From: Peter Maydell <peter.maydell@linaro.org>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>,
qemu-arm <qemu-arm@nongnu.org>,
Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
Will Deacon <will.deacon@arm.com>,
Dave P Martin <dave.martin@arm.com>,
szabolcs.nagy@arm.com, Catalin Marinas <catalin.marinas@arm.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [Qemu-devel] [PATCH 00/17] target/arm: Implement ARMv8.5-MemTag
Date: Tue, 5 Feb 2019 19:42:18 +0000 [thread overview]
Message-ID: <CAFEAcA8XTc5RTxifOA-cYb2FfRaC5ZMBh3AEcxL8LZqh7qxo7Q@mail.gmail.com> (raw)
In-Reply-To: <20190114011122.5995-1-richard.henderson@linaro.org>
On Mon, 14 Jan 2019 at 01:11, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Based-on: 20190110124951.15473-1-richard.henderson@linaro.org
> aka the TBID patch set, which itself is based on the BTI patch set.
>
> The full tree is available at
>
> https://github.org/rth7680/qemu.git tgt-arm-mte
>
> This extension isl also spelled MTE in the ARM.
>
> This patch set only attempts to implement linux-user emulation.
> For system emulation, I still miss the new cache flushing insns (easy)
> and the out-of-band physical memory for the allocation tags (harder).
>
> From a few mis-steps in writing the test cases for the extension,
> I might suggest that some future kernel's userland ABI for this have
> TCR.TCMA0 = 1, so that legacy code that is *not* MTE aware can use
> a frame pointer without accidentally tripping left over stack tags.
> (As seen in patch 5, SP+OFF is unchecked per the ISA but FP+OFF is not.)
>
> OTOH, depending on the application, that does make it easier for an
> attack vector to clean the tag off the top of a pointer to bypass
> store checking. So, tricky.
I'm working through review of this, but feel free to rebase on
current master (which has now got a pile of your other patches
in it, since I've just merged target-arm.next) without waiting
for me to finish going through it.
thanks
-- PMM
next prev parent reply other threads:[~2019-02-05 19:42 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-14 1:11 [Qemu-devel] [PATCH 00/17] target/arm: Implement ARMv8.5-MemTag Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 01/17] target/arm: Add MTE_ACTIVE to tb_flags Richard Henderson
2019-02-05 19:06 ` Peter Maydell
2019-02-10 0:06 ` Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 02/17] target/arm: Extract TCMA with ARMVAParameters Richard Henderson
2019-02-05 19:08 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 03/17] target/arm: Add MTE system registers Richard Henderson
2019-02-05 19:27 ` Peter Maydell
2019-02-10 1:20 ` Richard Henderson
2019-02-10 1:23 ` Richard Henderson
2019-02-10 21:40 ` Peter Maydell
2019-02-10 22:47 ` Richard Henderson
2019-02-11 9:43 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 04/17] target/arm: Fill in helper_mte_check Richard Henderson
2019-02-07 15:57 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 05/17] target/arm: Suppress tag check for sp+offset Richard Henderson
2019-02-07 16:17 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 06/17] target/arm: Implement the IRG instruction Richard Henderson
2019-02-07 16:47 ` Peter Maydell
2019-02-10 3:43 ` Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 07/17] target/arm: Implement ADDG, SUBG instructions Richard Henderson
2019-02-07 17:28 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 08/17] target/arm: Implement the GMI instruction Richard Henderson
2019-02-07 17:32 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 09/17] target/arm: Implement the SUBP instruction Richard Henderson
2019-02-07 17:38 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 10/17] target/arm: Implement LDG, STG, ST2G instructions Richard Henderson
2019-02-07 17:41 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 11/17] target/arm: Implement the STGP instruction Richard Henderson
2019-02-07 17:41 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 12/17] target/arm: Implement the LDGV and STGV instructions Richard Henderson
2019-02-07 17:43 ` Peter Maydell
2019-01-14 1:11 ` [Qemu-devel] [PATCH 13/17] target/arm: Set PSTATE.TCO on exception entry Richard Henderson
2019-02-07 17:44 ` Peter Maydell
2019-02-08 17:16 ` Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 14/17] tcg: Introduce target-specific page data for user-only Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 15/17] target/arm: Add allocation tag storage " Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 16/17] target/arm: Enable MTE Richard Henderson
2019-01-14 1:11 ` [Qemu-devel] [PATCH 17/17] tests/tcg/aarch64: Add mte smoke tests Richard Henderson
2019-01-14 14:22 ` Alex Bennée
2019-01-14 21:07 ` Richard Henderson
2019-02-05 19:42 ` Peter Maydell [this message]
2019-02-07 17:53 ` [Qemu-devel] [PATCH 00/17] target/arm: Implement ARMv8.5-MemTag Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8XTc5RTxifOA-cYb2FfRaC5ZMBh3AEcxL8LZqh7qxo7Q@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=dave.martin@arm.com \
--cc=mark.rutland@arm.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=ramana.radhakrishnan@arm.com \
--cc=richard.henderson@linaro.org \
--cc=szabolcs.nagy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.