.
+ * It is known that TBI is enabled on entry.
+ */
+uint64_t HELPER(mte_check1)(CPUARMState *env, uint64_t dirty_ptr)
+{
+ uint64_t clean_ptr = extract64(dirty_ptr, 0, 56);
+ return do_mte_check(env, dirty_ptr, clean_ptr, 0, GETPC());
+}
+
+/*
+ * Perform check in translation regime w/two IA ranges.
+ * The TBI argument is the concatenation of TBI1:TBI0. We have filtered
+ * TBI==0, but still need to check the IA range being referenced.
+ */
+uint64_t HELPER(mte_check2)(CPUARMState *env, uint64_t dirty_ptr, uint32_t tbi)
+{
+ uint32_t select = extract64(dirty_ptr, 55, 1);
+
+ if ((tbi >> select) & 1) {
+ uint64_t clean_ptr = sextract64(dirty_ptr, 0, 56);
+ return do_mte_check(env, dirty_ptr, clean_ptr, select, GETPC());
+ } else {
+ /* TBI is disabled; the access is unchecked. */
+ return dirty_ptr;
+ }
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 128b7f2e32..6ec77fc67c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -343,7 +343,19 @@ static void gen_a64_set_pc(DisasContext *s, TCGv_i64 src)
static TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr)
{
TCGv_i64 clean = new_tmp_a64(s);
- gen_top_byte_ignore(s, clean, addr, s->tbid);
+
+ if (s->mte_active) {
+ if (s->current_el >= 2) {
+ /* FIXME: ARMv8.1-VHE S2 translation regime. */
+ gen_helper_mte_check1(clean, cpu_env, addr);
+ } else {
+ TCGv_i32 tbi = tcg_const_i32(s->tbid);
+ gen_helper_mte_check2(clean, cpu_env, addr, tbi);
+ tcg_temp_free_i32(tbi);
+ }
+ } else {
+ gen_top_byte_ignore(s, clean, addr, s->tbid);
+ }
return clean;
}
diff --git a/target/arm/Makefile.objs b/target/arm/Makefile.objs
index 6bdcc65c2c..c22cbc5567 100644
--- a/target/arm/Makefile.objs
+++ b/target/arm/Makefile.objs
@@ -8,7 +8,7 @@ obj-y += translate.o op_helper.o helper.o cpu.o
obj-y += neon_helper.o iwmmxt_helper.o vec_helper.o vfp_helper.o
obj-y += gdbstub.o
obj-$(TARGET_AARCH64) += cpu64.o translate-a64.o helper-a64.o gdbstub64.o
-obj-$(TARGET_AARCH64) += pauth_helper.o
+obj-$(TARGET_AARCH64) += pauth_helper.o mte_helper.o
obj-y += crypto_helper.o
obj-$(CONFIG_SOFTMMU) += arm-powerctl.o
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 05/22] target/arm: Suppress tag check for sp+offset
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (3 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 04/22] target/arm: Add helper_mte_check{1, 2} Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 06/22] target/arm: Implement the IRG instruction Richard Henderson
` (18 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
R0078 specifies that base register, or base register plus immediate
offset, is unchecked when the base register is SP.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Include writeback addresses as checked.
---
target/arm/translate-a64.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6ec77fc67c..0d35c07504 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -340,11 +340,11 @@ static void gen_a64_set_pc(DisasContext *s, TCGv_i64 src)
* This is always a fresh temporary, as we need to be able to
* increment this independently of a dirty write-back address.
*/
-static TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr)
+static TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr, bool check)
{
TCGv_i64 clean = new_tmp_a64(s);
- if (s->mte_active) {
+ if (check && s->mte_active) {
if (s->current_el >= 2) {
/* FIXME: ARMv8.1-VHE S2 translation regime. */
gen_helper_mte_check1(clean, cpu_env, addr);
@@ -2464,7 +2464,7 @@ static void gen_compare_and_swap(DisasContext *s, int rs, int rt,
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
tcg_gen_atomic_cmpxchg_i64(tcg_rs, clean_addr, tcg_rs, tcg_rt, memidx,
size | MO_ALIGN | s->be_data);
}
@@ -2482,7 +2482,7 @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
if (size == 2) {
TCGv_i64 cmp = tcg_temp_new_i64();
@@ -2607,7 +2607,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
if (is_lasr) {
tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
gen_store_exclusive(s, rs, rt, rt2, clean_addr, size, false);
return;
@@ -2616,7 +2616,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
s->is_ldex = true;
gen_load_exclusive(s, rt, rt2, clean_addr, size, false);
if (is_lasr) {
@@ -2636,7 +2636,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
gen_check_sp_alignment(s);
}
tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
do_gpr_st(s, cpu_reg(s, rt), clean_addr, size, true, rt,
disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
return;
@@ -2652,7 +2652,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
do_gpr_ld(s, cpu_reg(s, rt), clean_addr, size, false, false, true, rt,
disas_ldst_compute_iss_sf(size, false, 0), is_lasr);
tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
@@ -2666,7 +2666,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
if (is_lasr) {
tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
gen_store_exclusive(s, rs, rt, rt2, clean_addr, size, true);
return;
}
@@ -2684,7 +2684,7 @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn)
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
s->is_ldex = true;
gen_load_exclusive(s, rt, rt2, clean_addr, size, true);
if (is_lasr) {
@@ -2874,7 +2874,7 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
if (!postindex) {
tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
}
- clean_addr = clean_data_tbi(s, dirty_addr);
+ clean_addr = clean_data_tbi(s, dirty_addr, wback || rn != 31);
if (is_vector) {
if (is_load) {
@@ -3012,7 +3012,7 @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
if (!post_index) {
tcg_gen_addi_i64(dirty_addr, dirty_addr, imm9);
}
- clean_addr = clean_data_tbi(s, dirty_addr);
+ clean_addr = clean_data_tbi(s, dirty_addr, writeback || rn != 31);
if (is_vector) {
if (is_store) {
@@ -3119,7 +3119,7 @@ static void disas_ldst_reg_roffset(DisasContext *s, uint32_t insn,
ext_and_shift_reg(tcg_rm, tcg_rm, opt, shift ? size : 0);
tcg_gen_add_i64(dirty_addr, dirty_addr, tcg_rm);
- clean_addr = clean_data_tbi(s, dirty_addr);
+ clean_addr = clean_data_tbi(s, dirty_addr, true);
if (is_vector) {
if (is_store) {
@@ -3204,7 +3204,7 @@ static void disas_ldst_reg_unsigned_imm(DisasContext *s, uint32_t insn,
dirty_addr = read_cpu_reg_sp(s, rn, 1);
offset = imm12 << size;
tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
- clean_addr = clean_data_tbi(s, dirty_addr);
+ clean_addr = clean_data_tbi(s, dirty_addr, rn != 31);
if (is_vector) {
if (is_store) {
@@ -3288,7 +3288,7 @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,
if (rn == 31) {
gen_check_sp_alignment(s);
}
- clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn));
+ clean_addr = clean_data_tbi(s, cpu_reg_sp(s, rn), rn != 31);
tcg_rs = read_cpu_reg(s, rs, true);
if (o3_opc == 1) { /* LDCLR */
@@ -3350,7 +3350,7 @@ static void disas_ldst_pac(DisasContext *s, uint32_t insn,
tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
/* Note that "clean" and "dirty" here refer to TBI not PAC. */
- clean_addr = clean_data_tbi(s, dirty_addr);
+ clean_addr = clean_data_tbi(s, dirty_addr, is_wback || rn != 31);
tcg_rt = cpu_reg(s, rt);
do_gpr_ld(s, tcg_rt, clean_addr, size, /* is_signed */ false,
@@ -3510,7 +3510,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
elements = (is_q ? 16 : 8) / ebytes;
tcg_rn = cpu_reg_sp(s, rn);
- clean_addr = clean_data_tbi(s, tcg_rn);
+ clean_addr = clean_data_tbi(s, tcg_rn, is_postidx || rn != 31);
tcg_ebytes = tcg_const_i64(ebytes);
for (r = 0; r < rpt; r++) {
@@ -3653,7 +3653,7 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
}
tcg_rn = cpu_reg_sp(s, rn);
- clean_addr = clean_data_tbi(s, tcg_rn);
+ clean_addr = clean_data_tbi(s, tcg_rn, is_postidx || rn != 31);
tcg_ebytes = tcg_const_i64(ebytes);
for (xs = 0; xs < selem; xs++) {
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 06/22] target/arm: Implement the IRG instruction
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (4 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 05/22] target/arm: Suppress tag check for sp+offset Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 07/22] target/arm: Implement ADDG, SUBG instructions Richard Henderson
` (17 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Update to 00eac5.
Merge choose_random_nonexcluded_tag into helper_irg since
that pseudo function no longer exists separately.
---
target/arm/helper-a64.h | 1 +
target/arm/mte_helper.c | 57 ++++++++++++++++++++++++++++++++++++++
target/arm/translate-a64.c | 7 +++++
3 files changed, 65 insertions(+)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index c88797a922..0f6e78c77e 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -105,3 +105,4 @@ DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
DEF_HELPER_FLAGS_2(mte_check1, TCG_CALL_NO_WG, i64, env, i64)
DEF_HELPER_FLAGS_3(mte_check2, TCG_CALL_NO_WG, i64, env, i64, i32)
+DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index bcd82a9be0..cd04e4954b 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -37,6 +37,31 @@ static int allocation_tag_from_addr(uint64_t ptr)
return extract64(ptr, 56, 4);
}
+static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
+{
+ if (exclude == 0xffff) {
+ return 0;
+ }
+ if (offset == 0) {
+ while (exclude & (1 << tag)) {
+ tag = (tag + 1) & 15;
+ }
+ } else {
+ do {
+ do {
+ tag = (tag + 1) & 15;
+ } while (exclude & (1 << tag));
+ } while (--offset > 0);
+ }
+ return tag;
+}
+
+static uint64_t address_with_allocation_tag(uint64_t ptr, int rtag)
+{
+ rtag -= extract64(ptr, 55, 1);
+ return deposit64(ptr, 56, 4, rtag);
+}
+
/*
* Perform a checked access for MTE.
* On arrival, TBI is known to enabled, as is allocation_tag_access_enabled.
@@ -131,3 +156,35 @@ uint64_t HELPER(mte_check2)(CPUARMState *env, uint64_t dirty_ptr, uint32_t tbi)
return dirty_ptr;
}
}
+
+uint64_t HELPER(irg)(CPUARMState *env, uint64_t rn, uint64_t rm)
+{
+ int el = arm_current_el(env);
+ uint64_t sctlr = arm_sctlr(env, el);
+ int rtag = 0;
+
+ if (allocation_tag_access_enabled(env, el, sctlr)) {
+ /*
+ * Our IMPDEF choice for GCR_EL1.RRND==1 is to behave as if
+ * GCR_EL1.RRND==0, always producing deterministic results.
+ */
+ uint16_t exclude = extract32(rm | env->cp15.gcr_el1, 0, 16);
+ int start = extract32(env->cp15.rgsr_el1, 0, 4);
+ int seed = extract32(env->cp15.rgsr_el1, 8, 16);
+ int offset, i;
+
+ /* RandomTag */
+ for (i = offset = 0; i < 4; ++i) {
+ /* NextRandomTagBit */
+ int top = (extract32(seed, 5, 1) ^ extract32(seed, 3, 1) ^
+ extract32(seed, 2, 1) ^ extract32(seed, 0, 1));
+ seed = (top << 15) | (seed >> 1);
+ offset |= top << i;
+ }
+ rtag = choose_nonexcluded_tag(start, offset, exclude);
+
+ env->cp15.rgsr_el1 = rtag | (seed << 8);
+ }
+
+ return address_with_allocation_tag(rn, rtag);
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 0d35c07504..6d8fd045da 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5284,6 +5284,13 @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
case 3: /* SDIV */
handle_div(s, true, sf, rm, rn, rd);
break;
+ case 4: /* IRG */
+ if (sf == 0 || !dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ }
+ gen_helper_irg(cpu_reg_sp(s, rd), cpu_env,
+ cpu_reg_sp(s, rn), cpu_reg(s, rm));
+ break;
case 8: /* LSLV */
handle_shift_reg(s, A64_SHIFT_TYPE_LSL, sf, rm, rn, rd);
break;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 07/22] target/arm: Implement ADDG, SUBG instructions
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (5 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 06/22] target/arm: Implement the IRG instruction Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 08/22] target/arm: Implement the GMI instruction Richard Henderson
` (16 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Shift offset in translate; use extract32.
---
target/arm/helper-a64.h | 2 ++
target/arm/internals.h | 4 +++
target/arm/mte_helper.c | 32 +++++++++++++++++
target/arm/translate-a64.c | 71 ++++++++++++++++++++++++++------------
4 files changed, 86 insertions(+), 23 deletions(-)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index 0f6e78c77e..6ad23bf9ee 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -106,3 +106,5 @@ DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
DEF_HELPER_FLAGS_2(mte_check1, TCG_CALL_NO_WG, i64, env, i64)
DEF_HELPER_FLAGS_3(mte_check2, TCG_CALL_NO_WG, i64, env, i64, i32)
DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_4(addg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
+DEF_HELPER_FLAGS_4(subg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index fbfa770c23..8d1a81df8c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1008,4 +1008,8 @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
*/
#define GMID_EL1_BS 6
+/* We associate one allocation tag per 16 bytes, the minimum. */
+#define LOG2_TAG_GRANULE 4
+#define TAG_GRANULE (1 << LOG2_TAG_GRANULE)
+
#endif
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index cd04e4954b..7aca5b074f 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -188,3 +188,35 @@ uint64_t HELPER(irg)(CPUARMState *env, uint64_t rn, uint64_t rm)
return address_with_allocation_tag(rn, rtag);
}
+
+uint64_t HELPER(addg)(CPUARMState *env, uint64_t ptr,
+ uint32_t offset, uint32_t tag_offset)
+{
+ int el = arm_current_el(env);
+ uint64_t sctlr = arm_sctlr(env, el);
+ int rtag = 0;
+
+ if (allocation_tag_access_enabled(env, el, sctlr)) {
+ int start_tag = allocation_tag_from_addr(ptr);
+ uint16_t exclude = extract32(env->cp15.gcr_el1, 0, 16);
+ rtag = choose_nonexcluded_tag(start_tag, tag_offset, exclude);
+ }
+
+ return address_with_allocation_tag(ptr + offset, rtag);
+}
+
+uint64_t HELPER(subg)(CPUARMState *env, uint64_t ptr,
+ uint32_t offset, uint32_t tag_offset)
+{
+ int el = arm_current_el(env);
+ uint64_t sctlr = arm_sctlr(env, el);
+ int rtag = 0;
+
+ if (allocation_tag_access_enabled(env, el, sctlr)) {
+ int start_tag = allocation_tag_from_addr(ptr);
+ uint16_t exclude = extract32(env->cp15.gcr_el1, 0, 16);
+ rtag = choose_nonexcluded_tag(start_tag, tag_offset, exclude);
+ }
+
+ return address_with_allocation_tag(ptr - offset, rtag);
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 6d8fd045da..181692cd1b 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -3758,7 +3758,9 @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
* sf: 0 -> 32bit, 1 -> 64bit
* op: 0 -> add , 1 -> sub
* S: 1 -> set flags
- * shift: 00 -> LSL imm by 0, 01 -> LSL imm by 12
+ * shift: 00 -> LSL imm by 0,
+ * 01 -> LSL imm by 12
+ * 10 -> ADDG, SUBG
*/
static void disas_add_sub_imm(DisasContext *s, uint32_t insn)
{
@@ -3769,10 +3771,10 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t insn)
bool setflags = extract32(insn, 29, 1);
bool sub_op = extract32(insn, 30, 1);
bool is_64bit = extract32(insn, 31, 1);
+ bool is_tag = false;
TCGv_i64 tcg_rn = cpu_reg_sp(s, rn);
TCGv_i64 tcg_rd = setflags ? cpu_reg(s, rd) : cpu_reg_sp(s, rd);
- TCGv_i64 tcg_result;
switch (shift) {
case 0x0:
@@ -3780,35 +3782,58 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t insn)
case 0x1:
imm <<= 12;
break;
+ case 0x2:
+ /* ADDG, SUBG */
+ if (!is_64bit || setflags || (imm & 0x30) ||
+ !dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ }
+ is_tag = true;
+ break;
default:
+ do_unallocated:
unallocated_encoding(s);
return;
}
- tcg_result = tcg_temp_new_i64();
- if (!setflags) {
- if (sub_op) {
- tcg_gen_subi_i64(tcg_result, tcg_rn, imm);
- } else {
- tcg_gen_addi_i64(tcg_result, tcg_rn, imm);
- }
- } else {
- TCGv_i64 tcg_imm = tcg_const_i64(imm);
- if (sub_op) {
- gen_sub_CC(is_64bit, tcg_result, tcg_rn, tcg_imm);
- } else {
- gen_add_CC(is_64bit, tcg_result, tcg_rn, tcg_imm);
- }
- tcg_temp_free_i64(tcg_imm);
- }
+ if (is_tag) {
+ TCGv_i32 tag_offset = tcg_const_i32(imm & 15);
+ TCGv_i32 offset = tcg_const_i32((imm >> 6) << LOG2_TAG_GRANULE);
- if (is_64bit) {
- tcg_gen_mov_i64(tcg_rd, tcg_result);
+ if (sub_op) {
+ gen_helper_subg(tcg_rd, cpu_env, tcg_rn, offset, tag_offset);
+ } else {
+ gen_helper_addg(tcg_rd, cpu_env, tcg_rn, offset, tag_offset);
+ }
+ tcg_temp_free_i32(tag_offset);
+ tcg_temp_free_i32(offset);
} else {
- tcg_gen_ext32u_i64(tcg_rd, tcg_result);
- }
+ TCGv_i64 tcg_result;
- tcg_temp_free_i64(tcg_result);
+ if (!setflags) {
+ tcg_result = tcg_rd;
+ if (sub_op) {
+ tcg_gen_subi_i64(tcg_result, tcg_rn, imm);
+ } else {
+ tcg_gen_addi_i64(tcg_result, tcg_rn, imm);
+ }
+ } else {
+ TCGv_i64 tcg_imm = tcg_const_i64(imm);
+ tcg_result = new_tmp_a64(s);
+ if (sub_op) {
+ gen_sub_CC(is_64bit, tcg_result, tcg_rn, tcg_imm);
+ } else {
+ gen_add_CC(is_64bit, tcg_result, tcg_rn, tcg_imm);
+ }
+ tcg_temp_free_i64(tcg_imm);
+ }
+
+ if (is_64bit) {
+ tcg_gen_mov_i64(tcg_rd, tcg_result);
+ } else {
+ tcg_gen_ext32u_i64(tcg_rd, tcg_result);
+ }
+ }
}
/* The input should be a value in the bottom e bits (with higher
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 08/22] target/arm: Implement the GMI instruction
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (6 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 07/22] target/arm: Implement ADDG, SUBG instructions Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 09/22] target/arm: Implement the SUBP instruction Richard Henderson
` (15 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper-a64.h | 1 +
target/arm/mte_helper.c | 6 ++++++
target/arm/translate-a64.c | 6 ++++++
3 files changed, 13 insertions(+)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index 6ad23bf9ee..3b78e19279 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -108,3 +108,4 @@ DEF_HELPER_FLAGS_3(mte_check2, TCG_CALL_NO_WG, i64, env, i64, i32)
DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
DEF_HELPER_FLAGS_4(addg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
DEF_HELPER_FLAGS_4(subg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
+DEF_HELPER_FLAGS_2(gmi, TCG_CALL_NO_RWG_SE, i64, i64, i64)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 7aca5b074f..e60c6f48eb 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -220,3 +220,9 @@ uint64_t HELPER(subg)(CPUARMState *env, uint64_t ptr,
return address_with_allocation_tag(ptr - offset, rtag);
}
+
+uint64_t HELPER(gmi)(uint64_t ptr, uint64_t mask)
+{
+ int tag = allocation_tag_from_addr(ptr);
+ return mask | (1ULL << tag);
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 181692cd1b..e756985982 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5316,6 +5316,12 @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
gen_helper_irg(cpu_reg_sp(s, rd), cpu_env,
cpu_reg_sp(s, rn), cpu_reg(s, rm));
break;
+ case 5: /* GMI */
+ if (sf == 0 || !dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ }
+ gen_helper_gmi(cpu_reg(s, rd), cpu_reg_sp(s, rn), cpu_reg(s, rm));
+ break;
case 8: /* LSLV */
handle_shift_reg(s, A64_SHIFT_TYPE_LSL, sf, rm, rn, rd);
break;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 09/22] target/arm: Implement the SUBP instruction
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (7 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 08/22] target/arm: Implement the GMI instruction Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 10/22] target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY Richard Henderson
` (14 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Fix extraction length.
---
target/arm/translate-a64.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e756985982..b27f5c697a 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5290,19 +5290,39 @@ static void handle_crc32(DisasContext *s,
*/
static void disas_data_proc_2src(DisasContext *s, uint32_t insn)
{
- unsigned int sf, rm, opcode, rn, rd;
+ unsigned int sf, rm, opcode, rn, rd, setflag;
sf = extract32(insn, 31, 1);
+ setflag = extract32(insn, 29, 1);
rm = extract32(insn, 16, 5);
opcode = extract32(insn, 10, 6);
rn = extract32(insn, 5, 5);
rd = extract32(insn, 0, 5);
- if (extract32(insn, 29, 1)) {
+ if (setflag && opcode != 0) {
unallocated_encoding(s);
return;
}
switch (opcode) {
+ case 0: /* SUBP(S) */
+ if (sf == 0 || !dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ } else {
+ TCGv_i64 tcg_n, tcg_m, tcg_d;
+
+ tcg_n = read_cpu_reg_sp(s, rn, true);
+ tcg_m = read_cpu_reg_sp(s, rm, true);
+ tcg_gen_sextract_i64(tcg_n, tcg_n, 0, 56);
+ tcg_gen_sextract_i64(tcg_m, tcg_m, 0, 56);
+ tcg_d = cpu_reg(s, rd);
+
+ if (setflag) {
+ gen_sub_CC(true, tcg_d, tcg_n, tcg_m);
+ } else {
+ tcg_gen_sub_i64(tcg_d, tcg_n, tcg_m);
+ }
+ }
+ break;
case 2: /* UDIV */
handle_div(s, false, sf, rm, rn, rd);
break;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 10/22] target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (8 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 09/22] target/arm: Implement the SUBP instruction Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 11/22] target/arm: Implement LDG, STG, ST2G instructions Richard Henderson
` (13 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
We will need this to raise unaligned exceptions from user mode.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/op_helper.c | 33 ++++++++++++++++-----------------
1 file changed, 16 insertions(+), 17 deletions(-)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 8698b4dc83..d3cf362e4b 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -87,8 +87,6 @@ uint32_t HELPER(neon_tbl)(uint32_t ireg, uint32_t def, void *vn,
return val;
}
-#if !defined(CONFIG_USER_ONLY)
-
static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
unsigned int target_el,
bool same_el, bool ea,
@@ -179,6 +177,22 @@ static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type,
raise_exception(env, exc, syn, target_el);
}
+/* Raise a data fault alignment exception for the specified virtual address */
+void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
+ MMUAccessType access_type,
+ int mmu_idx, uintptr_t retaddr)
+{
+ ARMCPU *cpu = ARM_CPU(cs);
+ ARMMMUFaultInfo fi = {};
+
+ /* now we have a real cpu fault */
+ cpu_restore_state(cs, retaddr, true);
+
+ fi.type = ARMFault_Alignment;
+ deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
+}
+
+#ifndef CONFIG_USER_ONLY
/* try to fill the TLB and return an exception if error. If retaddr is
* NULL, it means that the function was called in C code (i.e. not
* from generated code or from helper.c)
@@ -200,21 +214,6 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size,
}
}
-/* Raise a data fault alignment exception for the specified virtual address */
-void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
- MMUAccessType access_type,
- int mmu_idx, uintptr_t retaddr)
-{
- ARMCPU *cpu = ARM_CPU(cs);
- ARMMMUFaultInfo fi = {};
-
- /* now we have a real cpu fault */
- cpu_restore_state(cs, retaddr, true);
-
- fi.type = ARMFault_Alignment;
- deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
-}
-
/* arm_cpu_do_transaction_failed: handle a memory system error response
* (eg "no device/memory present at address") by raising an external abort
* exception
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 11/22] target/arm: Implement LDG, STG, ST2G instructions
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (9 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 10/22] target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 12/22] target/arm: Implement the STGP instruction Richard Henderson
` (12 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Split out allocation_tag_mem. Handle atomicity of stores.
v3: Add X[t] input to these insns; require pre-cleaned addresses.
---
target/arm/helper-a64.h | 5 ++
target/arm/mte_helper.c | 151 +++++++++++++++++++++++++++++++++++++
target/arm/translate-a64.c | 115 ++++++++++++++++++++++++++++
3 files changed, 271 insertions(+)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index 3b78e19279..91e6a6ea94 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -109,3 +109,8 @@ DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
DEF_HELPER_FLAGS_4(addg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
DEF_HELPER_FLAGS_4(subg, TCG_CALL_NO_RWG_SE, i64, env, i64, i32, i32)
DEF_HELPER_FLAGS_2(gmi, TCG_CALL_NO_RWG_SE, i64, i64, i64)
+DEF_HELPER_FLAGS_3(ldg, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index e60c6f48eb..e8873f1e75 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -25,8 +25,21 @@
#include "exec/helper-proto.h"
+static uint8_t *allocation_tag_mem(CPUARMState *env, uint64_t ptr,
+ bool write, uintptr_t ra)
+{
+ /* Tag storage not implemented. */
+ return NULL;
+}
+
static int get_allocation_tag(CPUARMState *env, uint64_t ptr, uintptr_t ra)
{
+ uint8_t *mem = allocation_tag_mem(env, ptr, false, ra);
+
+ if (mem) {
+ int ofs = extract32(ptr, LOG2_TAG_GRANULE, 1) * 4;
+ return extract32(atomic_read(mem), ofs, 4);
+ }
/* Tag storage not implemented. */
return -1;
}
@@ -226,3 +239,141 @@ uint64_t HELPER(gmi)(uint64_t ptr, uint64_t mask)
int tag = allocation_tag_from_addr(ptr);
return mask | (1ULL << tag);
}
+
+uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt)
+{
+ int el;
+ uint64_t sctlr;
+ int rtag;
+
+ /* Trap if accessing an invalid page. */
+ rtag = get_allocation_tag(env, ptr, GETPC());
+
+ /*
+ * The tag is squashed to zero if the page does not support tags,
+ * or if the OS is denying access to the tags.
+ */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if (rtag < 0 || !allocation_tag_access_enabled(env, el, sctlr)) {
+ rtag = 0;
+ }
+
+ return address_with_allocation_tag(xt, rtag);
+}
+
+static void check_tag_aligned(CPUARMState *env, uint64_t ptr, uintptr_t ra)
+{
+ if (unlikely(!QEMU_IS_ALIGNED(ptr, TAG_GRANULE))) {
+ arm_cpu_do_unaligned_access(ENV_GET_CPU(env), ptr, MMU_DATA_STORE,
+ cpu_mmu_index(env, false), ra);
+ g_assert_not_reached();
+ }
+}
+
+/* For use in a non-parallel context, store to the given nibble. */
+static void store_tag1(uint64_t ptr, uint8_t *mem, int tag)
+{
+ int ofs = extract32(ptr, LOG2_TAG_GRANULE, 1) * 4;
+ uint8_t old = atomic_read(mem);
+ uint8_t new = deposit32(old, ofs, 4, tag);
+
+ atomic_set(mem, new);
+}
+
+/* For use in a parallel context, atomically store to the given nibble. */
+static void store_tag1_parallel(uint64_t ptr, uint8_t *mem, int tag)
+{
+ int ofs = extract32(ptr, LOG2_TAG_GRANULE, 1) * 4;
+ uint8_t old = atomic_read(mem);
+
+ while (1) {
+ uint8_t new = deposit32(old, ofs, 4, tag);
+ uint8_t cmp = atomic_cmpxchg(mem, old, new);
+ if (likely(cmp == old)) {
+ return;
+ }
+ old = cmp;
+ }
+}
+
+typedef void stg_store1(uint64_t, uint8_t *, int);
+
+static void do_stg(CPUARMState *env, uint64_t ptr, uint64_t xt,
+ uintptr_t ra, stg_store1 store1)
+{
+ int el;
+ uint64_t sctlr;
+ uint8_t *mem;
+
+ check_tag_aligned(env, ptr, ra);
+
+ /* Trap if accessing an invalid page. */
+ mem = allocation_tag_mem(env, ptr, true, ra);
+
+ /* Store if page supports tags and access is enabled. */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if (mem && allocation_tag_access_enabled(env, el, sctlr)) {
+ store1(ptr, mem, allocation_tag_from_addr(xt));
+ }
+}
+
+void HELPER(stg)(CPUARMState *env, uint64_t ptr, uint64_t xt)
+{
+ do_stg(env, ptr, xt, GETPC(), store_tag1);
+}
+
+void HELPER(stg_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt)
+{
+ do_stg(env, ptr, xt, GETPC(), store_tag1_parallel);
+}
+
+static void do_st2g(CPUARMState *env, uint64_t ptr1, uint64_t xt,
+ uintptr_t ra, stg_store1 store1)
+{
+ int el;
+ uint64_t ptr2, sctlr;
+ uint8_t *mem1, *mem2;
+
+ check_tag_aligned(env, ptr1, ra);
+ ptr2 = ptr1 + TAG_GRANULE;
+
+ /* Trap if accessing an invalid page(s). */
+ mem1 = mem2 = allocation_tag_mem(env, ptr1, true, ra);
+ if (unlikely((ptr1 ^ ptr2) & TARGET_PAGE_MASK)) {
+ /* The two stores are across two pages. */
+ mem2 = allocation_tag_mem(env, ptr2, true, ra);
+ }
+
+ /* Store if page supports tags and access is enabled. */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if ((mem1 || mem2) && allocation_tag_access_enabled(env, el, sctlr)) {
+ int tag = allocation_tag_from_addr(xt);
+
+ if (likely(mem1 == mem2)) {
+ /* The two stores are aligned 32, and modify one byte. */
+ tag |= tag << 4;
+ atomic_set(mem1, tag);
+ } else {
+ /* The two stores are unaligned and modify two bytes. */
+ if (mem1) {
+ store1(ptr1, mem1, tag);
+ }
+ if (mem2) {
+ store1(ptr2, mem2, tag);
+ }
+ }
+ }
+}
+
+void HELPER(st2g)(CPUARMState *env, uint64_t ptr, uint64_t xt)
+{
+ do_st2g(env, ptr, xt, GETPC(), store_tag1);
+}
+
+void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt)
+{
+ do_st2g(env, ptr, xt, GETPC(), store_tag1_parallel);
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index b27f5c697a..b94a5571e0 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -3689,6 +3689,118 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
}
}
+/*
+ * Load/Store memory tags
+ *
+ * 31 30 29 24 22 21 12 10 5 0
+ * +-----+-------------+-----+---+------+-----+------+------+
+ * | 1 1 | 0 1 1 0 0 1 | op1 | 1 | imm9 | op2 | Rn | Rt |
+ * +-----+-------------+-----+---+------+-----+------+------+
+ */
+static void disas_ldst_tag(DisasContext *s, uint32_t insn)
+{
+ int rt = extract32(insn, 0, 5);
+ int rn = extract32(insn, 5, 5);
+ uint64_t offset = sextract64(insn, 12, 9) << LOG2_TAG_GRANULE;
+ int op2 = extract32(insn, 10, 3);
+ int op1 = extract32(insn, 22, 2);
+ bool is_load = false, is_pair = false, is_zero = false;
+ int index = 0;
+ TCGv_i64 dirty_addr, clean_addr, tcg_rt;
+
+ if ((insn & 0xff200000) != 0xd9200000
+ || !dc_isar_feature(aa64_mte_insn_reg, s)) {
+ goto do_unallocated;
+ }
+
+ switch (op1) {
+ case 0: /* STG */
+ if (op2 != 0) {
+ /* STG */
+ index = op2 - 2;
+ break;
+ }
+ goto do_unallocated;
+ case 1:
+ if (op2 != 0) {
+ /* STZG */
+ is_zero = true;
+ index = op2 - 2;
+ } else {
+ /* LDG */
+ is_load = true;
+ }
+ break;
+ case 2:
+ if (op2 != 0) {
+ /* ST2G */
+ is_pair = true;
+ index = op2 - 2;
+ break;
+ }
+ goto do_unallocated;
+ case 3:
+ if (op2 != 0) {
+ /* STZ2G */
+ is_pair = is_zero = true;
+ index = op2 - 2;
+ break;
+ }
+ goto do_unallocated;
+
+ default:
+ do_unallocated:
+ unallocated_encoding(s);
+ return;
+ }
+
+ dirty_addr = read_cpu_reg_sp(s, rn, true);
+ if (index <= 0) {
+ /* pre-index or signed offset */
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
+ }
+
+ clean_addr = clean_data_tbi(s, dirty_addr, false);
+ tcg_rt = cpu_reg(s, rt);
+
+ if (is_load) {
+ gen_helper_ldg(tcg_rt, cpu_env, clean_addr, tcg_rt);
+ } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+ if (is_pair) {
+ gen_helper_st2g_parallel(cpu_env, clean_addr, tcg_rt);
+ } else {
+ gen_helper_stg_parallel(cpu_env, clean_addr, tcg_rt);
+ }
+ } else {
+ if (is_pair) {
+ gen_helper_st2g(cpu_env, clean_addr, tcg_rt);
+ } else {
+ gen_helper_stg(cpu_env, clean_addr, tcg_rt);
+ }
+ }
+
+ if (is_zero) {
+ TCGv_i64 tcg_zero = tcg_const_i64(0);
+ int mem_index = get_mem_index(s);
+ int i, n = (1 + is_pair) << LOG2_TAG_GRANULE;
+
+ for (i = 0; i < n; i += 8) {
+ tcg_gen_qemu_st_i64(tcg_zero, clean_addr, mem_index, MO_Q);
+ tcg_gen_addi_i64(clean_addr, clean_addr, 8);
+ }
+ tcg_temp_free_i64(tcg_zero);
+ }
+
+ if (index != 0) {
+ /* pre-index or post-index */
+ if (index > 0) {
+ /* post-index */
+ tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
+ }
+ tcg_gen_mov_i64(cpu_reg_sp(s, rn), dirty_addr);
+ }
+}
+
/* Loads and stores */
static void disas_ldst(DisasContext *s, uint32_t insn)
{
@@ -3713,6 +3825,9 @@ static void disas_ldst(DisasContext *s, uint32_t insn)
case 0x0d: /* AdvSIMD load/store single structure */
disas_ldst_single_struct(s, insn);
break;
+ case 0x19: /* Load/store tag */
+ disas_ldst_tag(s, insn);
+ break;
default:
unallocated_encoding(s);
break;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 12/22] target/arm: Implement the STGP instruction
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (10 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 11/22] target/arm: Implement LDG, STG, ST2G instructions Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 13/22] target/arm: Implement the LDGM and STGM instructions Richard Henderson
` (11 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v3: Handle atomicity, require pre-cleaned address.
---
target/arm/translate-a64.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index b94a5571e0..b7175897e4 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2787,7 +2787,7 @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
* +-----+-------+---+---+-------+---+-------+-------+------+------+
*
* opc: LDP/STP/LDNP/STNP 00 -> 32 bit, 10 -> 64 bit
- * LDPSW 01
+ * LDPSW/STGP 01
* LDP/STP/LDNP/STNP (SIMD) 00 -> 32 bit, 01 -> 64 bit, 10 -> 128 bit
* V: 0 -> GPR, 1 -> Vector
* idx: 00 -> signed offset with non-temporal hint, 01 -> post-index,
@@ -2812,6 +2812,7 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
bool is_signed = false;
bool postindex = false;
bool wback = false;
+ bool set_tag = false;
TCGv_i64 clean_addr, dirty_addr;
@@ -2824,6 +2825,14 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
if (is_vector) {
size = 2 + opc;
+ } else if (opc == 1 && !is_load) {
+ /* STGP */
+ if (!dc_isar_feature(aa64_mte_insn_reg, s) || index == 0) {
+ unallocated_encoding(s);
+ return;
+ }
+ size = 3;
+ set_tag = true;
} else {
size = 2 + extract32(opc, 1, 1);
is_signed = extract32(opc, 0, 1);
@@ -2876,6 +2885,15 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
}
clean_addr = clean_data_tbi(s, dirty_addr, wback || rn != 31);
+ if (set_tag) {
+ TCGv_i64 tcg_rn = cpu_reg_sp(s, rn);
+ if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+ gen_helper_stg_parallel(cpu_env, clean_addr, tcg_rn);
+ } else {
+ gen_helper_stg(cpu_env, clean_addr, tcg_rn);
+ }
+ }
+
if (is_vector) {
if (is_load) {
do_fp_ld(s, rt, clean_addr, size);
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 13/22] target/arm: Implement the LDGM and STGM instructions
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (11 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 12/22] target/arm: Implement the STGP instruction Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 14/22] target/arm: Implement the access tag cache flushes Richard Henderson
` (10 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v3: Require pre-cleaned addresses.
---
target/arm/helper-a64.h | 3 ++
target/arm/mte_helper.c | 96 ++++++++++++++++++++++++++++++++++++++
target/arm/translate-a64.c | 42 +++++++++++++----
3 files changed, 132 insertions(+), 9 deletions(-)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index 91e6a6ea94..5bcdfcf81b 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -114,3 +114,6 @@ DEF_HELPER_FLAGS_3(stg, TCG_CALL_NO_WG, void, env, i64, i64)
DEF_HELPER_FLAGS_3(st2g, TCG_CALL_NO_WG, void, env, i64, i64)
DEF_HELPER_FLAGS_3(stg_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64)
+DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_3(stzgm, TCG_CALL_NO_WG, void, env, i64, i64)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index e8873f1e75..afa4c26535 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -377,3 +377,99 @@ void HELPER(st2g_parallel)(CPUARMState *env, uint64_t ptr, uint64_t xt)
{
do_st2g(env, ptr, xt, GETPC(), store_tag1_parallel);
}
+
+uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr)
+{
+ const int size = 4 << GMID_EL1_BS;
+ int el;
+ uint64_t sctlr;
+ void *mem;
+
+ ptr = QEMU_ALIGN_DOWN(ptr, size);
+
+ /* Trap if accessing an invalid page(s). */
+ mem = allocation_tag_mem(env, ptr, false, GETPC());
+
+ /*
+ * The tag is squashed to zero if the page does not support tags,
+ * or if the OS is denying access to the tags.
+ */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if (!mem || !allocation_tag_access_enabled(env, el, sctlr)) {
+ return 0;
+ }
+
+#if GMID_EL1_BS != 6
+# error "Fill in the blanks for other sizes"
+#endif
+ /*
+ * We are loading 64-bits worth of tags. The ordering of elements
+ * within the word corresponds to a 64-bit little-endian operation.
+ */
+ return ldq_le_p(mem);
+}
+
+static uint64_t do_stgm(CPUARMState *env, uint64_t ptr,
+ uint64_t val, uintptr_t ra)
+{
+ const int size = 4 << GMID_EL1_BS;
+ int el;
+ uint64_t sctlr;
+ void *mem;
+
+ ptr = QEMU_ALIGN_DOWN(ptr, size);
+
+ /* Trap if accessing an invalid page(s). */
+ mem = allocation_tag_mem(env, ptr, true, ra);
+
+ /*
+ * No action if the page does not support tags,
+ * or if the OS is denying access to the tags.
+ */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if (!mem || !allocation_tag_access_enabled(env, el, sctlr)) {
+ return ptr;
+ }
+
+#if GMID_EL1_BS != 6
+# error "Fill in the blanks for other sizes"
+#endif
+ /*
+ * We are storing 64-bits worth of tags. The ordering of elements
+ * within the word corresponds to a 64-bit little-endian operation.
+ */
+ stq_le_p(mem, val);
+
+ return ptr;
+}
+
+void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val)
+{
+ do_stgm(env, ptr, val, GETPC());
+}
+
+void HELPER(stzgm)(CPUARMState *env, uint64_t ptr, uint64_t val)
+{
+ int i, mmu_idx, size = 4 << GMID_EL1_BS;
+ uintptr_t ra = GETPC();
+ void *mem;
+
+ ptr = do_stgm(env, ptr, val, ra);
+
+ /*
+ * We will have just probed this virtual address in do_stgm.
+ * If the tlb_vaddr_to_host fails, then the memory is not ram,
+ * or is monitored in some other way. Fall back to stores.
+ */
+ mmu_idx = cpu_mmu_index(env, false);
+ mem = tlb_vaddr_to_host(env, ptr, MMU_DATA_STORE, mmu_idx);
+ if (mem) {
+ memset(mem, 0, size);
+ } else {
+ for (i = 0; i < size; i += 8) {
+ cpu_stq_data_ra(env, ptr + i, 0, ra);
+ }
+ }
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index b7175897e4..e02d85f317 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -3722,7 +3722,7 @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
uint64_t offset = sextract64(insn, 12, 9) << LOG2_TAG_GRANULE;
int op2 = extract32(insn, 10, 3);
int op1 = extract32(insn, 22, 2);
- bool is_load = false, is_pair = false, is_zero = false;
+ bool is_load = false, is_pair = false, is_zero = false, is_mult = false;
int index = 0;
TCGv_i64 dirty_addr, clean_addr, tcg_rt;
@@ -3732,13 +3732,18 @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
}
switch (op1) {
- case 0: /* STG */
+ case 0:
if (op2 != 0) {
/* STG */
index = op2 - 2;
- break;
+ } else {
+ /* STZGM */
+ if (s->current_el == 0 || offset != 0) {
+ goto do_unallocated;
+ }
+ is_mult = is_zero = true;
}
- goto do_unallocated;
+ break;
case 1:
if (op2 != 0) {
/* STZG */
@@ -3754,17 +3759,27 @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
/* ST2G */
is_pair = true;
index = op2 - 2;
- break;
+ } else {
+ /* STGM */
+ if (s->current_el == 0 || offset != 0) {
+ goto do_unallocated;
+ }
+ is_mult = true;
}
- goto do_unallocated;
+ break;
case 3:
if (op2 != 0) {
/* STZ2G */
is_pair = is_zero = true;
index = op2 - 2;
- break;
+ } else {
+ /* LDGM */
+ if (s->current_el == 0 || offset != 0) {
+ goto do_unallocated;
+ }
+ is_mult = is_load = true;
}
- goto do_unallocated;
+ break;
default:
do_unallocated:
@@ -3781,7 +3796,16 @@ static void disas_ldst_tag(DisasContext *s, uint32_t insn)
clean_addr = clean_data_tbi(s, dirty_addr, false);
tcg_rt = cpu_reg(s, rt);
- if (is_load) {
+ if (is_mult) {
+ if (is_load) {
+ gen_helper_ldgm(tcg_rt, cpu_env, clean_addr);
+ } else if (is_zero) {
+ gen_helper_stzgm(cpu_env, clean_addr, tcg_rt);
+ } else {
+ gen_helper_stgm(cpu_env, clean_addr, tcg_rt);
+ }
+ return;
+ } else if (is_load) {
gen_helper_ldg(tcg_rt, cpu_env, clean_addr, tcg_rt);
} else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
if (is_pair) {
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 14/22] target/arm: Implement the access tag cache flushes
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (12 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 13/22] target/arm: Implement the LDGM and STGM instructions Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 15/22] target/arm: Clean address for DC ZVA Richard Henderson
` (9 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Like the regular data cache flushes, these are nops within qemu.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper.c | 48 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 7b30e1a1a9..a16c87d0d9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5793,6 +5793,54 @@ static const ARMCPRegInfo mte_reginfo[] = {
{ .name = "GMID_EL1", .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 1, .crn = 0, .crm = 0, .opc2 = 4,
.access = PL1_R, .type = ARM_CP_CONST, .resetvalue = GMID_EL1_BS },
+ { .name = "IGVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 3,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "IGSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 4,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 4,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CIGSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 4,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 3,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGVAP", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 3,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGVADP", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 3,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CIGVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 3,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "IGDVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 5,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "IGDSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 6,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGDSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 10, .opc2 = 6,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CIGDSW", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 6,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGDVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 10, .opc2 = 5,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGDVAP", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 12, .opc2 = 5,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CGDVADP", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 13, .opc2 = 5,
+ .type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "CIGDVAC", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 5,
+ .type = ARM_CP_NOP, .access = PL1_W },
REGINFO_SENTINEL
};
#endif
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 15/22] target/arm: Clean address for DC ZVA
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (13 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 14/22] target/arm: Implement the access tag cache flushes Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 16/22] target/arm: Implement data cache set allocation tags Richard Henderson
` (8 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
This data access was forgotten in the previous patch.
Fixes: 3a471103ac1823ba
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/translate-a64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e02d85f317..a02c829db2 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1894,7 +1894,7 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
return;
case ARM_CP_DC_ZVA:
/* Writes clear the aligned block of memory which rt points into. */
- tcg_rt = cpu_reg(s, rt);
+ tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
gen_helper_dc_zva(cpu_env, tcg_rt);
return;
default:
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 16/22] target/arm: Implement data cache set allocation tags
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (14 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 15/22] target/arm: Clean address for DC ZVA Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 17/22] target/arm: Set PSTATE.TCO on exception entry Richard Henderson
` (7 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
This is DC GVA and DC GZVA.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Use allocation_tag_mem + memset.
v3: Require pre-cleaned addresses.
---
target/arm/cpu.h | 4 +++-
target/arm/helper-a64.h | 1 +
target/arm/helper.c | 16 ++++++++++++++++
target/arm/mte_helper.c | 28 ++++++++++++++++++++++++++++
target/arm/translate-a64.c | 9 +++++++++
5 files changed, 57 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b9b33bc285..e24d1e082c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2178,7 +2178,9 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
#define ARM_CP_NZCV (ARM_CP_SPECIAL | 0x0300)
#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | 0x0400)
#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | 0x0500)
-#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
+#define ARM_CP_DC_GVA (ARM_CP_SPECIAL | 0x0600)
+#define ARM_CP_DC_GZVA (ARM_CP_SPECIAL | 0x0700)
+#define ARM_LAST_SPECIAL ARM_CP_DC_GZVA
#define ARM_CP_FPU 0x1000
#define ARM_CP_SVE 0x2000
#define ARM_CP_NO_GDB 0x4000
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index 5bcdfcf81b..ec4e7f7cf5 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -117,3 +117,4 @@ DEF_HELPER_FLAGS_3(st2g_parallel, TCG_CALL_NO_WG, void, env, i64, i64)
DEF_HELPER_FLAGS_2(ldgm, TCG_CALL_NO_WG, i64, env, i64)
DEF_HELPER_FLAGS_3(stgm, TCG_CALL_NO_WG, void, env, i64, i64)
DEF_HELPER_FLAGS_3(stzgm, TCG_CALL_NO_WG, void, env, i64, i64)
+DEF_HELPER_FLAGS_2(dc_gva, TCG_CALL_NO_RWG, void, env, i64)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a16c87d0d9..c8773a5528 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5841,6 +5841,22 @@ static const ARMCPRegInfo mte_reginfo[] = {
{ .name = "CIGDVAC", .state = ARM_CP_STATE_AA64,
.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 14, .opc2 = 5,
.type = ARM_CP_NOP, .access = PL1_W },
+ { .name = "GVA", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 4, .opc2 = 3,
+ .access = PL0_W, .type = ARM_CP_DC_GVA,
+#ifndef CONFIG_USER_ONLY
+ /* Avoid overhead of an access check that always passes in user-mode */
+ .accessfn = aa64_zva_access,
+#endif
+ },
+ { .name = "GZVA", .state = ARM_CP_STATE_AA64,
+ .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 4, .opc2 = 4,
+ .access = PL0_W, .type = ARM_CP_DC_GZVA,
+#ifndef CONFIG_USER_ONLY
+ /* Avoid overhead of an access check that always passes in user-mode */
+ .accessfn = aa64_zva_access,
+#endif
+ },
REGINFO_SENTINEL
};
#endif
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index afa4c26535..6d0f82eb99 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -473,3 +473,31 @@ void HELPER(stzgm)(CPUARMState *env, uint64_t ptr, uint64_t val)
}
}
}
+
+void HELPER(dc_gva)(CPUARMState *env, uint64_t ptr)
+{
+ ARMCPU *cpu = arm_env_get_cpu(env);
+ size_t blocklen = 4 << cpu->dcz_blocksize;
+ int el;
+ uint64_t sctlr;
+ uint8_t *mem;
+ int rtag;
+
+ ptr = QEMU_ALIGN_DOWN(ptr, blocklen);
+
+ /* Trap if accessing an invalid page. */
+ mem = allocation_tag_mem(env, ptr, true, GETPC());
+
+ /* No action if page does not support tags, or if access is disabled. */
+ el = arm_current_el(env);
+ sctlr = arm_sctlr(env, el);
+ if (!mem || !allocation_tag_access_enabled(env, el, sctlr)) {
+ return;
+ }
+
+ rtag = allocation_tag_from_addr(ptr);
+ rtag |= rtag << 4;
+
+ assert(QEMU_IS_ALIGNED(blocklen, 2 * TAG_GRANULE));
+ memset(mem, rtag, blocklen / (2 * TAG_GRANULE));
+}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index a02c829db2..74ef1cd9c1 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1897,6 +1897,15 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
gen_helper_dc_zva(cpu_env, tcg_rt);
return;
+ case ARM_CP_DC_GVA:
+ tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
+ gen_helper_dc_gva(cpu_env, tcg_rt);
+ return;
+ case ARM_CP_DC_GZVA:
+ tcg_rt = clean_data_tbi(s, cpu_reg(s, rt), false);
+ gen_helper_dc_zva(cpu_env, tcg_rt);
+ gen_helper_dc_gva(cpu_env, tcg_rt);
+ return;
default:
break;
}
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 17/22] target/arm: Set PSTATE.TCO on exception entry
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (15 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 16/22] target/arm: Implement data cache set allocation tags Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 18/22] target/arm: Cache the Tagged bit for a page in MemTxAttrs Richard Henderson
` (6 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
R0085 specifies that exception handlers begin with tag checks overridden.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Only set if MTE feature present.
---
target/arm/helper.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c8773a5528..a529d30700 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9628,6 +9628,7 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
target_ulong addr = env->cp15.vbar_el[new_el];
unsigned int new_mode = aarch64_pstate_mode(new_el, true);
unsigned int cur_el = arm_current_el(env);
+ unsigned int new_pstate;
/*
* Note that new_el can never be 0. If cur_el is 0, then
@@ -9721,7 +9722,11 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
qemu_log_mask(CPU_LOG_INT, "...with ELR 0x%" PRIx64 "\n",
env->elr_el[new_el]);
- pstate_write(env, PSTATE_DAIF | new_mode);
+ new_pstate = new_mode | PSTATE_DAIF;
+ if (cpu_isar_feature(aa64_mte, cpu)) {
+ new_pstate |= PSTATE_TCO;
+ }
+ pstate_write(env, new_pstate);
env->aarch64 = 1;
aarch64_restore_sp(env, new_el);
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 18/22] target/arm: Cache the Tagged bit for a page in MemTxAttrs
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (16 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 17/22] target/arm: Set PSTATE.TCO on exception entry Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 19/22] target/arm: Create tagged ram when MTE is enabled Richard Henderson
` (5 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
This "bit" is a particular value of the page's MemAttr.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a529d30700..fcab7f99be 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10892,6 +10892,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
uint64_t descaddrmask;
bool aarch64 = arm_el_is_aa64(env, el);
bool guarded = false;
+ uint8_t memattr;
/* TODO:
* This code does not handle the different format TCR for VTCR_EL2.
@@ -11122,17 +11123,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
txattrs->target_tlb_bit0 = true;
}
+ if (mmu_idx == ARMMMUIdx_S2NS) {
+ memattr = convert_stage2_attrs(env, extract32(attrs, 0, 4));
+ } else {
+ /* Index into MAIR registers for cache attributes */
+ uint64_t mair = env->cp15.mair_el[el];
+ memattr = extract64(mair, extract32(attrs, 0, 3) * 8, 8);
+ }
+
+ /* When in aarch64 mode, and MTE is enabled, remember Tagged in IOTLB. */
+ if (aarch64 && memattr == 0xf0 && cpu_isar_feature(aa64_mte, cpu)) {
+ txattrs->target_tlb_bit1 = true;
+ }
+
if (cacheattrs != NULL) {
- if (mmu_idx == ARMMMUIdx_S2NS) {
- cacheattrs->attrs = convert_stage2_attrs(env,
- extract32(attrs, 0, 4));
- } else {
- /* Index into MAIR registers for cache attributes */
- uint8_t attrindx = extract32(attrs, 0, 3);
- uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
- assert(attrindx <= 7);
- cacheattrs->attrs = extract64(mair, attrindx * 8, 8);
- }
+ cacheattrs->attrs = memattr;
cacheattrs->shareability = extract32(attrs, 6, 2);
}
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 19/22] target/arm: Create tagged ram when MTE is enabled
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (17 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 18/22] target/arm: Cache the Tagged bit for a page in MemTxAttrs Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-07-22 16:03 ` Peter Maydell
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space Richard Henderson
` (4 subsequent siblings)
23 siblings, 1 reply; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 4 ++++
hw/arm/virt.c | 33 +++++++++++++++++++++++++++++++++
target/arm/cpu.c | 21 ++++++++++++++++++---
3 files changed, 55 insertions(+), 3 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e24d1e082c..6d60d2f37d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -768,6 +768,9 @@ struct ARMCPU {
/* MemoryRegion to use for secure physical accesses */
MemoryRegion *secure_memory;
+ /* MemoryRegion to use for allocation tag accesses */
+ MemoryRegion *tag_memory;
+
/* For v8M, pointer to the IDAU interface provided by board/SoC */
Object *idau;
@@ -2904,6 +2907,7 @@ int cpu_mmu_index(CPUARMState *env, bool ifetch);
typedef enum ARMASIdx {
ARMASIdx_NS = 0,
ARMASIdx_S = 1,
+ ARMASIdx_TAG = 2,
} ARMASIdx;
/* Return the Exception Level targeted by debug exceptions. */
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index c7fb5348ae..5be76fc2ee 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1265,6 +1265,21 @@ static void create_secure_ram(VirtMachineState *vms,
g_free(nodename);
}
+static void create_tag_ram(VirtMachineState *vms, MachineState *machine,
+ MemoryRegion *tag_sysmem)
+{
+ MemoryRegion *tagram = g_new(MemoryRegion, 1);
+ hwaddr base = vms->memmap[VIRT_MEM].base / 32;
+ hwaddr size = machine->ram_size / 32;
+
+ memory_region_init_ram(tagram, NULL, "mach-virt.tag", size, &error_fatal);
+ memory_region_add_subregion(tag_sysmem, base, tagram);
+
+ /* ??? Do we really need an fdt entry, or is MemTag enabled sufficient. */
+ /* ??? We appear to need secure tag mem to go with secure mem. */
+ /* ??? Does that imply we need a fourth address space? */
+}
+
static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
{
const VirtMachineState *board = container_of(binfo, VirtMachineState,
@@ -1423,6 +1438,7 @@ static void machvirt_init(MachineState *machine)
qemu_irq pic[NUM_IRQS];
MemoryRegion *sysmem = get_system_memory();
MemoryRegion *secure_sysmem = NULL;
+ MemoryRegion *tag_sysmem = NULL;
int n, virt_max_cpus;
MemoryRegion *ram = g_new(MemoryRegion, 1);
bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0);
@@ -1584,6 +1600,20 @@ static void machvirt_init(MachineState *machine)
"secure-memory", &error_abort);
}
+ /*
+ * The cpu adds the property iff MemTag is supported.
+ * If it is, we must allocate the ram to back that up.
+ */
+ if (object_property_find(cpuobj, "tag-memory", NULL)) {
+ if (!tag_sysmem) {
+ tag_sysmem = g_new(MemoryRegion, 1);
+ memory_region_init(tag_sysmem, OBJECT(machine),
+ "tag-memory", UINT64_MAX / 32);
+ }
+ object_property_set_link(cpuobj, OBJECT(tag_sysmem),
+ "tag-memory", &error_abort);
+ }
+
object_property_set_bool(cpuobj, true, "realized", &error_fatal);
object_unref(cpuobj);
}
@@ -1626,6 +1656,9 @@ static void machvirt_init(MachineState *machine)
create_secure_ram(vms, secure_sysmem);
create_uart(vms, pic, VIRT_SECURE_UART, secure_sysmem, serial_hd(1));
}
+ if (tag_sysmem) {
+ create_tag_ram(vms, machine, tag_sysmem);
+ }
vms->highmem_ecam &= vms->highmem && (!firmware_loaded || aarch64);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 96f0ff0ec7..96506cf56d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -870,6 +870,18 @@ void arm_cpu_post_init(Object *obj)
qdev_property_add_static(DEVICE(obj), &arm_cpu_cfgend_property,
&error_abort);
+
+#ifndef CONFIG_USER_ONLY
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) &&
+ cpu_isar_feature(aa64_mte, cpu)) {
+ object_property_add_link(obj, "tag-memory",
+ TYPE_MEMORY_REGION,
+ (Object **)&cpu->tag_memory,
+ qdev_prop_allow_set_link_before_realize,
+ OBJ_PROP_LINK_STRONG,
+ &error_abort);
+ }
+#endif
}
static void arm_cpu_finalizefn(Object *obj)
@@ -1182,16 +1194,19 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
init_cpreg_list(cpu);
#ifndef CONFIG_USER_ONLY
+ cs->num_ases = 1;
if (cpu->has_el3 || arm_feature(env, ARM_FEATURE_M_SECURITY)) {
cs->num_ases = 2;
-
if (!cpu->secure_memory) {
cpu->secure_memory = cs->memory;
}
cpu_address_space_init(cs, ARMASIdx_S, "cpu-secure-memory",
cpu->secure_memory);
- } else {
- cs->num_ases = 1;
+ }
+ if (cpu->tag_memory != NULL) {
+ cs->num_ases = 3;
+ cpu_address_space_init(cs, ARMASIdx_TAG, "cpu-tag-memory",
+ cpu->tag_memory);
}
cpu_address_space_init(cs, ARMASIdx_NS, "cpu-memory", cs->memory);
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 19/22] target/arm: Create tagged ram when MTE is enabled
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 19/22] target/arm: Create tagged ram when MTE is enabled Richard Henderson
@ 2019-07-22 16:03 ` Peter Maydell
0 siblings, 0 replies; 30+ messages in thread
From: Peter Maydell @ 2019-07-22 16:03 UTC (permalink / raw)
To: Richard Henderson; +Cc: QEMU Developers
On Thu, 7 Mar 2019 at 17:05, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> @@ -1182,16 +1194,19 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
> init_cpreg_list(cpu);
>
> #ifndef CONFIG_USER_ONLY
> + cs->num_ases = 1;
> if (cpu->has_el3 || arm_feature(env, ARM_FEATURE_M_SECURITY)) {
> cs->num_ases = 2;
> -
> if (!cpu->secure_memory) {
> cpu->secure_memory = cs->memory;
> }
> cpu_address_space_init(cs, ARMASIdx_S, "cpu-secure-memory",
> cpu->secure_memory);
> - } else {
> - cs->num_ases = 1;
> + }
> + if (cpu->tag_memory != NULL) {
> + cs->num_ases = 3;
> + cpu_address_space_init(cs, ARMASIdx_TAG, "cpu-tag-memory",
> + cpu->tag_memory);
> }
> cpu_address_space_init(cs, ARMASIdx_NS, "cpu-memory", cs->memory);
This code will result in an array overrun in cpu_address_space_init(),
because that function allocates the cpu->cpu_ases array the first
time it is called, using the value of cpu->num_ases at that point.
So if we call it for "cpu-secure-memory" when cpu->num_ases is 2,
the later call for "cpu-tag-memory" won't reallocate the array to
have size 3, it will just index off the end of it.
You should be able to see this with valgrind for the case of
the 'virt' board with EL3 enabled:
valgrind ./build/x86/aarch64-softmmu/qemu-system-aarch64 -cpu max -M
virt,secure=on
==16861== Invalid write of size 8
==16861== at 0x4120FA: cpu_address_space_init (exec.c:906)
==16861== by 0x636F80: arm_cpu_realizefn (cpu.c:1617)
==16861== by 0x80B920: device_set_realized (qdev.c:834)
==16861== by 0xA9A94B: property_set_bool (object.c:2076)
==16861== by 0xA98BC7: object_property_set (object.c:1268)
==16861== by 0xA9BC8D: object_property_set_qobject (qom-qobject.c:26)
==16861== by 0xA98EAC: object_property_set_bool (object.c:1334)
==16861== by 0x5A0D0F: machvirt_init (virt.c:1677)
==16861== by 0x81544B: machine_run_board_init (machine.c:1148)
==16861== by 0x767B7E: main (vl.c:4348)
==16861== Address 0x2c257720 is 0 bytes after a block of size 384 alloc'd
==16861== at 0x4C31B25: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16861== by 0x6100B10: g_malloc0 (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.4)
==16861== by 0x4120BE: cpu_address_space_init (exec.c:902)
==16861== by 0x636F30: arm_cpu_realizefn (cpu.c:1612)
==16861== by 0x80B920: device_set_realized (qdev.c:834)
==16861== by 0xA9A94B: property_set_bool (object.c:2076)
==16861== by 0xA98BC7: object_property_set (object.c:1268)
==16861== by 0xA9BC8D: object_property_set_qobject (qom-qobject.c:26)
==16861== by 0xA98EAC: object_property_set_bool (object.c:1334)
==16861== by 0x5A0D0F: machvirt_init (virt.c:1677)
==16861== by 0x81544B: machine_run_board_init (machine.c:1148)
==16861== by 0x767B7E: main (vl.c:4348)
thanks
-- PMM
^ permalink raw reply [flat|nested] 30+ messages in thread
* [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (18 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 19/22] target/arm: Create tagged ram when MTE is enabled Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-07-19 15:48 ` Peter Maydell
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 21/22] target/arm: Add allocation tag storage for system mode Richard Henderson
` (3 subsequent siblings)
23 siblings, 1 reply; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu.h | 45 ++++++++++++++++++++++++++++++++++++++-------
target/arm/helper.c | 20 +++++++++++++++++++-
2 files changed, 57 insertions(+), 8 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6d60d2f37d..3647c5bb55 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2758,10 +2758,15 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
* S EL0 (aka S PL0)
* S EL1 (not used if EL3 is 32 bit)
* NS EL0+1 stage 2
+ * NS physical tag storage
*
- * (The last of these is an mmu_idx because we want to be able to use the TLB
- * for the accesses done as part of a stage 1 page table walk, rather than
- * having to walk the stage 2 page table over and over.)
+ * (The NS EL0+1 stage 2 is an mmu_idx because we want to be able to use the
+ * TLB for the accesses done as part of a stage 1 page table walk, rather
+ * than having to walk the stage 2 page table over and over.)
+ *
+ * (The NS physical tag storage is an mmu_idx because we want to be able to
+ * use the TLB to avoid replicating the path through the rcu locks, flatview,
+ * and qemu_map_ram_ptr.)
*
* R profile CPUs have an MPU, but can use the same set of MMU indexes
* as A profile. They only need to distinguish NS EL0 and NS EL1 (and
@@ -2819,6 +2824,7 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_S1SE0 = 4 | ARM_MMU_IDX_A,
ARMMMUIdx_S1SE1 = 5 | ARM_MMU_IDX_A,
ARMMMUIdx_S2NS = 6 | ARM_MMU_IDX_A,
+ ARMMMUIdx_TagNS = 7 | ARM_MMU_IDX_A,
ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
@@ -2845,6 +2851,7 @@ typedef enum ARMMMUIdxBit {
ARMMMUIdxBit_S1SE0 = 1 << 4,
ARMMMUIdxBit_S1SE1 = 1 << 5,
ARMMMUIdxBit_S2NS = 1 << 6,
+ ARMMMUIdxBit_TagNS = 1 << 7,
ARMMMUIdxBit_MUser = 1 << 0,
ARMMMUIdxBit_MPriv = 1 << 1,
ARMMMUIdxBit_MUserNegPri = 1 << 2,
@@ -2874,11 +2881,29 @@ static inline ARMMMUIdx core_to_arm_mmu_idx(CPUARMState *env, int mmu_idx)
/* Return the exception level we're running at if this is our mmu_idx */
static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
{
- switch (mmu_idx & ARM_MMU_IDX_TYPE_MASK) {
- case ARM_MMU_IDX_A:
+ switch (mmu_idx) {
+ case ARMMMUIdx_S12NSE0:
+ case ARMMMUIdx_S12NSE1:
+ case ARMMMUIdx_S1E2:
+ case ARMMMUIdx_S1E3:
+ case ARMMMUIdx_S1SE0:
+ case ARMMMUIdx_S1SE1:
+ case ARMMMUIdx_S2NS:
return mmu_idx & 3;
- case ARM_MMU_IDX_M:
+
+ case ARMMMUIdx_MUser:
+ case ARMMMUIdx_MPriv:
+ case ARMMMUIdx_MUserNegPri:
+ case ARMMMUIdx_MPrivNegPri:
+ case ARMMMUIdx_MSUser:
+ case ARMMMUIdx_MSPriv:
+ case ARMMMUIdx_MSUserNegPri:
+ case ARMMMUIdx_MSPrivNegPri:
return mmu_idx & ARM_MMU_IDX_M_PRIV;
+
+ case ARMMMUIdx_TagNS:
+ case ARMMMUIdx_S1NSE0:
+ case ARMMMUIdx_S1NSE1:
default:
g_assert_not_reached();
}
@@ -3183,7 +3208,13 @@ enum {
/* Return the address space index to use for a memory access */
static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs)
{
- return attrs.secure ? ARMASIdx_S : ARMASIdx_NS;
+ if (attrs.target_tlb_bit2) {
+ return ARMASIdx_TAG;
+ } else if (attrs.secure) {
+ return ARMASIdx_S;
+ } else {
+ return ARMASIdx_NS;
+ }
}
/* Return the AddressSpace to use for a memory access
diff --git a/target/arm/helper.c b/target/arm/helper.c
index fcab7f99be..eb7b719687 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11948,7 +11948,9 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
target_ulong *page_size,
ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
{
- if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
+ switch (mmu_idx) {
+ case ARMMMUIdx_S12NSE0:
+ case ARMMMUIdx_S12NSE1:
/* Call ourselves recursively to do the stage 1 and then stage 2
* translations.
*/
@@ -11999,6 +12001,22 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
*/
mmu_idx = stage_1_mmu_idx(mmu_idx);
}
+ break;
+
+ case ARMMMUIdx_TagNS:
+ /*
+ * The tag tlb is physically addressed -- pass through 1:1.
+ * The real work is done in arm_asidx_from_attrs, selecting the
+ * address space, based on target_tlb_bit2.
+ */
+ attrs->target_tlb_bit2 = 1;
+ *phys_ptr = address;
+ *prot = PAGE_READ | PAGE_WRITE;
+ *page_size = TARGET_PAGE_SIZE;
+ return 0;
+
+ default:
+ break;
}
/* The page table entries may downgrade secure to non-secure, but
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space Richard Henderson
@ 2019-07-19 15:48 ` Peter Maydell
2019-07-19 21:31 ` Richard Henderson
0 siblings, 1 reply; 30+ messages in thread
From: Peter Maydell @ 2019-07-19 15:48 UTC (permalink / raw)
To: Richard Henderson; +Cc: QEMU Developers
On Thu, 7 Mar 2019 at 17:05, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/cpu.h | 45 ++++++++++++++++++++++++++++++++++++++-------
> target/arm/helper.c | 20 +++++++++++++++++++-
> 2 files changed, 57 insertions(+), 8 deletions(-)
> /* Return the address space index to use for a memory access */
> static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs)
> {
> - return attrs.secure ? ARMASIdx_S : ARMASIdx_NS;
> + if (attrs.target_tlb_bit2) {
> + return ARMASIdx_TAG;
> + } else if (attrs.secure) {
> + return ARMASIdx_S;
> + } else {
> + return ARMASIdx_NS;
> + }
> }
Playing around with this series, I have discovered that if
the board model doesn't create the tag-memory then target/arm/cpu.c
will not create the 'cpu-tag-memory' AddressSpace. But nothing
disables the usage of the target_tlb_bit2, and then when
arm_cpu_tlb_fill() does a tlb_set_page_with_attrs() using
an attrs with target_tlb_bit2 set then we assert in
cpu_asidx_from_attrs() because cpu->num_ases is 2 and
cc->asidx_from_attrs() returned an out of range number (ie 2).
Is the tag-memory mandatory for MTE? If so we should either
disable MTE if no tag-memory is provided, or else fail
realize of the CPU; not sure which. If it's not mandatory
then we need to avoid asserting :-)
thanks
-- PMM
^ permalink raw reply [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space
2019-07-19 15:48 ` Peter Maydell
@ 2019-07-19 21:31 ` Richard Henderson
0 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-07-19 21:31 UTC (permalink / raw)
To: Peter Maydell; +Cc: QEMU Developers
On 7/19/19 8:48 AM, Peter Maydell wrote:
> Playing around with this series, I have discovered that if
> the board model doesn't create the tag-memory then target/arm/cpu.c
> will not create the 'cpu-tag-memory' AddressSpace. But nothing
> disables the usage of the target_tlb_bit2, and then when
> arm_cpu_tlb_fill() does a tlb_set_page_with_attrs() using
> an attrs with target_tlb_bit2 set then we assert in
> cpu_asidx_from_attrs() because cpu->num_ases is 2 and
> cc->asidx_from_attrs() returned an out of range number (ie 2).
Oops.
> Is the tag-memory mandatory for MTE? If so we should either
> disable MTE if no tag-memory is provided, or else fail
> realize of the CPU; not sure which. If it's not mandatory
> then we need to avoid asserting :-)
I'm not sure. I'll need to study the docs again.
There is an MTE support level at which some of the EL0 bits are recognized but
no tags are supported: ID_AA64PFR0_EL1.MTE == 1. But that's not quite the same
as what you're asking.
r~
^ permalink raw reply [flat|nested] 30+ messages in thread
* [Qemu-devel] [PATCH v4 21/22] target/arm: Add allocation tag storage for system mode
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (19 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 20/22] target/arm: Create a TLB entry for tag physical address space Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 22/22] target/arm: Enable MTE Richard Henderson
` (2 subsequent siblings)
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/mte_helper.c | 56 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 6d0f82eb99..6657f57ca6 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -28,8 +28,64 @@
static uint8_t *allocation_tag_mem(CPUARMState *env, uint64_t ptr,
bool write, uintptr_t ra)
{
+#ifdef CONFIG_USER_ONLY
/* Tag storage not implemented. */
return NULL;
+#else
+ ARMCPU *cpu = arm_env_get_cpu(env);
+ CPUState *cs = CPU(cpu);
+ uintptr_t index;
+ int mmu_idx;
+ CPUTLBEntry *te;
+ CPUIOTLBEntry *iotlbentry;
+ MemoryRegionSection *section;
+ hwaddr physaddr, tag_physaddr;
+
+ /*
+ * Find the TLB entry for this access.
+ * As a side effect, this also raises an exception for invalid access.
+ */
+ mmu_idx = cpu_mmu_index(env, false);
+ index = tlb_index(env, mmu_idx, ptr);
+ te = tlb_entry(env, mmu_idx, ptr);
+ if (!tlb_hit(write ? tlb_addr_write(te) : te->addr_read, ptr)) {
+ /* ??? Expose VICTIM_TLB_HIT from accel/tcg/cputlb.c. */
+ tlb_fill(cs, ptr, 16, write ? MMU_DATA_STORE : MMU_DATA_LOAD,
+ mmu_idx, ra);
+ index = tlb_index(env, mmu_idx, ptr);
+ te = tlb_entry(env, mmu_idx, ptr);
+ }
+
+ /* If the virtual page MemAttr != Tagged, nothing to do. */
+ iotlbentry = &env->iotlb[mmu_idx][index];
+ if (!iotlbentry->attrs.target_tlb_bit1) {
+ return NULL;
+ }
+
+ /* If the board did not allocate tag memory, nothing to do. */
+ if (!cpu_get_address_space(cs, ARMASIdx_TAG)) {
+ return NULL;
+ }
+
+ /* Find the physical address for the virtual access. */
+ section = iotlb_to_section(cs, iotlbentry->addr, iotlbentry->attrs);
+ physaddr = ((iotlbentry->addr & TARGET_PAGE_MASK) + ptr
+ + section->offset_within_address_space
+ - section->offset_within_region);
+ tag_physaddr = physaddr >> (LOG2_TAG_GRANULE + 1);
+
+ /* Find the memory backing the tag address in tag address space. */
+ mmu_idx = arm_to_core_mmu_idx(ARMMMUIdx_TagNS);
+ te = tlb_entry(env, mmu_idx, tag_physaddr);
+ if (!tlb_hit(write ? tlb_addr_write(te) : te->addr_read, tag_physaddr)) {
+ /* ??? Expose VICTIM_TLB_HIT from accel/tcg/cputlb.c. */
+ tlb_fill(cs, tag_physaddr, 1, write ? MMU_DATA_STORE : MMU_DATA_LOAD,
+ mmu_idx, ra);
+ te = tlb_entry(env, mmu_idx, tag_physaddr);
+ }
+
+ return (void *)(tag_physaddr + te->addend);
+#endif
}
static int get_allocation_tag(CPUARMState *env, uint64_t ptr, uintptr_t ra)
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* [Qemu-devel] [PATCH v4 22/22] target/arm: Enable MTE
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (20 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 21/22] target/arm: Add allocation tag storage for system mode Richard Henderson
@ 2019-03-07 17:04 ` Richard Henderson
2019-03-07 17:35 ` [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode no-reply
2019-03-08 18:40 ` no-reply
23 siblings, 0 replies; 30+ messages in thread
From: Richard Henderson @ 2019-03-07 17:04 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/cpu64.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 228906f267..27c85370c0 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -332,6 +332,7 @@ static void aarch64_max_initfn(Object *obj)
t = cpu->isar.id_aa64pfr1;
t = FIELD_DP64(t, ID_AA64PFR1, BT, 1);
+ t = FIELD_DP64(t, ID_AA64PFR1, MTE, 2);
cpu->isar.id_aa64pfr1 = t;
t = cpu->isar.id_aa64mmfr1;
--
2.17.2
^ permalink raw reply related [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (21 preceding siblings ...)
2019-03-07 17:04 ` [Qemu-devel] [PATCH v4 22/22] target/arm: Enable MTE Richard Henderson
@ 2019-03-07 17:35 ` no-reply
2019-03-08 18:40 ` no-reply
23 siblings, 0 replies; 30+ messages in thread
From: no-reply @ 2019-03-07 17:35 UTC (permalink / raw)
To: richard.henderson; +Cc: fam, qemu-devel, peter.maydell
Patchew URL: https://patchew.org/QEMU/20190307170440.3113-1-richard.henderson@linaro.org/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 20190307170440.3113-1-richard.henderson@linaro.org
Subject: [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/20190307170440.3113-1-richard.henderson@linaro.org -> patchew/20190307170440.3113-1-richard.henderson@linaro.org
Switched to a new branch 'test'
23fdebd210 target/arm: Enable MTE
3cf01953ff target/arm: Add allocation tag storage for system mode
494df9631b target/arm: Create a TLB entry for tag physical address space
c3aea915ad target/arm: Create tagged ram when MTE is enabled
f073d517ec target/arm: Cache the Tagged bit for a page in MemTxAttrs
7597116fed target/arm: Set PSTATE.TCO on exception entry
798d73e166 target/arm: Implement data cache set allocation tags
843a2c13d9 target/arm: Clean address for DC ZVA
beff6e3558 target/arm: Implement the access tag cache flushes
79b5335524 target/arm: Implement the LDGM and STGM instructions
ed9a915702 target/arm: Implement the STGP instruction
0143319256 target/arm: Implement LDG, STG, ST2G instructions
54357db2c5 target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY
d72d1a0c0e target/arm: Implement the SUBP instruction
ba50a7a99d target/arm: Implement the GMI instruction
09533e4e2c target/arm: Implement ADDG, SUBG instructions
593999e89a target/arm: Implement the IRG instruction
8306fd8033 target/arm: Suppress tag check for sp+offset
c7edbeb68c target/arm: Add helper_mte_check{1, 2}
41eff3fb40 target/arm: Add MTE system registers
46e9777387 target/arm: Extract TCMA with ARMVAParameters
e68d8da962 target/arm: Add MTE_ACTIVE to tb_flags
=== OUTPUT BEGIN ===
1/22 Checking commit e68d8da9629d (target/arm: Add MTE_ACTIVE to tb_flags)
2/22 Checking commit 46e9777387ff (target/arm: Extract TCMA with ARMVAParameters)
ERROR: spaces prohibited around that ':' (ctx:WxW)
#70: FILE: target/arm/internals.h:962:
+ bool tcma : 1;
^
total: 1 errors, 0 warnings, 49 lines checked
Patch 2/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/22 Checking commit 41eff3fb4034 (target/arm: Add MTE system registers)
4/22 Checking commit c7edbeb68c59 (target/arm: Add helper_mte_check{1, 2})
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#42:
new file mode 100644
total: 0 errors, 1 warnings, 167 lines checked
Patch 4/22 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/22 Checking commit 8306fd8033ee (target/arm: Suppress tag check for sp+offset)
6/22 Checking commit 593999e89a2f (target/arm: Implement the IRG instruction)
7/22 Checking commit 09533e4e2cda (target/arm: Implement ADDG, SUBG instructions)
8/22 Checking commit ba50a7a99db9 (target/arm: Implement the GMI instruction)
9/22 Checking commit d72d1a0c0eb1 (target/arm: Implement the SUBP instruction)
10/22 Checking commit 54357db2c561 (target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY)
11/22 Checking commit 014331925603 (target/arm: Implement LDG, STG, ST2G instructions)
12/22 Checking commit ed9a915702c2 (target/arm: Implement the STGP instruction)
13/22 Checking commit 79b53355245d (target/arm: Implement the LDGM and STGM instructions)
14/22 Checking commit beff6e355850 (target/arm: Implement the access tag cache flushes)
15/22 Checking commit 843a2c13d940 (target/arm: Clean address for DC ZVA)
16/22 Checking commit 798d73e16619 (target/arm: Implement data cache set allocation tags)
17/22 Checking commit 7597116fed95 (target/arm: Set PSTATE.TCO on exception entry)
18/22 Checking commit f073d517ec80 (target/arm: Cache the Tagged bit for a page in MemTxAttrs)
19/22 Checking commit c3aea915adb4 (target/arm: Create tagged ram when MTE is enabled)
20/22 Checking commit 494df9631b39 (target/arm: Create a TLB entry for tag physical address space)
21/22 Checking commit 3cf01953ff8b (target/arm: Add allocation tag storage for system mode)
22/22 Checking commit 23fdebd2106c (target/arm: Enable MTE)
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20190307170440.3113-1-richard.henderson@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 30+ messages in thread* Re: [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode
2019-03-07 17:04 [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode Richard Henderson
` (22 preceding siblings ...)
2019-03-07 17:35 ` [Qemu-devel] [PATCH v4 00/22] target/arm: Implement ARMv8.5-MemTag, system mode no-reply
@ 2019-03-08 18:40 ` no-reply
23 siblings, 0 replies; 30+ messages in thread
From: no-reply @ 2019-03-08 18:40 UTC (permalink / raw)
To: richard.henderson; +Cc: fam, qemu-devel, peter.maydell
Patchew URL: https://patchew.org/QEMU/20190307170440.3113-1-richard.henderson@linaro.org/
Hi,
This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-mingw@fedora SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===
CC aarch64-softmmu/gdbstub-xml.o
CC aarch64-softmmu/trace/generated-helpers.o
/tmp/qemu-test/src/target/arm/mte_helper.c: In function 'allocation_tag_mem':
/tmp/qemu-test/src/target/arm/mte_helper.c:87:12: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
return (void *)(tag_physaddr + te->addend);
^
cc1: all warnings being treated as errors
The full log is available at
http://patchew.org/logs/20190307170440.3113-1-richard.henderson@linaro.org/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 30+ messages in thread