From patchwork Fri Apr 2 21:42:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 414406 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp1727489jai; Fri, 2 Apr 2021 14:44:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwDCknC6Yi6y4tr5gyB0ukhBe7faDmjzYii4trMXMzieNkikFudyIHVfYficYofls7FlJZx X-Received: by 2002:a25:b282:: with SMTP id k2mr21400875ybj.21.1617399868915; Fri, 02 Apr 2021 14:44:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617399868; cv=none; d=google.com; s=arc-20160816; b=RdcxU7UWTt5tna28T1Rb1tVbuMBKEa8qgAvANyBkpEtGvTCKaQfu6noGdIruKgkDoY xrExMaLK/r9xMjc/c4HoFzyGt56DPDH1i9iaE43ovK4rqgtLBt3aXdnESJ1a239ZVtAE SP9iKZ8FqA+bfOEPlq2b+iXTTKehC+in375DEqGrD5ruinTnL5uUsiIkdiVHJBBJFXYz //5oP1InHBcKIl7SSqs4MLMVp+fMsvYGz2yZTOPW9PSoZ/799d2bDTTJ/jvBDnh9nShZ +NxYE3VNoLOicuSTH4BNiCpEUfKlwRkivlNHV2Roo+hxWT/WPqw5o/iAmTz8RvI/J5zr jIPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=y+w0gMMCEBK2Vtlb1FFYoCbN7uhYY0HOFcCe/poCdwU=; b=yBd7pmcg5bFjaYlRTTcyQrDzGDUWOSy7cvQdLpkBe6osP8dF8f1aS0mWF2R/FmyACH AU87BzaPvlaOWI7x0yqpqugTqulB+NR9ApdlR60T/KoV9urjw2AmV8yowgeKx6bv6FOC E4xiHjtggWmvdAck7uRKMdAQfBN6QbEEunuMBPtbwWHiI6cHgMvcS5fsIZAW6cYN5j2f sDnSQdw1ogW95sQ8zcg9ONNcQ9J9y0slOZj5aFLD/Ld6IPWVsPDuEMvpe8xVAyzbKk0Y RvrbU0Wj5Pjjp0IrbNekRhyQBWG8VdMojsPpFnx+IabsGxGFVNj37IFuCnftNEejFiNP yUsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="t7WSYds/"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h31si8931056ybj.176.2021.04.02.14.44.28 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 02 Apr 2021 14:44:28 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="t7WSYds/"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:43848 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lSRae-0004Gr-9K for patch@linaro.org; Fri, 02 Apr 2021 17:44:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35670) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lSRYk-0000OW-W2 for qemu-devel@nongnu.org; Fri, 02 Apr 2021 17:42:31 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:37537) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lSRYf-0007gU-Gr for qemu-devel@nongnu.org; Fri, 02 Apr 2021 17:42:30 -0400 Received: by mail-pl1-x62d.google.com with SMTP id h20so3029082plr.4 for ; Fri, 02 Apr 2021 14:42:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=y+w0gMMCEBK2Vtlb1FFYoCbN7uhYY0HOFcCe/poCdwU=; b=t7WSYds/LTRohORLyMGy3J20JQj6o+/XqYc5jd3CmRAcK/YnHQIavA3PqnDAJZLN4a euEyEYO65G43C1xm3Ikkyn6r2F1Xm2DiaCwl83fkHb/qkOpndv80D1kltqePBLNQ/x8R gaFR0G+FV2yqh6oo4RF/dK09o7s2YdoNiU4TO7mcWBy/G7oE1+7gGzRb6vKk8f+ofFUy 9cquZXaTsPNt52+2PWU/l9rum6Wg3kXny1A3R+/6Z7E712R1LQ/3a7OK53QXMRq8y6wr FBOp1earr0nnL9H/LepiRSUws/p0RT3z8Z4sY69zTFrA7GqersuFHBc29dNIjOfUug8e Ddkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=y+w0gMMCEBK2Vtlb1FFYoCbN7uhYY0HOFcCe/poCdwU=; b=DFkZ/Z5B5Ha8KXX8lwpHgkd3mE9eKEmuJ/OQ51BDSGOuyJwW8I0F6V5Peb7+NPji8z VJf1ADgMorORqHzazJk4/aeXfoVR0inotBxJx/FH0vmNrWlUcHtnNurz5JrO6VewA9B+ 5Z2ZQmYcrBeoVPXiICo6fqqMkxXwECfFfqg6dWqUG3j1eIhpQknI6/c8Cslm8CbQRw7r b2C6G9XDgFuDfZLebrsyMmQbV/6KZCzoqWxPzCkzzWciGCGlv5VD3q9xh6BZTqba268C aSlEsZ6AoX5l3L3Im9f7NKv2XQKkMtTGT/6yYFJBdOiCHr9Dm0ifeCXb5TWLpZ54FHbg Z+Og== X-Gm-Message-State: AOAM530WJgsqZhMPfABjnMKZFjOqRtUOrAGskYThneEnKiaxTeDaeSRG vqnSwq666CiLDK3RzxEAJYjgsWbclN/q0A== X-Received: by 2002:a17:90a:e542:: with SMTP id ei2mr15393080pjb.134.1617399744158; Fri, 02 Apr 2021 14:42:24 -0700 (PDT) Received: from localhost.localdomain (h216-228-167-147.bendor.dedicated.static.tds.net. [216.228.167.147]) by smtp.gmail.com with ESMTPSA id f16sm7923329pfj.220.2021.04.02.14.42.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Apr 2021 14:42:23 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v3 03/11] target/arm: Fix unaligned mte checks for mte_checkN Date: Fri, 2 Apr 2021 14:42:09 -0700 Message-Id: <20210402214217.422585-4-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210402214217.422585-1-richard.henderson@linaro.org> References: <20210402214217.422585-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x62d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" We were incorrectly assuming that only the first byte of an MTE access is checked against the tags. But per the ARM, unaligned accesses are pre-decomposed into single-byte accesses. So by the time we reach the actual MTE check in the ARM pseudocode, all accesses are aligned. Therefore, the first failure is always either the first byte of the access, or the first byte of the granule. Buglink: https://bugs.launchpad.net/bugs/1921948 Signed-off-by: Richard Henderson --- target/arm/mte_helper.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) -- 2.25.1 diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c index 8be17e1b70..473d84cee2 100644 --- a/target/arm/mte_helper.c +++ b/target/arm/mte_helper.c @@ -757,10 +757,10 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra) { int mmu_idx, ptr_tag, bit55; - uint64_t ptr_last, ptr_end, prev_page, next_page; + uint64_t ptr_last, prev_page, next_page; uint64_t tag_first, tag_end; uint64_t tag_byte_first, tag_byte_end; - uint32_t esize, total, tag_count, tag_size, n, c; + uint32_t total, tag_count, tag_size, n, c; uint8_t *mem1, *mem2; MMUAccessType type; @@ -779,12 +779,10 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc, mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX); type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD; - esize = FIELD_EX32(desc, MTEDESC, ESIZE); total = FIELD_EX32(desc, MTEDESC, TSIZE); /* Find the addr of the end of the access, and of the last element. */ - ptr_end = ptr + total; - ptr_last = ptr_end - esize; + ptr_last = ptr + total - 1; /* Round the bounds to the tag granule, and compute the number of tags. */ tag_first = QEMU_ALIGN_DOWN(ptr, TAG_GRANULE); @@ -817,7 +815,7 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc, tag_size = (tag_byte_end - next_page) / (2 * TAG_GRANULE); mem2 = allocation_tag_mem(env, mmu_idx, next_page, type, - ptr_end - next_page, + ptr_last - next_page + 1, MMU_DATA_LOAD, tag_size, ra); /* @@ -838,15 +836,13 @@ uint64_t mte_checkN(CPUARMState *env, uint32_t desc, } /* - * If we failed, we know which granule. Compute the element that - * is first in that granule, and signal failure on that element. + * If we failed, we know which granule. For the first granule, the + * failure address is @ptr, the first byte accessed. Otherwise the + * failure address is the first byte of the nth granule. */ if (unlikely(n < tag_count)) { - uint64_t fail_ofs; - - fail_ofs = tag_first + n * TAG_GRANULE - ptr; - fail_ofs = ROUND_UP(fail_ofs, esize); - mte_check_fail(env, desc, ptr + fail_ofs, ra); + uint64_t fault = (n == 0 ? ptr : tag_first + n * TAG_GRANULE); + mte_check_fail(env, desc, fault, ra); } done: