From patchwork Thu Mar  7 17:04:19 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 159900
Delivered-To: patch@linaro.org
Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp7680978jad;
 Thu, 7 Mar 2019 09:15:42 -0800 (PST)
X-Google-Smtp-Source: APXvYqz6IwEQNRZlKR/9f5Ik+MSVvk3yYY57asPwNo7SuoVlGiYx5Fj5/1Bx3OfjcT/cA7bfopPt
X-Received: by 2002:a25:16d7:: with SMTP id
 206mr12207191ybw.335.1551978942135; 
 Thu, 07 Mar 2019 09:15:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551978942; cv=none;
 d=google.com; s=arc-20160816;
 b=bL8Ozfazjbw+jvmPfzPpvJ0f9n8+JmDQWZsINRzXFZ44MQq0N66ONJW0PYPMrf4NhC
 FU9x3yHqd+wd8IpvD24hBXNQy1ucLD+QQLklOoUiPJh7zZ+lnuz1q0PC6B5GHvGiA6q0
 t7QZa+eKOSy8xrDsuXtMw0XWQGi0QjUU3t6TK3NKG/Ty7Q0CLs6vSx2QmTv0Ta6K2UJS
 tKLX6cv77l+Gi+sg+JHGZ98qhseI7vjwoxnHo6xFM1CiaKp7plKJ/28Ed9PyVmauvpkS
 HRMaTvlBcpQyK2Brpc4b4sIanC+VOVdVBK6dHsdW2f6BoLOT4lV48Hg3m9D/VbrH/moA
 u+tw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=am/QNWo4ADLQ65mFYikDgORXx4qmssWmpXRC4OdZfSw=;
 b=KlDz3r3ubl0MesEAO/GOZxZ6ssk5gOiL145apvlGmQA5DXlAz551V/gMe3JHRfYBRy
 OPU59z/ELiN5d5XmanHrs0TgQU58Ie5PHTwqHWvhm/tiUx0uo1zXuJiwGEvrLh1+FjAW
 J5vKh+KCuwaOAA8kBwrsMB0AR2hJgQLFh8ZTPngt/C0hjg0g3kx9nach+hG2HmG9ukJv
 krnFSSzqaXbimFtZLKeVrhl7cSUAwkqAOKA7tV8fXrIjjyn9icfLni9F7vA4HwhID4qu
 2Ffok8mAivfuBO3le+s3FkyAWoyTMzDIZb1lbj4HBRc0SjXYkt97a4076CWDh0gMmrDH
 vZ6A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=K0ic0TIb;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 f76si2916828ywb.305.2019.03.07.09.15.42 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Thu, 07 Mar 2019 09:15:42 -0800 (PST)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=K0ic0TIb;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1]:55723 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1h1wcP-0005tE-KO
 for patch@linaro.org; Thu, 07 Mar 2019 12:15:41 -0500
Received: from eggs.gnu.org ([209.51.188.92]:58765)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1h1wRx-0006E8-0r
 for qemu-devel@nongnu.org; Thu, 07 Mar 2019 12:04:54 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1h1wRp-0004L1-Rc
 for qemu-devel@nongnu.org; Thu, 07 Mar 2019 12:04:51 -0500
Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]:35766)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1h1wRp-0004K1-Ga
 for qemu-devel@nongnu.org; Thu, 07 Mar 2019 12:04:45 -0500
Received: by mail-pf1-x444.google.com with SMTP id j5so11902586pfa.2
 for <qemu-devel@nongnu.org>; Thu, 07 Mar 2019 09:04:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=am/QNWo4ADLQ65mFYikDgORXx4qmssWmpXRC4OdZfSw=;
 b=K0ic0TIbkd2RBWQO0NTgshTFLU4sJf8Aun2FtAHgZigqyZPjLM8/XqOt6wUj1izpFv
 GgxNN/cAzLDtMeEChmpnW+7TfmVfK80Yq7NxBFi/oGfGCn1fGyk4sQUSDP3CiWM1SZAw
 PS0IomQHrF/4Slh8IGj4ZX4ZcANEfHfMng7r/YiVKqMg1JVgo237A96+Hf9b02bdwQmL
 GiUM2pVpXMmC+qhmY1c4OGQJ0PqdqF8q+iZ8yDUXstGTEE97fjw4GMIvVtf3zomSZlOq
 2GNJDukf4eOv3iKMYr2at86HFNNcjwFgr6hsC13rtc8ITZPczJJMDGjvOXyb2F5Uzl1e
 fw7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=am/QNWo4ADLQ65mFYikDgORXx4qmssWmpXRC4OdZfSw=;
 b=no6v6STtBwLyj1ZfQMMH1aWxI7RAeGfv5rlQD0z2VpwJSPjOSdYXbkl/j9LU2utIRN
 MiJYgwBRT7rZuain8H8ZquV2s6boDnf91szJ417wVLuSO28V5zBfSE1oVgsmEhKdGIg0
 jz8pRThy81nB0F++6IiGw8833gPREuI/2GDx5cXeVMbZpSwZDRYoZVg1lJ5cARfWpp79
 Osii1Pw81ut7kMSI+2rtUUAc4fmidxMfXiqlCwcqTabGISZAB/RSoyGD5CMEWhHf4XHh
 8d8jKCqIcTAiQOD4xZHgySTP5yvEZ0c3JzGF5GVV5tXXXWasS0x3DG2pS/GVe6bJa04t
 l1tg==
X-Gm-Message-State: APjAAAWKw/Qq+n/sWgjAZluxPk+mRDbD6ZGGUj0J15K3/Wq8VU2f9o1P
 RufydFb9huDc+0QD5I6r3ugqhhToaBc=
X-Received: by 2002:a17:902:9001:: with SMTP id
 a1mr13764640plp.96.1551978283636; 
 Thu, 07 Mar 2019 09:04:43 -0800 (PST)
Received: from cloudburst.twiddle.net (97-113-188-82.tukw.qwest.net.
 [97.113.188.82]) by smtp.gmail.com with ESMTPSA id
 r82sm10040562pfa.161.2019.03.07.09.04.42
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 07 Mar 2019 09:04:42 -0800 (PST)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Thu,  7 Mar 2019 09:04:19 -0800
Message-Id: <20190307170440.3113-2-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.2
In-Reply-To: <20190307170440.3113-1-richard.henderson@linaro.org>
References: <20190307170440.3113-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::444
Subject: [Qemu-devel] [PATCH v4 01/22] target/arm: Add MTE_ACTIVE to tb_flags
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

When MTE is fully enabled, i.e. access to tags are enabled and
tag checks affect the PE, then arrange to perform the check
while stripping the TBI.

The check is not yet implemented, just the plumbing to that point.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Clean TBI bits exactly.
    Fix license to lgpl 2.1.
v3: Remove stub helper_mte_check; moved to a later patch.
---
 target/arm/cpu.h           | 12 +++++++++
 target/arm/internals.h     | 18 ++++++++++++++
 target/arm/translate.h     |  2 ++
 target/arm/helper.c        | 51 ++++++++++++++++++++++++++++++--------
 target/arm/translate-a64.c |  1 +
 5 files changed, 73 insertions(+), 11 deletions(-)

-- 
2.17.2

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 5f23c62132..0cf9eacebe 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1214,6 +1214,7 @@ void pmu_init(ARMCPU *cpu);
 #define PSTATE_BTYPE (3U << 10)
 #define PSTATE_IL (1U << 20)
 #define PSTATE_SS (1U << 21)
+#define PSTATE_TCO (1U << 25)
 #define PSTATE_V (1U << 28)
 #define PSTATE_C (1U << 29)
 #define PSTATE_Z (1U << 30)
@@ -3127,6 +3128,7 @@ FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
 FIELD(TBFLAG_A64, BT, 9, 1)
 FIELD(TBFLAG_A64, BTYPE, 10, 2)
 FIELD(TBFLAG_A64, TBID, 12, 2)
+FIELD(TBFLAG_A64, MTE_ACTIVE, 14, 1)
 
 static inline bool bswap_code(bool sctlr_b)
 {
@@ -3507,6 +3509,16 @@ static inline bool isar_feature_aa64_bti(const ARMISARegisters *id)
     return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0;
 }
 
+static inline bool isar_feature_aa64_mte_insn_reg(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, MTE) != 0;
+}
+
+static inline bool isar_feature_aa64_mte(const ARMISARegisters *id)
+{
+    return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, MTE) >= 2;
+}
+
 /*
  * Forward to the above feature tests given an ARMCPU pointer.
  */
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 587a1ddf58..6c018e773c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -983,4 +983,22 @@ static inline int exception_target_el(CPUARMState *env)
     return target_el;
 }
 
+/* Determine if allocation tags are available.  */
+static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
+                                                 uint64_t sctlr)
+{
+    if (el < 3
+        && arm_feature(env, ARM_FEATURE_EL3)
+        && !(env->cp15.scr_el3 & SCR_ATA)) {
+        return false;
+    }
+    if (el < 2
+        && arm_feature(env, ARM_FEATURE_EL2)
+        && !(arm_hcr_el2_eff(env) & HCR_ATA)) {
+        return false;
+    }
+    sctlr &= (el == 0 ? SCTLR_ATA0 : SCTLR_ATA);
+    return sctlr != 0;
+}
+
 #endif
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 912cc2a4a5..e07c2c3330 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -70,6 +70,8 @@ typedef struct DisasContext {
     bool ss_same_el;
     /* True if v8.3-PAuth is active.  */
     bool pauth_active;
+    /* True if v8.5-MTE tag checks affect the PE.  */
+    bool mte_active;
     /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
     bool bt;
     /*
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2607d39ad1..90d15578ca 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1863,6 +1863,9 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
     if (cpu_isar_feature(aa64_pauth, cpu)) {
         valid_mask |= SCR_API | SCR_APK;
     }
+    if (cpu_isar_feature(aa64_mte, cpu)) {
+        valid_mask |= SCR_ATA;
+    }
 
     /* Clear all-context RES0 bits.  */
     value &= valid_mask;
@@ -4050,22 +4053,31 @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 {
     ARMCPU *cpu = arm_env_get_cpu(env);
 
-    if (raw_read(env, ri) == value) {
-        /* Skip the TLB flush if nothing actually changed; Linux likes
-         * to do a lot of pointless SCTLR writes.
-         */
-        return;
-    }
-
     if (arm_feature(env, ARM_FEATURE_PMSA) && !cpu->has_mpu) {
         /* M bit is RAZ/WI for PMSA with no MPU implemented */
         value &= ~SCTLR_M;
     }
 
-    raw_write(env, ri, value);
+    if (!cpu_isar_feature(aa64_mte, cpu)) {
+        if (ri->opc1 == 6) { /* SCTLR_EL3 */
+            value &= ~(SCTLR_ITFSB | SCTLR_TCF | SCTLR_ATA);
+        } else {
+            value &= ~(SCTLR_ITFSB | SCTLR_TCF0 | SCTLR_TCF |
+                       SCTLR_ATA0 | SCTLR_ATA);
+        }
+    }
+
     /* ??? Lots of these bits are not implemented.  */
-    /* This may enable/disable the MMU, so do a TLB flush.  */
-    tlb_flush(CPU(cpu));
+
+    if (raw_read(env, ri) != value) {
+        /*
+         * This may enable/disable the MMU, so do a TLB flush.
+         * Skip the TLB flush if nothing actually changed;
+         * Linux likes to do a lot of pointless SCTLR writes.
+         */
+        raw_write(env, ri, value);
+        tlb_flush(CPU(cpu));
+    }
 }
 
 static CPAccessResult fpexc32_access(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4561,6 +4573,9 @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
     if (cpu_isar_feature(aa64_pauth, cpu)) {
         valid_mask |= HCR_API | HCR_APK;
     }
+    if (cpu_isar_feature(aa64_mte, cpu)) {
+        valid_mask |= HCR_ATA;
+    }
 
     /* Clear RES0 bits.  */
     value &= valid_mask;
@@ -12869,6 +12884,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
     if (is_a64(env)) {
         ARMCPU *cpu = arm_env_get_cpu(env);
         uint64_t sctlr;
+        int tbid;
 
         *pc = env->pc;
         flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
@@ -12877,7 +12893,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         {
             ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
             ARMVAParameters p0 = aa64_va_parameters_both(env, 0, stage1);
-            int tbii, tbid;
+            int tbii;
 
             /* FIXME: ARMv8.1-VHE S2 translation regime.  */
             if (regime_el(env, stage1) < 2) {
@@ -12930,6 +12946,19 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             }
             flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
         }
+
+        /*
+         * If MTE is enabled, and tag checks affect the PE,
+         * then we check the tag as we strip the TBI field.
+         * Note that if TBI is disabled, all accesses are unchecked.
+         */
+        if (tbid
+            && cpu_isar_feature(aa64_mte, cpu)
+            && allocation_tag_access_enabled(env, current_el, sctlr)
+            && !(env->pstate & PSTATE_TCO)
+            && (sctlr & (current_el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) {
+            flags = FIELD_DP32(flags, TBFLAG_A64, MTE_ACTIVE, 1);
+        }
     } else {
         *pc = env->regs[15];
         flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 1959046343..d971b57037 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14351,6 +14351,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
     dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
     dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
+    dc->mte_active = FIELD_EX32(tb_flags, TBFLAG_A64, MTE_ACTIVE);
     dc->vec_len = 0;
     dc->vec_stride = 0;
     dc->cp_regs = arm_cpu->cp_regs;