aboutsummaryrefslogtreecommitdiff
path: root/target/arm/mte_helper.c
diff options
context:
space:
mode:
Diffstat (limited to 'target/arm/mte_helper.c')
-rw-r--r--target/arm/mte_helper.c132
1 files changed, 131 insertions, 1 deletions
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 907a12b366..c8a5e7c0ed 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -359,12 +359,142 @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val)
}
}
+/* Record a tag check failure. */
+static void mte_check_fail(CPUARMState *env, int mmu_idx,
+ uint64_t dirty_ptr, uintptr_t ra)
+{
+ ARMMMUIdx arm_mmu_idx = core_to_aa64_mmu_idx(mmu_idx);
+ int el, reg_el, tcf, select;
+ uint64_t sctlr;
+
+ reg_el = regime_el(env, arm_mmu_idx);
+ sctlr = env->cp15.sctlr_el[reg_el];
+
+ switch (arm_mmu_idx) {
+ case ARMMMUIdx_E10_0:
+ case ARMMMUIdx_E20_0:
+ el = 0;
+ tcf = extract64(sctlr, 38, 2);
+ break;
+ default:
+ el = reg_el;
+ tcf = extract64(sctlr, 40, 2);
+ }
+
+ switch (tcf) {
+ case 1:
+ /*
+ * Tag check fail causes a synchronous exception.
+ *
+ * In restore_state_to_opc, we set the exception syndrome
+ * for the load or store operation. Unwind first so we
+ * may overwrite that with the syndrome for the tag check.
+ */
+ cpu_restore_state(env_cpu(env), ra, true);
+ env->exception.vaddress = dirty_ptr;
+ raise_exception(env, EXCP_DATA_ABORT,
+ syn_data_abort_no_iss(el != 0, 0, 0, 0, 0, 0, 0x11),
+ exception_target_el(env));
+ /* noreturn, but fall through to the assert anyway */
+
+ case 0:
+ /*
+ * Tag check fail does not affect the PE.
+ * We eliminate this case by not setting MTE_ACTIVE
+ * in tb_flags, so that we never make this runtime call.
+ */
+ g_assert_not_reached();
+
+ case 2:
+ /* Tag check fail causes asynchronous flag set. */
+ mmu_idx = arm_mmu_idx_el(env, el);
+ if (regime_has_2_ranges(mmu_idx)) {
+ select = extract64(dirty_ptr, 55, 1);
+ } else {
+ select = 0;
+ }
+ env->cp15.tfsr_el[el] |= 1 << select;
+ break;
+
+ default:
+ /* Case 3: Reserved. */
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Tag check failure with SCTLR_EL%d.TCF%s "
+ "set to reserved value %d\n",
+ reg_el, el ? "" : "0", tcf);
+ break;
+ }
+}
+
/*
* Perform an MTE checked access for a single logical or atomic access.
*/
+static bool mte_probe1_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
+ uintptr_t ra, int bit55)
+{
+ int mem_tag, mmu_idx, ptr_tag, size;
+ MMUAccessType type;
+ uint8_t *mem;
+
+ ptr_tag = allocation_tag_from_addr(ptr);
+
+ if (tcma_check(desc, bit55, ptr_tag)) {
+ return true;
+ }
+
+ mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
+ type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
+ size = FIELD_EX32(desc, MTEDESC, ESIZE);
+
+ mem = allocation_tag_mem(env, mmu_idx, ptr, type, size,
+ MMU_DATA_LOAD, 1, ra);
+ if (!mem) {
+ return true;
+ }
+
+ mem_tag = load_tag1(ptr, mem);
+ return ptr_tag == mem_tag;
+}
+
+/*
+ * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
+ * Returns false if the access is Checked and the check failed. This
+ * is only intended to probe the tag -- the validity of the page must
+ * be checked beforehand.
+ */
+bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
+{
+ int bit55 = extract64(ptr, 55, 1);
+
+ /* If TBI is disabled, the access is unchecked. */
+ if (unlikely(!tbi_check(desc, bit55))) {
+ return true;
+ }
+
+ return mte_probe1_int(env, desc, ptr, 0, bit55);
+}
+
+uint64_t mte_check1(CPUARMState *env, uint32_t desc,
+ uint64_t ptr, uintptr_t ra)
+{
+ int bit55 = extract64(ptr, 55, 1);
+
+ /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
+ if (unlikely(!tbi_check(desc, bit55))) {
+ return ptr;
+ }
+
+ if (unlikely(!mte_probe1_int(env, desc, ptr, ra, bit55))) {
+ int mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
+ mte_check_fail(env, mmu_idx, ptr, ra);
+ }
+
+ return useronly_clean_ptr(ptr);
+}
+
uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
{
- return ptr;
+ return mte_check1(env, desc, ptr, GETPC());
}
/*