From: "Alex Bennée" <alex.bennee@linaro.org>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [PATCH v4 05/12] target/arm: Fix unaligned checks for mte_check1, mte_probe1
Date: Thu, 08 Apr 2021 10:05:50 +0100 [thread overview]
Message-ID: <87sg41tab0.fsf@linaro.org> (raw)
In-Reply-To: <20210406174031.64299-6-richard.henderson@linaro.org>
Richard Henderson <richard.henderson@linaro.org> writes:
> We were incorrectly assuming that only the first byte of an MTE access
> is checked against the tags. But per the ARM, unaligned accesses are
> pre-decomposed into single-byte accesses. So by the time we reach the
> actual MTE check in the ARM pseudocode, all accesses are aligned.
>
> We cannot tell a priori whether or not a given scalar access is aligned,
> therefore we must at least check. Use mte_probe_int, which is already
> set up for checking multiple granules.
>
> Buglink: https://bugs.launchpad.net/bugs/1921948
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
(tested with hand crafted kunit test)
> ---
> target/arm/mte_helper.c | 109 +++++++++++++---------------------------
> 1 file changed, 35 insertions(+), 74 deletions(-)
>
> diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
> index 144bfa4a51..619c4b9351 100644
> --- a/target/arm/mte_helper.c
> +++ b/target/arm/mte_helper.c
> @@ -617,80 +617,6 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
> }
> }
>
> -/*
> - * Perform an MTE checked access for a single logical or atomic access.
> - */
> -static bool mte_probe1_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
> - uintptr_t ra, int bit55)
> -{
> - int mem_tag, mmu_idx, ptr_tag, size;
> - MMUAccessType type;
> - uint8_t *mem;
> -
> - ptr_tag = allocation_tag_from_addr(ptr);
> -
> - if (tcma_check(desc, bit55, ptr_tag)) {
> - return true;
> - }
> -
> - mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);
> - type = FIELD_EX32(desc, MTEDESC, WRITE) ? MMU_DATA_STORE : MMU_DATA_LOAD;
> - size = FIELD_EX32(desc, MTEDESC, ESIZE);
> -
> - mem = allocation_tag_mem(env, mmu_idx, ptr, type, size,
> - MMU_DATA_LOAD, 1, ra);
> - if (!mem) {
> - return true;
> - }
> -
> - mem_tag = load_tag1(ptr, mem);
> - return ptr_tag == mem_tag;
> -}
> -
> -/*
> - * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
> - * Returns false if the access is Checked and the check failed. This
> - * is only intended to probe the tag -- the validity of the page must
> - * be checked beforehand.
> - */
> -bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
> -{
> - int bit55 = extract64(ptr, 55, 1);
> -
> - /* If TBI is disabled, the access is unchecked. */
> - if (unlikely(!tbi_check(desc, bit55))) {
> - return true;
> - }
> -
> - return mte_probe1_int(env, desc, ptr, 0, bit55);
> -}
> -
> -uint64_t mte_check1(CPUARMState *env, uint32_t desc,
> - uint64_t ptr, uintptr_t ra)
> -{
> - int bit55 = extract64(ptr, 55, 1);
> -
> - /* If TBI is disabled, the access is unchecked, and ptr is not dirty. */
> - if (unlikely(!tbi_check(desc, bit55))) {
> - return ptr;
> - }
> -
> - if (unlikely(!mte_probe1_int(env, desc, ptr, ra, bit55))) {
> - mte_check_fail(env, desc, ptr, ra);
> - }
> -
> - return useronly_clean_ptr(ptr);
> -}
> -
> -uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
> -{
> - return mte_check1(env, desc, ptr, GETPC());
> -}
> -
> -/*
> - * Perform an MTE checked access for multiple logical accesses.
> - */
> -
> /**
> * checkN:
> * @tag: tag memory to test
> @@ -882,6 +808,41 @@ uint64_t HELPER(mte_checkN)(CPUARMState *env, uint32_t desc, uint64_t ptr)
> return mte_checkN(env, desc, ptr, GETPC());
> }
>
> +uint64_t mte_check1(CPUARMState *env, uint32_t desc,
> + uint64_t ptr, uintptr_t ra)
> +{
> + uint64_t fault;
> + uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
> + int ret = mte_probe_int(env, desc, ptr, ra, total, &fault);
> +
> + if (unlikely(ret == 0)) {
> + mte_check_fail(env, desc, fault, ra);
> + } else if (ret < 0) {
> + return ptr;
> + }
> + return useronly_clean_ptr(ptr);
> +}
> +
> +uint64_t HELPER(mte_check1)(CPUARMState *env, uint32_t desc, uint64_t ptr)
> +{
> + return mte_check1(env, desc, ptr, GETPC());
> +}
> +
> +/*
> + * No-fault version of mte_check1, to be used by SVE for MemSingleNF.
> + * Returns false if the access is Checked and the check failed. This
> + * is only intended to probe the tag -- the validity of the page must
> + * be checked beforehand.
> + */
> +bool mte_probe1(CPUARMState *env, uint32_t desc, uint64_t ptr)
> +{
> + uint64_t fault;
> + uint32_t total = FIELD_EX32(desc, MTEDESC, ESIZE);
> + int ret = mte_probe_int(env, desc, ptr, 0, total, &fault);
> +
> + return ret != 0;
> +}
> +
> /*
> * Perform an MTE checked access for DC_ZVA.
> */
--
Alex Bennée
next prev parent reply other threads:[~2021-04-08 9:09 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 17:40 [PATCH v4 00/12] target/arm mte fixes Richard Henderson
2021-04-06 17:40 ` [PATCH v4 01/12] accel/tcg: Preserve PAGE_ANON when changing page permissions Richard Henderson
2021-04-07 13:55 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 02/12] target/arm: Check PAGE_WRITE_ORG for MTE writeability Richard Henderson
2021-04-07 15:34 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 03/12] target/arm: Fix mte_checkN Richard Henderson
2021-04-07 18:39 ` Alex Bennée
2021-04-07 18:39 ` [Bug 1921948] " Alex Bennée
2021-04-07 19:56 ` Richard Henderson
2021-04-08 8:36 ` Alex Bennée
2021-04-08 8:36 ` [Bug 1921948] " Alex Bennée
2021-04-08 8:50 ` Peter Maydell
2021-04-08 8:50 ` [Bug 1921948] " Peter Maydell
2021-04-08 10:02 ` Alex Bennée
2021-04-08 10:02 ` [Bug 1921948] " Alex Bennée
2021-04-06 17:40 ` [PATCH v4 04/12] target/arm: Split out mte_probe_int Richard Henderson
2021-04-08 9:01 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 05/12] target/arm: Fix unaligned checks for mte_check1, mte_probe1 Richard Henderson
2021-04-08 9:05 ` Alex Bennée [this message]
2021-04-06 17:40 ` [PATCH v4 06/12] test/tcg/aarch64: Add mte-5 Richard Henderson
2021-04-08 9:07 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 07/12] target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1 Richard Henderson
2021-04-08 11:08 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 08/12] target/arm: Merge mte_check1, mte_checkN Richard Henderson
2021-04-08 11:10 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 09/12] target/arm: Rename mte_probe1 to mte_probe Richard Henderson
2021-04-08 11:10 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 10/12] target/arm: Simplify sve mte checking Richard Henderson
2021-04-08 11:23 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 11/12] target/arm: Remove log2_esize parameter to gen_mte_checkN Richard Henderson
2021-04-08 11:35 ` Alex Bennée
2021-04-06 17:40 ` [PATCH v4 12/12] exec: Fix overlap of PAGE_ANON and PAGE_TARGET_1 Richard Henderson
2021-04-06 18:21 ` Laurent Vivier
2021-04-06 19:36 ` Laurent Vivier
2021-04-07 17:16 ` Alex Bennée
2021-04-07 21:33 ` Nathan Chancellor
2021-04-06 17:57 ` [PATCH v4 00/12] target/arm mte fixes no-reply
2021-04-08 12:47 ` Peter Maydell
2021-04-08 14:25 ` Richard Henderson
2021-04-09 9:53 ` Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2021-03-30 19:34 [Bug 1921948] [NEW] MTE tags not checked properly for unaligned accesses at EL1 Andrey Konovalov
2021-03-30 23:22 ` [Bug 1921948] " Richard Henderson
2021-03-30 23:32 ` Peter Collingbourne
2021-03-31 6:44 ` Richard Henderson
2021-04-02 15:41 ` Richard Henderson
2021-04-02 16:17 ` Andrey Konovalov
2021-04-02 16:31 ` Richard Henderson
2021-04-03 14:34 ` Andrey Konovalov
2021-04-07 20:17 ` Andrey Konovalov
2021-04-07 20:46 ` Alex Bennée
2021-04-07 20:58 ` Andrey Konovalov
2021-04-07 21:29 ` Alex Bennée
2021-04-07 21:29 ` Alex Bennée
2021-04-07 21:45 ` Alex Bennée
2021-04-07 21:45 ` Alex Bennée
2021-04-07 21:19 ` Richard Henderson
2021-04-07 22:02 ` Andrey Konovalov
2021-05-06 18:39 ` Richard Henderson
2021-05-22 5:12 ` Peter Collingbourne
2021-05-22 5:17 ` Peter Collingbourne
2021-05-26 19:55 ` Vitaly Buka
2021-06-10 2:28 ` Peter Collingbourne
2021-06-10 6:06 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sg41tab0.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.