| Message ID | 20230907160340.260094-3-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | target/arm: Implement FEAT_MOPS | expand |
On 9/7/23 09:03, Peter Maydell wrote: > The LDRT/STRT "unprivileged load/store" instructions behave like > normal ones if executed at EL0. We handle this correctly for > the load/store semantics, but get the MTE checking wrong. > > We always look at s->mte_active[is_unpriv] to see whether we should > be doing MTE checks, but in hflags.c when we set the TB flags that > will be used to fill the mte_active[] array we only set the > MTE0_ACTIVE bit if UNPRIV is true (i.e. we are not at EL0). > > This means that a LDRT at EL0 will see s->mte_active[1] as 0, > and will not do MTE checks even when MTE is enabled. > > To avoid the translate-time code having to do an explicit check on > s->unpriv to see if it is OK to index into the mte_active[] array, > duplicate MTE_ACTIVE into MTE0_ACTIVE when UNPRIV is false. > > (This isn't a very serious bug because generally nobody executes > LDRT/STRT at EL0, because they have no use there.) > > Cc:qemu-stable@nongnu.org > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > target/arm/tcg/hflags.c | 9 +++++++++ > 1 file changed, 9 insertions(+) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c index 616c5fa7237..ea642384f5a 100644 --- a/target/arm/tcg/hflags.c +++ b/target/arm/tcg/hflags.c @@ -306,6 +306,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, && !(env->pstate & PSTATE_TCO) && (sctlr & (el == 0 ? SCTLR_TCF0 : SCTLR_TCF))) { DP_TBFLAG_A64(flags, MTE_ACTIVE, 1); + if (!EX_TBFLAG_A64(flags, UNPRIV)) { + /* + * In non-unpriv contexts (eg EL0), unpriv load/stores + * act like normal ones; duplicate the MTE info to + * avoid translate-a64.c having to check UNPRIV to see + * whether it is OK to index into MTE_ACTIVE[]. + */ + DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1); + } } } /* And again for unprivileged accesses, if required. */
The LDRT/STRT "unprivileged load/store" instructions behave like normal ones if executed at EL0. We handle this correctly for the load/store semantics, but get the MTE checking wrong. We always look at s->mte_active[is_unpriv] to see whether we should be doing MTE checks, but in hflags.c when we set the TB flags that will be used to fill the mte_active[] array we only set the MTE0_ACTIVE bit if UNPRIV is true (i.e. we are not at EL0). This means that a LDRT at EL0 will see s->mte_active[1] as 0, and will not do MTE checks even when MTE is enabled. To avoid the translate-time code having to do an explicit check on s->unpriv to see if it is OK to index into the mte_active[] array, duplicate MTE_ACTIVE into MTE0_ACTIVE when UNPRIV is false. (This isn't a very serious bug because generally nobody executes LDRT/STRT at EL0, because they have no use there.) Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/tcg/hflags.c | 9 +++++++++ 1 file changed, 9 insertions(+)