* [PATCH v5 for-6.1 0/9] target/arm mte fixes
@ 2021-04-16 18:30 Richard Henderson
2021-04-16 18:30 ` [PATCH v5 1/9] target/arm: Fix mte_checkN Richard Henderson
` (10 more replies)
0 siblings, 11 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:30 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
Changes for v5:
* Rebase. Three patches upstream and a minor conflict fixed.
Changes for v4:
* Fix tag count computation error in mte_checkN, which when used
by mte_check1 in patch 5, caused all sorts of KASAN failures.
* Fix PAGE_ANON / PAGE_TARGET_1 overlap.
r~
Richard Henderson (9):
target/arm: Fix mte_checkN
target/arm: Split out mte_probe_int
target/arm: Fix unaligned checks for mte_check1, mte_probe1
test/tcg/aarch64: Add mte-5
target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
target/arm: Merge mte_check1, mte_checkN
target/arm: Rename mte_probe1 to mte_probe
target/arm: Simplify sve mte checking
target/arm: Remove log2_esize parameter to gen_mte_checkN
target/arm/helper-a64.h | 3 +-
target/arm/internals.h | 11 +-
target/arm/translate-a64.h | 2 +-
target/arm/mte_helper.c | 183 ++++++++++++------------------
target/arm/sve_helper.c | 100 ++++++----------
target/arm/translate-a64.c | 22 ++--
target/arm/translate-sve.c | 9 +-
tests/tcg/aarch64/mte-5.c | 44 +++++++
tests/tcg/aarch64/Makefile.target | 2 +-
9 files changed, 172 insertions(+), 204 deletions(-)
create mode 100644 tests/tcg/aarch64/mte-5.c
--
2.25.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH v5 1/9] target/arm: Fix mte_checkN
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
@ 2021-04-16 18:30 ` Richard Henderson
2021-04-19 16:26 ` Peter Maydell
2021-04-16 18:30 ` [PATCH v5 2/9] target/arm: Split out mte_probe_int Richard Henderson
` (9 subsequent siblings)
10 siblings, 1 reply; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:30 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm
We were incorrectly assuming that only the first byte of an MTE access
is checked against the tags. But per the ARM, unaligned accesses are
pre-decomposed into single-byte accesses. So by the time we reach the
actual MTE check in the ARM pseudocode, all accesses are aligned.
Therefore, the first failure is always either the first byte of the
access, or the first byte of the granule.
In addition, some of the arithmetic is off for last-first -> count.
This does not become directly visible until a later patch that passes
single bytes into this function, so ptr == ptr_last.
Buglink: https://bugs.launchpad.net/bugs/1921948
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/mte_helper.c | 38 +++++++++++++++++---------------------
1 file changed, 17 insertions(+), 21 deletions(-)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 8be17e1b70..c87717127c 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -757,10 +757,10 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
uint64_t ptr, uintptr_t ra)
{
int mmu_idx, ptr_tag, bit55;
- uint64_t ptr_last, ptr_end, prev_page, next_page;
- uint64_t tag_first, tag_end;
- uint64_t tag_byte_first, tag_byte_end;
- uint32_t esize, total, tag_count, tag_size, n, c;
+ uint64_t ptr_last, prev_page, next_page;
+ uint64_t tag_first, tag_last;
+ uint64_t tag_byte_first, tag_byte_last;
+ uint32_t total, tag_count, tag_size, n, c;
uint8_t *mem1, *mem2;
MMUAccessType type;
@@ -779,29 +779,27 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
- esize = FIELD_EX32(desc, MTEDESC, ESIZE);
total = FIELD_EX32(desc, MTEDESC, TSIZE);
/* Find the addr of the end of the access, and of the last element. */
- ptr_end = ptr + total;
- ptr_last = ptr_end - esize;
+ ptr_last = ptr + total - 1;
/* Round the bounds to the tag granule, and compute the number of tags. */
tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
- tag_end = QEMU_ALIGN_UP(ptr_last, TAG_GRANULE);
- tag_count = (tag_end - tag_first) / TAG_GRANULE;
+ tag_last = QEMU_ALIGN_DOWN(ptr_last, TAG_GRANULE);
+ tag_count = ((tag_last - tag_first) / TAG_GRANULE) + 1;
/* Round the bounds to twice the tag granule, and compute the bytes. */
tag_byte_first = QEMU_ALIGN_DOWN(ptr, 2 * TAG_GRANULE);
- tag_byte_end = QEMU_ALIGN_UP(ptr_last, 2 * TAG_GRANULE);
+ tag_byte_last = QEMU_ALIGN_DOWN(ptr_last, 2 * TAG_GRANULE);
/* Locate the page boundaries. */
prev_page = ptr & TARGET_PAGE_MASK;
next_page = prev_page + TARGET_PAGE_SIZE;
- if (likely(tag_end - prev_page <= TARGET_PAGE_SIZE)) {
+ if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
/* Memory access stays on one page. */
- tag_size = (tag_byte_end - tag_byte_first) / (2 * TAG_GRANULE);
+ tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
MMU_DATA_LOAD, tag_size, ra);
if (!mem1) {
@@ -815,9 +813,9 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, next_page - ptr,
MMU_DATA_LOAD, tag_size, ra);
- tag_size = (tag_byte_end - next_page) / (2 * TAG_GRANULE);
+ tag_size = ((tag_byte_last - next_page) / (2 * TAG_GRANULE)) + 1;
mem2 = allocation_tag_mem(env, mmu_idx, next_page, type,
- ptr_end - next_page,
+ ptr_last - next_page + 1,
MMU_DATA_LOAD, tag_size, ra);
/*
@@ -838,15 +836,13 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
}
/*
- * If we failed, we know which granule. Compute the element that
- * is first in that granule, and signal failure on that element.
+ * If we failed, we know which granule. For the first granule, the
+ * failure address is @ptr, the first byte accessed. Otherwise the
+ * failure address is the first byte of the nth granule.
*/
if (unlikely(n < tag_count)) {
- uint64_t fail_ofs;
-
- fail_ofs = tag_first + n * TAG_GRANULE - ptr;
- fail_ofs = ROUND_UP(fail_ofs, esize);
- mte_check_fail(env, desc, ptr + fail_ofs, ra);
+ uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
+ mte_check_fail(env, desc, fault, ra);
}
done:
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 2/9] target/arm: Split out mte_probe_int
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
2021-04-16 18:30 ` [PATCH v5 1/9] target/arm: Fix mte_checkN Richard Henderson
@ 2021-04-16 18:30 ` Richard Henderson
2021-04-19 16:28 ` Peter Maydell
2021-04-16 18:31 ` [PATCH v5 3/9] target/arm: Fix unaligned checks for mte_check1, mte_probe1 Richard Henderson
` (8 subsequent siblings)
10 siblings, 1 reply; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:30 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Split out a helper function from mte_checkN to perform
all of the checking and address manpulation. So far,
just use this in mte_checkN itself.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/mte_helper.c | 52 +++++++++++++++++++++++++++++++----------
1 file changed, 40 insertions(+), 12 deletions(-)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index c87717127c..c7138dfc16 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -753,33 +753,45 @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
return n;
}
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra)
+/**
+ * mte_probe_int() - helper for mte_probe and mte_check
+ * @env: CPU environment
+ * @desc: MTEDESC descriptor
+ * @ptr: virtual address of the base of the access
+ * @fault: return virtual address of the first check failure
+ *
+ * Internal routine for both mte_probe and mte_check.
+ * Return zero on failure, filling in *fault.
+ * Return negative on trivial success for tbi disabled.
+ * Return positive on success with tbi enabled.
+ */
+static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
+ uintptr_t ra, uint32_t total, uint64_t *fault)
{
int mmu_idx, ptr_tag, bit55;
uint64_t ptr_last, prev_page, next_page;
uint64_t tag_first, tag_last;
uint64_t tag_byte_first, tag_byte_last;
- uint32_t total, tag_count, tag_size, n, c;
+ uint32_t tag_count, tag_size, n, c;
uint8_t *mem1, *mem2;
MMUAccessType type;
bit55 = extract64(ptr, 55, 1);
+ *fault = ptr;
/* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
if (unlikely(!tbi_check(desc, bit55))) {
- return ptr;
+ return -1;
}
ptr_tag = allocation_tag_from_addr(ptr);
if (tcma_check(desc, bit55, ptr_tag)) {
- goto done;
+ return 1;
}
mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
- total = FIELD_EX32(desc, MTEDESC, TSIZE);
/* Find the addr of the end of the access, and of the last element. */
ptr_last = ptr + total - 1;
@@ -803,7 +815,7 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
MMU_DATA_LOAD, tag_size, ra);
if (!mem1) {
- goto done;
+ return 1;
}
/* Perform all of the comparisons. */
n = checkN(mem1, ptr & TAG_GRANULE, ptr_tag, tag_count);
@@ -829,23 +841,39 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
}
if (n == c) {
if (!mem2) {
- goto done;
+ return 1;
}
n += checkN(mem2, 0, ptr_tag, tag_count - c);
}
}
+ if (likely(n == tag_count)) {
+ return 1;
+ }
+
/*
* If we failed, we know which granule. For the first granule, the
* failure address is @ptr, the first byte accessed. Otherwise the
* failure address is the first byte of the nth granule.
*/
- if (unlikely(n < tag_count)) {
- uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
- mte_check_fail(env, desc, fault, ra);
+ if (n > 0) {
+ *fault = tag_first + n * TAG_GRANULE;
}
+ return 0;
+}
- done:
+uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
+ uint64_t ptr, uintptr_t ra)
+{
+ uint64_t fault;
+ uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
+ int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+
+ if (unlikely(ret == 0)) {
+ mte_check_fail(env, desc, fault, ra);
+ } else if (ret < 0) {
+ return ptr;
+ }
return useronly_clean_ptr(ptr);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 3/9] target/arm: Fix unaligned checks for mte_check1, mte_probe1
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
2021-04-16 18:30 ` [PATCH v5 1/9] target/arm: Fix mte_checkN Richard Henderson
2021-04-16 18:30 ` [PATCH v5 2/9] target/arm: Split out mte_probe_int Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 4/9] test/tcg/aarch64: Add mte-5 Richard Henderson
` (7 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
We were incorrectly assuming that only the first byte of an MTE access
is checked against the tags. But per the ARM, unaligned accesses are
pre-decomposed into single-byte accesses. So by the time we reach the
actual MTE check in the ARM pseudocode, all accesses are aligned.
We cannot tell a priori whether or not a given scalar access is aligned,
therefore we must at least check. Use mte_probe_int, which is already
set up for checking multiple granules.
Buglink: https://bugs.launchpad.net/bugs/1921948
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/mte_helper.c | 109 +++++++++++++---------------------------
1 file changed, 35 insertions(+), 74 deletions(-)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index c7138dfc16..8b95f861e8 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -617,80 +617,6 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
}
}
-/*
- * Perform an MTE checked access for a single logical or atomic access.
- */
-static bool mte_probe1_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
- uintptr_t ra, int bit55)
-{
- int mem_tag, mmu_idx, ptr_tag, size;
- MMUAccessType type;
- uint8_t *mem;
-
- ptr_tag = allocation_tag_from_addr(ptr);
-
- if (tcma_check(desc, bit55, ptr_tag)) {
- return true;
- }
-
- mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
- type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
- size = FIELD_EX32(desc, MTEDESC, ESIZE);
-
- mem = allocation_tag_mem(env, mmu_idx, ptr, type, size,
- MMU_DATA_LOAD, 1, ra);
- if (!mem) {
- return true;
- }
-
- mem_tag = load_tag1(ptr, mem);
- return ptr_tag == mem_tag;
-}
-
-/*
- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
- * Returns false if the access is Checked and the check failed. This
- * is only intended to probe the tag -- the validity of the page must
- * be checked beforehand.
- */
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
- int bit55 = extract64(ptr, 55, 1);
-
- /* If TBI is disabled, the access is unchecked. */
- if (unlikely(!tbi_check(desc, bit55))) {
- return true;
- }
-
- return mte_probe1_int(env, desc, ptr, 0, bit55);
-}
-
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra)
-{
- int bit55 = extract64(ptr, 55, 1);
-
- /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
- if (unlikely(!tbi_check(desc, bit55))) {
- return ptr;
- }
-
- if (unlikely(!mte_probe1_int(env, desc, ptr, ra, bit55))) {
- mte_check_fail(env, desc, ptr, ra);
- }
-
- return useronly_clean_ptr(ptr);
-}
-
-uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
- return mte_check1(env, desc, ptr, GETPC());
-}
-
-/*
- * Perform an MTE checked access for multiple logical accesses.
- */
-
/**
* checkN:
* @tag: tag memory to test
@@ -882,6 +808,41 @@ uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
return mte_checkN(env, desc, ptr, GETPC());
}
+uint64_t mte_check1(CPUARMState *env, uint32_t desc,
+ uint64_t ptr, uintptr_t ra)
+{
+ uint64_t fault;
+ uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
+ int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+
+ if (unlikely(ret == 0)) {
+ mte_check_fail(env, desc, fault, ra);
+ } else if (ret < 0) {
+ return ptr;
+ }
+ return useronly_clean_ptr(ptr);
+}
+
+uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
+{
+ return mte_check1(env, desc, ptr, GETPC());
+}
+
+/*
+ * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
+ * Returns false if the access is Checked and the check failed. This
+ * is only intended to probe the tag -- the validity of the page must
+ * be checked beforehand.
+ */
+bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
+{
+ uint64_t fault;
+ uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
+ int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
+
+ return ret != 0;
+}
+
/*
* Perform an MTE checked access for DC_ZVA.
*/
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 4/9] test/tcg/aarch64: Add mte-5
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (2 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 3/9] target/arm: Fix unaligned checks for mte_check1, mte_probe1 Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 5/9] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1 Richard Henderson
` (6 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Buglink: https://bugs.launchpad.net/bugs/1921948
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tests/tcg/aarch64/mte-5.c | 44 +++++++++++++++++++++++++++++++
tests/tcg/aarch64/Makefile.target | 2 +-
2 files changed, 45 insertions(+), 1 deletion(-)
create mode 100644 tests/tcg/aarch64/mte-5.c
diff --git a/tests/tcg/aarch64/mte-5.c b/tests/tcg/aarch64/mte-5.c
new file mode 100644
index 0000000000..6dbd6ab3ea
--- /dev/null
+++ b/tests/tcg/aarch64/mte-5.c
@@ -0,0 +1,44 @@
+/*
+ * Memory tagging, faulting unaligned access.
+ *
+ * Copyright (c) 2021 Linaro Ltd
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "mte.h"
+
+void pass(int sig, siginfo_t *info, void *uc)
+{
+ assert(info->si_code == SEGV_MTESERR);
+ exit(0);
+}
+
+int main(int ac, char **av)
+{
+ struct sigaction sa;
+ void *p0, *p1, *p2;
+ long excl = 1;
+
+ enable_mte(PR_MTE_TCF_SYNC);
+ p0 = alloc_mte_mem(sizeof(*p0));
+
+ /* Create two differently tagged pointers. */
+ asm("irg %0,%1,%2" : "=r"(p1) : "r"(p0), "r"(excl));
+ asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1));
+ assert(excl != 1);
+ asm("irg %0,%1,%2" : "=r"(p2) : "r"(p0), "r"(excl));
+ assert(p1 != p2);
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_sigaction = pass;
+ sa.sa_flags = SA_SIGINFO;
+ sigaction(SIGSEGV, &sa, NULL);
+
+ /* Store store two different tags in sequential granules. */
+ asm("stg %0, [%0]" : : "r"(p1));
+ asm("stg %0, [%0]" : : "r"(p2 + 16));
+
+ /* Perform an unaligned load crossing the granules. */
+ asm volatile("ldr %0, [%1]" : "=r"(p0) : "r"(p1 + 12));
+ abort();
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index 05b2622bfc..928357b10a 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -37,7 +37,7 @@ AARCH64_TESTS += bti-2
# MTE Tests
ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),)
-AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-6
+AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6
mte-%: CFLAGS += -march=armv8.5-a+memtag
endif
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 5/9] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (3 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 4/9] test/tcg/aarch64: Add mte-5 Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 6/9] target/arm: Merge mte_check1, mte_checkN Richard Henderson
` (5 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
After recent changes, mte_checkN does not use ESIZE,
and mte_check1 never used TSIZE. We can combine the
two into a single field: SIZEM1.
Choose to pass size - 1 because size == 0 is never used,
our immediate need in mte_probe_int is for the address
of the last byte (ptr + size - 1), and since almost all
operations are powers of 2, this makes the immediate
constant one bit smaller.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 4 ++--
target/arm/mte_helper.c | 18 ++++++++----------
target/arm/translate-a64.c | 5 ++---
target/arm/translate-sve.c | 5 ++---
4 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index f11bd32696..2c77f2d50f 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -26,6 +26,7 @@
#define TARGET_ARM_INTERNALS_H
#include "hw/registerfields.h"
+#include "tcg/tcg-gvec-desc.h"
#include "syndrome.h"
/* register banks for CPU modes */
@@ -1142,8 +1143,7 @@ FIELD(MTEDESC, MIDX, 0, 4)
FIELD(MTEDESC, TBI, 4, 2)
FIELD(MTEDESC, TCMA, 6, 2)
FIELD(MTEDESC, WRITE, 8, 1)
-FIELD(MTEDESC, ESIZE, 9, 5)
-FIELD(MTEDESC, TSIZE, 14, 10) /* mte_checkN only */
+FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9) /* size - 1 */
bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
uint64_t mte_check1(CPUARMState *env, uint32_t desc,
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 8b95f861e8..29f5f4823a 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -692,13 +692,13 @@ static int checkN(uint8_t *mem, int odd, int cmp, int count)
* Return positive on success with tbi enabled.
*/
static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
- uintptr_t ra, uint32_t total, uint64_t *fault)
+ uintptr_t ra, uint64_t *fault)
{
int mmu_idx, ptr_tag, bit55;
uint64_t ptr_last, prev_page, next_page;
uint64_t tag_first, tag_last;
uint64_t tag_byte_first, tag_byte_last;
- uint32_t tag_count, tag_size, n, c;
+ uint32_t sizem1, tag_count, tag_size, n, c;
uint8_t *mem1, *mem2;
MMUAccessType type;
@@ -718,9 +718,10 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
+ sizem1 = FIELD_EX32(desc, MTEDESC, SIZEM1);
/* Find the addr of the end of the access, and of the last element. */
- ptr_last = ptr + total - 1;
+ ptr_last = ptr + sizem1;
/* Round the bounds to the tag granule, and compute the number of tags. */
tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
@@ -738,7 +739,7 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
/* Memory access stays on one page. */
tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
- mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
+ mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,
MMU_DATA_LOAD, tag_size, ra);
if (!mem1) {
return 1;
@@ -792,8 +793,7 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
uint64_t ptr, uintptr_t ra)
{
uint64_t fault;
- uint32_t total = FIELD_EX32(desc, MTEDESC, TSIZE);
- int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+ int ret = mte_probe_int(env, desc, ptr, ra, &fault);
if (unlikely(ret == 0)) {
mte_check_fail(env, desc, fault, ra);
@@ -812,8 +812,7 @@ uint64_t mte_check1(CPUARMState *env, uint32_t desc,
uint64_t ptr, uintptr_t ra)
{
uint64_t fault;
- uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
- int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
+ int ret = mte_probe_int(env, desc, ptr, ra, &fault);
if (unlikely(ret == 0)) {
mte_check_fail(env, desc, fault, ra);
@@ -837,8 +836,7 @@ uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
{
uint64_t fault;
- uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
- int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
+ int ret = mte_probe_int(env, desc, ptr, 0, &fault);
return ret != 0;
}
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 0b42e53500..3af00ae90e 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -272,7 +272,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
- desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_size);
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << log2_size) - 1);
tcg_desc = tcg_const_i32(desc);
ret = new_tmp_a64(s);
@@ -306,8 +306,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
- desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << log2_esize);
- desc = FIELD_DP32(desc, MTEDESC, TSIZE, total_size);
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
tcg_desc = tcg_const_i32(desc);
ret = new_tmp_a64(s);
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 0eefb61214..5179c1f836 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -4509,8 +4509,7 @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
- desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
- desc = FIELD_DP32(desc, MTEDESC, TSIZE, mte_n << msz);
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1);
desc <<= SVE_MTEDESC_SHIFT;
} else {
addr = clean_data_tbi(s, addr);
@@ -5189,7 +5188,7 @@ static void do_mem_zpz(DisasContext *s, int zt, int pg, int zm,
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
- desc = FIELD_DP32(desc, MTEDESC, ESIZE, 1 << msz);
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << msz) - 1);
desc <<= SVE_MTEDESC_SHIFT;
}
desc = simd_desc(vsz, vsz, desc | scale);
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 6/9] target/arm: Merge mte_check1, mte_checkN
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (4 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 5/9] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1 Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 7/9] target/arm: Rename mte_probe1 to mte_probe Richard Henderson
` (4 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
The mte_check1 and mte_checkN functions are now identical.
Drop mte_check1 and rename mte_checkN to mte_check.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/helper-a64.h | 3 +--
target/arm/internals.h | 5 +----
target/arm/mte_helper.c | 26 +++-----------------------
target/arm/sve_helper.c | 14 +++++++-------
target/arm/translate-a64.c | 4 ++--
5 files changed, 14 insertions(+), 38 deletions(-)
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
index c139fa81f9..7b706571bb 100644
--- a/target/arm/helper-a64.h
+++ b/target/arm/helper-a64.h
@@ -104,8 +104,7 @@ DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
-DEF_HELPER_FLAGS_3(mte_check1, TCG_CALL_NO_WG, i64, env, i32, i64)
-DEF_HELPER_FLAGS_3(mte_checkN, TCG_CALL_NO_WG, i64, env, i32, i64)
+DEF_HELPER_FLAGS_3(mte_check, TCG_CALL_NO_WG, i64, env, i32, i64)
DEF_HELPER_FLAGS_3(mte_check_zva, TCG_CALL_NO_WG, i64, env, i32, i64)
DEF_HELPER_FLAGS_3(irg, TCG_CALL_NO_RWG, i64, env, i64, i64)
DEF_HELPER_FLAGS_4(addsubg, TCG_CALL_NO_RWG_SE, i64, env, i64, s32, i32)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 2c77f2d50f..af1db2cd9c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1146,10 +1146,7 @@ FIELD(MTEDESC, WRITE, 8, 1)
FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9) /* size - 1 */
bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra);
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra);
+uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
static inline int allocation_tag_from_addr(uint64_t ptr)
{
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 29f5f4823a..161425f208 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -789,8 +789,7 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
return 0;
}
-uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra)
+uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra)
{
uint64_t fault;
int ret = mte_probe_int(env, desc, ptr, ra, &fault);
@@ -803,28 +802,9 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
return useronly_clean_ptr(ptr);
}
-uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
+uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
{
- return mte_checkN(env, desc, ptr, GETPC());
-}
-
-uint64_t mte_check1(CPUARMState *env, uint32_t desc,
- uint64_t ptr, uintptr_t ra)
-{
- uint64_t fault;
- int ret = mte_probe_int(env, desc, ptr, ra, &fault);
-
- if (unlikely(ret == 0)) {
- mte_check_fail(env, desc, fault, ra);
- } else if (ret < 0) {
- return ptr;
- }
- return useronly_clean_ptr(ptr);
-}
-
-uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
-{
- return mte_check1(env, desc, ptr, GETPC());
+ return mte_check(env, desc, ptr, GETPC());
}
/*
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index fd6c58f96a..b63ddfc7f9 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -4442,7 +4442,7 @@ static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
uintptr_t ra)
{
sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
- mtedesc, ra, mte_check1);
+ mtedesc, ra, mte_check);
}
static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
@@ -4451,7 +4451,7 @@ static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
uintptr_t ra)
{
sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
- mtedesc, ra, mte_checkN);
+ mtedesc, ra, mte_check);
}
@@ -4826,7 +4826,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
if (fault == FAULT_FIRST) {
/* Trapping mte check for the first-fault element. */
if (mtedesc) {
- mte_check1(env, mtedesc, addr + mem_off, retaddr);
+ mte_check(env, mtedesc, addr + mem_off, retaddr);
}
/*
@@ -5373,7 +5373,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
info.attrs, BP_MEM_READ, retaddr);
}
if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
- mte_check1(env, mtedesc, addr, retaddr);
+ mte_check(env, mtedesc, addr, retaddr);
}
host_fn(&scratch, reg_off, info.host);
} else {
@@ -5386,7 +5386,7 @@ void sve_ld1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
BP_MEM_READ, retaddr);
}
if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
- mte_check1(env, mtedesc, addr, retaddr);
+ mte_check(env, mtedesc, addr, retaddr);
}
tlb_fn(env, &scratch, reg_off, addr, retaddr);
}
@@ -5552,7 +5552,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
*/
addr = base + (off_fn(vm, reg_off) << scale);
if (mtedesc) {
- mte_check1(env, mtedesc, addr, retaddr);
+ mte_check(env, mtedesc, addr, retaddr);
}
tlb_fn(env, vd, reg_off, addr, retaddr);
@@ -5773,7 +5773,7 @@ void sve_st1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
}
if (mtedesc && arm_tlb_mte_tagged(&info.attrs)) {
- mte_check1(env, mtedesc, addr, retaddr);
+ mte_check(env, mtedesc, addr, retaddr);
}
}
i += 1;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 3af00ae90e..a68d5dd5d1 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -276,7 +276,7 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
tcg_desc = tcg_const_i32(desc);
ret = new_tmp_a64(s);
- gen_helper_mte_check1(ret, cpu_env, tcg_desc, addr);
+ gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
tcg_temp_free_i32(tcg_desc);
return ret;
@@ -310,7 +310,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
tcg_desc = tcg_const_i32(desc);
ret = new_tmp_a64(s);
- gen_helper_mte_checkN(ret, cpu_env, tcg_desc, addr);
+ gen_helper_mte_check(ret, cpu_env, tcg_desc, addr);
tcg_temp_free_i32(tcg_desc);
return ret;
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 7/9] target/arm: Rename mte_probe1 to mte_probe
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (5 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 6/9] target/arm: Merge mte_check1, mte_checkN Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 8/9] target/arm: Simplify sve mte checking Richard Henderson
` (3 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
For consistency with the mte_check1 + mte_checkN merge
to mte_check, rename the probe function as well.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/internals.h | 2 +-
target/arm/mte_helper.c | 6 +++---
target/arm/sve_helper.c | 6 +++---
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index af1db2cd9c..886db56b58 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1145,7 +1145,7 @@ FIELD(MTEDESC, TCMA, 6, 2)
FIELD(MTEDESC, WRITE, 8, 1)
FIELD(MTEDESC, SIZEM1, 9, SIMD_DATA_BITS - 9) /* size - 1 */
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr);
+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr);
uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
static inline int allocation_tag_from_addr(uint64_t ptr)
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 161425f208..011a1ffa46 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -121,7 +121,7 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
* exception for inaccessible pages, and resolves the virtual address
* into the softmmu tlb.
*
- * When RA == 0, this is for mte_probe1. The page is expected to be
+ * When RA == 0, this is for mte_probe. The page is expected to be
* valid. Indicate to probe_access_flags no-fault, then assert that
* we received a valid page.
*/
@@ -808,12 +808,12 @@ uint64_t HELPER(mte_check)(CPUARMState *env, uint32_t desc, uint64_t ptr)
}
/*
- * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
+ * No-fault version of mte_check, to be used by SVE for MemSingleNF.
* Returns false if the access is Checked and the check failed. This
* is only intended to probe the tag -- the validity of the page must
* be checked beforehand.
*/
-bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
+bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr)
{
uint64_t fault;
int ret = mte_probe_int(env, desc, ptr, 0, &fault);
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index b63ddfc7f9..982240d104 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -4869,7 +4869,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
/* Watchpoint hit, see below. */
goto do_fault;
}
- if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
+ if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
goto do_fault;
}
/*
@@ -4919,7 +4919,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
& BP_MEM_READ)) {
goto do_fault;
}
- if (mtedesc && !mte_probe1(env, mtedesc, addr + mem_off)) {
+ if (mtedesc && !mte_probe(env, mtedesc, addr + mem_off)) {
goto do_fault;
}
host_fn(vd, reg_off, host + mem_off);
@@ -5588,7 +5588,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
}
if (mtedesc &&
arm_tlb_mte_tagged(&info.attrs) &&
- !mte_probe1(env, mtedesc, addr)) {
+ !mte_probe(env, mtedesc, addr)) {
goto fault;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 8/9] target/arm: Simplify sve mte checking
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (6 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 7/9] target/arm: Rename mte_probe1 to mte_probe Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:31 ` [PATCH v5 9/9] target/arm: Remove log2_esize parameter to gen_mte_checkN Richard Henderson
` (2 subsequent siblings)
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
Now that mte_check1 and mte_checkN have been merged, we can
merge sve_cont_ldst_mte_check1 and sve_cont_ldst_mte_checkN.
Which means that we can eliminate the function pointer into
sve_ldN_r and sve_stN_r, calling sve_cont_ldst_mte_check directly.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/sve_helper.c | 84 +++++++++++++----------------------------
1 file changed, 26 insertions(+), 58 deletions(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 982240d104..c068dfa0d5 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -4382,13 +4382,9 @@ static void sve_cont_ldst_watchpoints(SVEContLdSt *info, CPUARMState *env,
#endif
}
-typedef uint64_t mte_check_fn(CPUARMState *, uint32_t, uint64_t, uintptr_t);
-
-static inline QEMU_ALWAYS_INLINE
-void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
- uint64_t *vg, target_ulong addr, int esize,
- int msize, uint32_t mtedesc, uintptr_t ra,
- mte_check_fn *check)
+static void sve_cont_ldst_mte_check(SVEContLdSt *info, CPUARMState *env,
+ uint64_t *vg, target_ulong addr, int esize,
+ int msize, uint32_t mtedesc, uintptr_t ra)
{
intptr_t mem_off, reg_off, reg_last;
@@ -4405,7 +4401,7 @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
uint64_t pg = vg[reg_off >> 6];
do {
if ((pg >> (reg_off & 63)) & 1) {
- check(env, mtedesc, addr, ra);
+ mte_check(env, mtedesc, addr, ra);
}
reg_off += esize;
mem_off += msize;
@@ -4422,7 +4418,7 @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
uint64_t pg = vg[reg_off >> 6];
do {
if ((pg >> (reg_off & 63)) & 1) {
- check(env, mtedesc, addr, ra);
+ mte_check(env, mtedesc, addr, ra);
}
reg_off += esize;
mem_off += msize;
@@ -4431,30 +4427,6 @@ void sve_cont_ldst_mte_check_int(SVEContLdSt *info, CPUARMState *env,
}
}
-typedef void sve_cont_ldst_mte_check_fn(SVEContLdSt *info, CPUARMState *env,
- uint64_t *vg, target_ulong addr,
- int esize, int msize, uint32_t mtedesc,
- uintptr_t ra);
-
-static void sve_cont_ldst_mte_check1(SVEContLdSt *info, CPUARMState *env,
- uint64_t *vg, target_ulong addr,
- int esize, int msize, uint32_t mtedesc,
- uintptr_t ra)
-{
- sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
- mtedesc, ra, mte_check);
-}
-
-static void sve_cont_ldst_mte_checkN(SVEContLdSt *info, CPUARMState *env,
- uint64_t *vg, target_ulong addr,
- int esize, int msize, uint32_t mtedesc,
- uintptr_t ra)
-{
- sve_cont_ldst_mte_check_int(info, env, vg, addr, esize, msize,
- mtedesc, ra, mte_check);
-}
-
-
/*
* Common helper for all contiguous 1,2,3,4-register predicated stores.
*/
@@ -4463,8 +4435,7 @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
uint32_t desc, const uintptr_t retaddr,
const int esz, const int msz, const int N, uint32_t mtedesc,
sve_ldst1_host_fn *host_fn,
- sve_ldst1_tlb_fn *tlb_fn,
- sve_cont_ldst_mte_check_fn *mte_check_fn)
+ sve_ldst1_tlb_fn *tlb_fn)
{
const unsigned rd = simd_data(desc);
const intptr_t reg_max = simd_oprsz(desc);
@@ -4493,9 +4464,9 @@ void sve_ldN_r(CPUARMState *env, uint64_t *vg, const target_ulong addr,
* Handle mte checks for all active elements.
* Since TBI must be set for MTE, !mtedesc => !mte_active.
*/
- if (mte_check_fn && mtedesc) {
- mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
- mtedesc, retaddr);
+ if (mtedesc) {
+ sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
+ mtedesc, retaddr);
}
flags = info.page[0].flags | info.page[1].flags;
@@ -4621,8 +4592,7 @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
mtedesc = 0;
}
- sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
- N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
+ sve_ldN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
}
#define DO_LD1_1(NAME, ESZ) \
@@ -4630,7 +4600,7 @@ void HELPER(sve_##NAME##_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, 1, 0, \
- sve_##NAME##_host, sve_##NAME##_tlb, NULL); \
+ sve_##NAME##_host, sve_##NAME##_tlb); \
} \
void HELPER(sve_##NAME##_r_mte)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
@@ -4644,22 +4614,22 @@ void HELPER(sve_##NAME##_le_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0, \
- sve_##NAME##_le_host, sve_##NAME##_le_tlb, NULL); \
+ sve_##NAME##_le_host, sve_##NAME##_le_tlb); \
} \
void HELPER(sve_##NAME##_be_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, 0, \
- sve_##NAME##_be_host, sve_##NAME##_be_tlb, NULL); \
+ sve_##NAME##_be_host, sve_##NAME##_be_tlb); \
} \
void HELPER(sve_##NAME##_le_r_mte)(CPUARMState *env, void *vg, \
- target_ulong addr, uint32_t desc) \
+ target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, \
sve_##NAME##_le_host, sve_##NAME##_le_tlb); \
} \
void HELPER(sve_##NAME##_be_r_mte)(CPUARMState *env, void *vg, \
- target_ulong addr, uint32_t desc) \
+ target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r_mte(env, vg, addr, desc, GETPC(), ESZ, MSZ, 1, \
sve_##NAME##_be_host, sve_##NAME##_be_tlb); \
@@ -4693,7 +4663,7 @@ void HELPER(sve_ld##N##bb_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), MO_8, MO_8, N, 0, \
- sve_ld1bb_host, sve_ld1bb_tlb, NULL); \
+ sve_ld1bb_host, sve_ld1bb_tlb); \
} \
void HELPER(sve_ld##N##bb_r_mte)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
@@ -4707,13 +4677,13 @@ void HELPER(sve_ld##N##SUFF##_le_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0, \
- sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb, NULL); \
+ sve_ld1##SUFF##_le_host, sve_ld1##SUFF##_le_tlb); \
} \
void HELPER(sve_ld##N##SUFF##_be_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_ldN_r(env, vg, addr, desc, GETPC(), ESZ, ESZ, N, 0, \
- sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb, NULL); \
+ sve_ld1##SUFF##_be_host, sve_ld1##SUFF##_be_tlb); \
} \
void HELPER(sve_ld##N##SUFF##_le_r_mte)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
@@ -5090,8 +5060,7 @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
uint32_t desc, const uintptr_t retaddr,
const int esz, const int msz, const int N, uint32_t mtedesc,
sve_ldst1_host_fn *host_fn,
- sve_ldst1_tlb_fn *tlb_fn,
- sve_cont_ldst_mte_check_fn *mte_check_fn)
+ sve_ldst1_tlb_fn *tlb_fn)
{
const unsigned rd = simd_data(desc);
const intptr_t reg_max = simd_oprsz(desc);
@@ -5117,9 +5086,9 @@ void sve_stN_r(CPUARMState *env, uint64_t *vg, target_ulong addr,
* Handle mte checks for all active elements.
* Since TBI must be set for MTE, !mtedesc => !mte_active.
*/
- if (mte_check_fn && mtedesc) {
- mte_check_fn(&info, env, vg, addr, 1 << esz, N << msz,
- mtedesc, retaddr);
+ if (mtedesc) {
+ sve_cont_ldst_mte_check(&info, env, vg, addr, 1 << esz, N << msz,
+ mtedesc, retaddr);
}
flags = info.page[0].flags | info.page[1].flags;
@@ -5233,8 +5202,7 @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
mtedesc = 0;
}
- sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn,
- N == 1 ? sve_cont_ldst_mte_check1 : sve_cont_ldst_mte_checkN);
+ sve_stN_r(env, vg, addr, desc, ra, esz, msz, N, mtedesc, host_fn, tlb_fn);
}
#define DO_STN_1(N, NAME, ESZ) \
@@ -5242,7 +5210,7 @@ void HELPER(sve_st##N##NAME##_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MO_8, N, 0, \
- sve_st1##NAME##_host, sve_st1##NAME##_tlb, NULL); \
+ sve_st1##NAME##_host, sve_st1##NAME##_tlb); \
} \
void HELPER(sve_st##N##NAME##_r_mte)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
@@ -5256,13 +5224,13 @@ void HELPER(sve_st##N##NAME##_le_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0, \
- sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb, NULL); \
+ sve_st1##NAME##_le_host, sve_st1##NAME##_le_tlb); \
} \
void HELPER(sve_st##N##NAME##_be_r)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
{ \
sve_stN_r(env, vg, addr, desc, GETPC(), ESZ, MSZ, N, 0, \
- sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb, NULL); \
+ sve_st1##NAME##_be_host, sve_st1##NAME##_be_tlb); \
} \
void HELPER(sve_st##N##NAME##_le_r_mte)(CPUARMState *env, void *vg, \
target_ulong addr, uint32_t desc) \
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH v5 9/9] target/arm: Remove log2_esize parameter to gen_mte_checkN
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (7 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 8/9] target/arm: Simplify sve mte checking Richard Henderson
@ 2021-04-16 18:31 ` Richard Henderson
2021-04-16 18:45 ` [PATCH v5 for-6.1 0/9] target/arm mte fixes no-reply
2021-04-19 16:41 ` Peter Maydell
10 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-16 18:31 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-arm, Alex Bennée
The log2_esize parameter is not used except trivially.
Drop the parameter and the deferral to gen_mte_check1.
This fixes a bug in that the parameters as documented
in the header file were the reverse from those in the
implementation. Which meant that translate-sve.c was
passing the parameters in the wrong order.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/translate-a64.h | 2 +-
target/arm/translate-a64.c | 15 +++++++--------
target/arm/translate-sve.c | 4 ++--
3 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
index 3668b671dd..868d355048 100644
--- a/target/arm/translate-a64.h
+++ b/target/arm/translate-a64.h
@@ -44,7 +44,7 @@ TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr);
TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
bool tag_checked, int log2_size);
TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
- bool tag_checked, int count, int log2_esize);
+ bool tag_checked, int size);
/* We should have at some point before trying to access an FP register
* done the necessary access check, so assert that
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index a68d5dd5d1..f35a5e8174 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -295,9 +295,9 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
* For MTE, check multiple logical sequential accesses.
*/
TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
- bool tag_checked, int log2_esize, int total_size)
+ bool tag_checked, int size)
{
- if (tag_checked && s->mte_active[0] && total_size != (1 << log2_esize)) {
+ if (tag_checked && s->mte_active[0]) {
TCGv_i32 tcg_desc;
TCGv_i64 ret;
int desc = 0;
@@ -306,7 +306,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
- desc = FIELD_DP32(desc, MTEDESC, SIZEM1, total_size - 1);
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, size - 1);
tcg_desc = tcg_const_i32(desc);
ret = new_tmp_a64(s);
@@ -315,7 +315,7 @@ TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
return ret;
}
- return gen_mte_check1(s, addr, is_write, tag_checked, log2_esize);
+ return clean_data_tbi(s, addr);
}
typedef struct DisasCompare64 {
@@ -2965,8 +2965,7 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
}
clean_addr = gen_mte_checkN(s, dirty_addr, !is_load,
- (wback || rn != 31) && !set_tag,
- size, 2 << size);
+ (wback || rn != 31) && !set_tag, 2 << size);
if (is_vector) {
if (is_load) {
@@ -3713,7 +3712,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)
* promote consecutive little-endian elements below.
*/
clean_addr = gen_mte_checkN(s, tcg_rn, is_store, is_postidx || rn != 31,
- size, total);
+ total);
/*
* Consecutive little-endian elements from a single register
@@ -3866,7 +3865,7 @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)
tcg_rn = cpu_reg_sp(s, rn);
clean_addr = gen_mte_checkN(s, tcg_rn, !is_load, is_postidx || rn != 31,
- scale, total);
+ total);
tcg_ebytes = tcg_const_i64(1 << scale);
for (xs = 0; xs < selem; xs++) {
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index 5179c1f836..584c4d047c 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -4264,7 +4264,7 @@ static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
dirty_addr = tcg_temp_new_i64();
tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
- clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
+ clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
tcg_temp_free_i64(dirty_addr);
/*
@@ -4352,7 +4352,7 @@ static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
dirty_addr = tcg_temp_new_i64();
tcg_gen_addi_i64(dirty_addr, cpu_reg_sp(s, rn), imm);
- clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len, MO_8);
+ clean_addr = gen_mte_checkN(s, dirty_addr, false, rn != 31, len);
tcg_temp_free_i64(dirty_addr);
/* Note that unpredicated load/store of vector/predicate registers
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH v5 for-6.1 0/9] target/arm mte fixes
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (8 preceding siblings ...)
2021-04-16 18:31 ` [PATCH v5 9/9] target/arm: Remove log2_esize parameter to gen_mte_checkN Richard Henderson
@ 2021-04-16 18:45 ` no-reply
2021-04-19 16:41 ` Peter Maydell
10 siblings, 0 replies; 15+ messages in thread
From: no-reply @ 2021-04-16 18:45 UTC (permalink / raw)
To: richard.henderson; +Cc: qemu-arm, qemu-devel
Patchew URL: https://patchew.org/QEMU/20210416183106.1516563-1-richard.henderson@linaro.org/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 20210416183106.1516563-1-richard.henderson@linaro.org
Subject: [PATCH v5 for-6.1 0/9] target/arm mte fixes
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
- [tag update] patchew/1618538904-93433-1-git-send-email-robert.hu@linux.intel.com -> patchew/1618538904-93433-1-git-send-email-robert.hu@linux.intel.com
- [tag update] patchew/20210415163304.4120052-1-philmd@redhat.com -> patchew/20210415163304.4120052-1-philmd@redhat.com
- [tag update] patchew/20210415215141.1865467-1-crosa@redhat.com -> patchew/20210415215141.1865467-1-crosa@redhat.com
- [tag update] patchew/20210416135543.20382-1-peter.maydell@linaro.org -> patchew/20210416135543.20382-1-peter.maydell@linaro.org
* [new tag] patchew/20210416183106.1516563-1-richard.henderson@linaro.org -> patchew/20210416183106.1516563-1-richard.henderson@linaro.org
Switched to a new branch 'test'
d69e1f6 target/arm: Remove log2_esize parameter to gen_mte_checkN
8143076 target/arm: Simplify sve mte checking
5bb12a8 target/arm: Rename mte_probe1 to mte_probe
094ca80 target/arm: Merge mte_check1, mte_checkN
2cddd7b target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1
dcb93c0 test/tcg/aarch64: Add mte-5
cc6775d target/arm: Fix unaligned checks for mte_check1, mte_probe1
ffe6817 target/arm: Split out mte_probe_int
98268e3 target/arm: Fix mte_checkN
=== OUTPUT BEGIN ===
1/9 Checking commit 98268e3a7258 (target/arm: Fix mte_checkN)
2/9 Checking commit ffe6817056f9 (target/arm: Split out mte_probe_int)
3/9 Checking commit cc6775db8723 (target/arm: Fix unaligned checks for mte_check1, mte_probe1)
4/9 Checking commit dcb93c0b91aa (test/tcg/aarch64: Add mte-5)
Use of uninitialized value $acpi_testexpected in string eq at ./scripts/checkpatch.pl line 1529.
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#30:
new file mode 100644
total: 0 errors, 1 warnings, 52 lines checked
Patch 4/9 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/9 Checking commit 2cddd7b85b5b (target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1)
6/9 Checking commit 094ca8096fc4 (target/arm: Merge mte_check1, mte_checkN)
7/9 Checking commit 5bb12a81a235 (target/arm: Rename mte_probe1 to mte_probe)
8/9 Checking commit 814307626eca (target/arm: Simplify sve mte checking)
ERROR: spaces required around that '*' (ctx:WxV)
#96: FILE: target/arm/sve_helper.c:4438:
+ sve_ldst1_tlb_fn *tlb_fn)
^
ERROR: spaces required around that '*' (ctx:WxV)
#190: FILE: target/arm/sve_helper.c:5063:
+ sve_ldst1_tlb_fn *tlb_fn)
^
total: 2 errors, 0 warnings, 202 lines checked
Patch 8/9 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
9/9 Checking commit d69e1f685edb (target/arm: Remove log2_esize parameter to gen_mte_checkN)
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20210416183106.1516563-1-richard.henderson@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v5 1/9] target/arm: Fix mte_checkN
2021-04-16 18:30 ` [PATCH v5 1/9] target/arm: Fix mte_checkN Richard Henderson
@ 2021-04-19 16:26 ` Peter Maydell
2021-04-19 17:39 ` Richard Henderson
0 siblings, 1 reply; 15+ messages in thread
From: Peter Maydell @ 2021-04-19 16:26 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, QEMU Developers
On Fri, 16 Apr 2021 at 19:31, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> We were incorrectly assuming that only the first byte of an MTE access
> is checked against the tags. But per the ARM, unaligned accesses are
> pre-decomposed into single-byte accesses. So by the time we reach the
> actual MTE check in the ARM pseudocode, all accesses are aligned.
>
> Therefore, the first failure is always either the first byte of the
> access, or the first byte of the granule.
>
> In addition, some of the arithmetic is off for last-first -> count.
> This does not become directly visible until a later patch that passes
> single bytes into this function, so ptr == ptr_last.
>
> Buglink: https://bugs.launchpad.net/bugs/1921948
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/mte_helper.c | 38 +++++++++++++++++---------------------
> 1 file changed, 17 insertions(+), 21 deletions(-)
>
> diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
> index 8be17e1b70..c87717127c 100644
> --- a/target/arm/mte_helper.c
> +++ b/target/arm/mte_helper.c
> @@ -757,10 +757,10 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
> uint64_t ptr, uintptr_t ra)
> {
> int mmu_idx, ptr_tag, bit55;
> - uint64_t ptr_last, ptr_end, prev_page, next_page;
> - uint64_t tag_first, tag_end;
> - uint64_t tag_byte_first, tag_byte_end;
> - uint32_t esize, total, tag_count, tag_size, n, c;
> + uint64_t ptr_last, prev_page, next_page;
> + uint64_t tag_first, tag_last;
> + uint64_t tag_byte_first, tag_byte_last;
> + uint32_t total, tag_count, tag_size, n, c;
> uint8_t *mem1, *mem2;
> MMUAccessType type;
>
> @@ -779,29 +779,27 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
>
> mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
> type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
> - esize = FIELD_EX32(desc, MTEDESC, ESIZE);
> total = FIELD_EX32(desc, MTEDESC, TSIZE);
>
> /* Find the addr of the end of the access, and of the last element. */
> - ptr_end = ptr + total;
> - ptr_last = ptr_end - esize;
> + ptr_last = ptr + total - 1;
Code change means the comment needs updating, since we're no longer
finding two things. Change to just
/* Find the addr of the end of the access */
?
>
> /* Round the bounds to the tag granule, and compute the number of tags. */
> tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE);
> - tag_end = QEMU_ALIGN_UP(ptr_last, TAG_GRANULE);
> - tag_count = (tag_end - tag_first) / TAG_GRANULE;
> + tag_last = QEMU_ALIGN_DOWN(ptr_last, TAG_GRANULE);
> + tag_count = ((tag_last - tag_first) / TAG_GRANULE) + 1;
>
> /* Round the bounds to twice the tag granule, and compute the bytes. */
> tag_byte_first = QEMU_ALIGN_DOWN(ptr, 2 * TAG_GRANULE);
> - tag_byte_end = QEMU_ALIGN_UP(ptr_last, 2 * TAG_GRANULE);
> + tag_byte_last = QEMU_ALIGN_DOWN(ptr_last, 2 * TAG_GRANULE);
>
> /* Locate the page boundaries. */
> prev_page = ptr & TARGET_PAGE_MASK;
> next_page = prev_page + TARGET_PAGE_SIZE;
>
> - if (likely(tag_end - prev_page <= TARGET_PAGE_SIZE)) {
> + if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
> /* Memory access stays on one page. */
> - tag_size = (tag_byte_end - tag_byte_first) / (2 * TAG_GRANULE);
> + tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
> mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, total,
> MMU_DATA_LOAD, tag_size, ra);
> if (!mem1) {
> @@ -815,9 +813,9 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
> mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, next_page - ptr,
> MMU_DATA_LOAD, tag_size, ra);
>
> - tag_size = (tag_byte_end - next_page) / (2 * TAG_GRANULE);
> + tag_size = ((tag_byte_last - next_page) / (2 * TAG_GRANULE)) + 1;
> mem2 = allocation_tag_mem(env, mmu_idx, next_page, type,
> - ptr_end - next_page,
> + ptr_last - next_page + 1,
> MMU_DATA_LOAD, tag_size, ra);
>
> /*
> @@ -838,15 +836,13 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
> }
>
> /*
> - * If we failed, we know which granule. Compute the element that
> - * is first in that granule, and signal failure on that element.
> + * If we failed, we know which granule. For the first granule, the
> + * failure address is @ptr, the first byte accessed. Otherwise the
> + * failure address is the first byte of the nth granule.
> */
> if (unlikely(n < tag_count)) {
> - uint64_t fail_ofs;
> -
> - fail_ofs = tag_first + n * TAG_GRANULE - ptr;
> - fail_ofs = ROUND_UP(fail_ofs, esize);
> - mte_check_fail(env, desc, ptr + fail_ofs, ra);
> + uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE);
> + mte_check_fail(env, desc, fault, ra);
> }
>
This pointer arithmetic makes my head hurt. But I think it's right now.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v5 2/9] target/arm: Split out mte_probe_int
2021-04-16 18:30 ` [PATCH v5 2/9] target/arm: Split out mte_probe_int Richard Henderson
@ 2021-04-19 16:28 ` Peter Maydell
0 siblings, 0 replies; 15+ messages in thread
From: Peter Maydell @ 2021-04-19 16:28 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, QEMU Developers
On Fri, 16 Apr 2021 at 19:31, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Split out a helper function from mte_checkN to perform
> all of the checking and address manpulation. So far,
> just use this in mte_checkN itself.
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/arm/mte_helper.c | 52 +++++++++++++++++++++++++++++++----------
> 1 file changed, 40 insertions(+), 12 deletions(-)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v5 for-6.1 0/9] target/arm mte fixes
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
` (9 preceding siblings ...)
2021-04-16 18:45 ` [PATCH v5 for-6.1 0/9] target/arm mte fixes no-reply
@ 2021-04-19 16:41 ` Peter Maydell
10 siblings, 0 replies; 15+ messages in thread
From: Peter Maydell @ 2021-04-19 16:41 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-arm, QEMU Developers
On Fri, 16 Apr 2021 at 19:31, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Changes for v5:
> * Rebase. Three patches upstream and a minor conflict fixed.
>
> Changes for v4:
> * Fix tag count computation error in mte_checkN, which when used
> by mte_check1 in patch 5, caused all sorts of KASAN failures.
> * Fix PAGE_ANON / PAGE_TARGET_1 overlap.
>
Since this is fully reviewed other than the minor comment tweak
I suggested in patch 1, I'm going to apply it to target-arm.next
(for 6.1) and make that comment change there rather than asking
for a respin.
thanks
-- PMM
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v5 1/9] target/arm: Fix mte_checkN
2021-04-19 16:26 ` Peter Maydell
@ 2021-04-19 17:39 ` Richard Henderson
0 siblings, 0 replies; 15+ messages in thread
From: Richard Henderson @ 2021-04-19 17:39 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-arm, QEMU Developers
On 4/19/21 9:26 AM, Peter Maydell wrote:
>> @@ -779,29 +779,27 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc,
>>
>> mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
>> type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
>> - esize = FIELD_EX32(desc, MTEDESC, ESIZE);
>> total = FIELD_EX32(desc, MTEDESC, TSIZE);
>>
>> /* Find the addr of the end of the access, and of the last element. */
>> - ptr_end = ptr + total;
>> - ptr_last = ptr_end - esize;
>> + ptr_last = ptr + total - 1;
>
> Code change means the comment needs updating, since we're no longer
> finding two things. Change to just
> /* Find the addr of the end of the access */
>
> ?
Yep, good catch.
r~
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2021-04-19 17:41 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-16 18:30 [PATCH v5 for-6.1 0/9] target/arm mte fixes Richard Henderson
2021-04-16 18:30 ` [PATCH v5 1/9] target/arm: Fix mte_checkN Richard Henderson
2021-04-19 16:26 ` Peter Maydell
2021-04-19 17:39 ` Richard Henderson
2021-04-16 18:30 ` [PATCH v5 2/9] target/arm: Split out mte_probe_int Richard Henderson
2021-04-19 16:28 ` Peter Maydell
2021-04-16 18:31 ` [PATCH v5 3/9] target/arm: Fix unaligned checks for mte_check1, mte_probe1 Richard Henderson
2021-04-16 18:31 ` [PATCH v5 4/9] test/tcg/aarch64: Add mte-5 Richard Henderson
2021-04-16 18:31 ` [PATCH v5 5/9] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1 Richard Henderson
2021-04-16 18:31 ` [PATCH v5 6/9] target/arm: Merge mte_check1, mte_checkN Richard Henderson
2021-04-16 18:31 ` [PATCH v5 7/9] target/arm: Rename mte_probe1 to mte_probe Richard Henderson
2021-04-16 18:31 ` [PATCH v5 8/9] target/arm: Simplify sve mte checking Richard Henderson
2021-04-16 18:31 ` [PATCH v5 9/9] target/arm: Remove log2_esize parameter to gen_mte_checkN Richard Henderson
2021-04-16 18:45 ` [PATCH v5 for-6.1 0/9] target/arm mte fixes no-reply
2021-04-19 16:41 ` Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).