{"id":2232503,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2232503/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260504-feat-mte4-v5-11-232a648e63c6@gmail.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260504-feat-mte4-v5-11-232a648e63c6@gmail.com>","date":"2026-05-04T15:50:44","name":"[v5,11/15] target/arm: skip tag bit bounds check if MTX is on","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"03bbee6ff5f929695e5b1966538036caa37f9d80","submitter":{"id":91863,"url":"http://patchwork.ozlabs.org/api/1.1/people/91863/?format=json","name":"Gabriel Brookman","email":"brookmangabriel@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260504-feat-mte4-v5-11-232a648e63c6@gmail.com/mbox/","series":[{"id":502688,"url":"http://patchwork.ozlabs.org/api/1.1/series/502688/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=502688","date":"2026-05-04T15:50:33","name":"target/arm: add support for MTE4","version":5,"mbox":"http://patchwork.ozlabs.org/series/502688/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2232503/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2232503/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Gs9va19+;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g8R386VJ0z1yKC\n\tfor ; Tue, 05 May 2026 01:51:47 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wJvZy-00011C-7r; Mon, 04 May 2026 11:51:30 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wJvZv-0000zv-D9\n for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:27 -0400","from mail-qt1-x831.google.com ([2607:f8b0:4864:20::831])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from )\n id 1wJvZt-0006Ei-Kv\n for qemu-devel@nongnu.org; Mon, 04 May 2026 11:51:27 -0400","by mail-qt1-x831.google.com with SMTP id\n d75a77b69052e-506a747448dso29207621cf.0\n for ; Mon, 04 May 2026 08:51:25 -0700 (PDT)","from [192.168.1.164] ([2600:1009:a021:c665:5296:905f:3e4a:eb90])\n by smtp.gmail.com with ESMTPSA id\n d75a77b69052e-51040931552sm99599011cf.12.2026.05.04.08.51.23\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Mon, 04 May 2026 08:51:24 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777909885; x=1778514685; darn=nongnu.org;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n :reply-to; bh=giIrFw4uQ5vf/7JK4azr8Lzs9BpiUv+KWk/6RVqDIRg=;\n b=Gs9va19+GdX8Nx9hmrthX+wD5f7Qlaej1dn/6bAQ6WSTUuzPhSLv2pvJA100PW7wSz\n EKlzckGOkuQUYxckQe4SOPLhZZG3Lek0NTU4hZAbgPX123lPS7e/Y2KCZBAvfdN0RNIh\n GAyy6CUjeaxfvEqJ6MtEs1epD8TvqPo+1K4719WcHUSqndUVYxRlfpCQRS2FgU5Fp3Fq\n L1B36BPnKGakstWtQ59pA+pzJoYwSo6MB/zZggi45e535oW2ZfOjezI2M21o5Jc9AJhy\n v/XqQra95sCs258t8NYDTCgRy4Yo8p4q6xlyGCC1TB4ZCQpuQPgPcw+Gmcg0mdAmjDJm\n DaLg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777909885; x=1778514685;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=giIrFw4uQ5vf/7JK4azr8Lzs9BpiUv+KWk/6RVqDIRg=;\n b=R5gIXw4iU7LVKNxaakhRBsmPzuUxpqktGiLNZ/uNLhHkjW1C0WaX9gui1io3nGjUlE\n aG4Q9BQ3MXO27cBBfS9n3Vsvw7cUQOsGfnBiEYTavlE6yJRMLNP3Bm0enNCkNOF3RB5Y\n moqQm6om8Ey9FAh7N3KWCFszG/yd4Ekw62HAXv6v2gbTuzXvUmwXdgqxwf4DA0yDXPgr\n YljVjSrBIjX322IXFfAl/PBT3qZ6iPerrzFX3sY5kBgBPeTso1eiagnv5HM0JNwm9drA\n 6gsDM/eJFmvleivdriPJmTl3vYv+c6IuRtG4aOLqUi89hrl0Uams6JlqdHu4HD5WWB/v\n Swnw==","X-Gm-Message-State":"AOJu0YwF6oNBiSoqJewciv1nPJUr1xf1IHvOAd44UdR5BDjjg4nn5Vlz\n AxmpAgvhLNnDLWKPh46TSA88Az3oke2arANJj08v7yI3nLS+jOd40lw1","X-Gm-Gg":"AeBDietBMySWizPDu+esGAwNcDvgsA/Dz5V5ZbwuWKoOLlje1PG9bciVkjjhqEw+Oj7\n UcZhZqDylyQrjKxLlinjSG1ceYCP3IKBdU4M/RzY8FRcPuT5ZjTPfvbIb0FVCntXgjWVK6ZcEO/\n 3Oo6fmtQchx2bpYQBVfNLZ4qr5+2YPnHPMINafFWEsLGCoiXocx1I0vKfInPXoC1PfEa4nAsxOa\n o++KwVa08nJ+u5+L0pQkC0EWE5z3BOuq+8uHXJMTpsFcR9eX9GcVfEnbFv93l10fHDbzBdQ/JID\n SajlaDbt/y/ZoJFrjTyB8bsMYiejtEkj2YOJZVYouQfU353hfFS/3Xb6rhMeHZfE1RHpBYFAJ1M\n Wy28zZG5bPZt1onk9/poqsl3bCz9MJwAblb0DKAM0mNAJRhbuJRLuk+05o4QOWWDVj1XV0zBVsc\n Gb6wfK1pXi659RDgJRTHcaheqojfgB3tTT7wlXv4p6rTxqDjwdJzc=","X-Received":"by 2002:ac8:5a41:0:b0:50f:b81e:c655 with SMTP id\n d75a77b69052e-5104bfece53mr147778491cf.57.1777909884502;\n Mon, 04 May 2026 08:51:24 -0700 (PDT)","From":"Gabriel Brookman ","Date":"Mon, 04 May 2026 11:50:44 -0400","Subject":"[PATCH v5 11/15] target/arm: skip tag bit bounds check if MTX is\n on","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","Message-Id":"<20260504-feat-mte4-v5-11-232a648e63c6@gmail.com>","References":"<20260504-feat-mte4-v5-0-232a648e63c6@gmail.com>","In-Reply-To":"<20260504-feat-mte4-v5-0-232a648e63c6@gmail.com>","To":"qemu-devel@nongnu.org","Cc":"Peter Maydell ,\n Gustavo Romero ,\n Richard Henderson , qemu-arm@nongnu.org,\n Laurent Vivier ,\n Gabriel Brookman , Helge Deller ,\n Pierrick Bouvier ,\n Pierrick Bouvier ","X-Mailer":"b4 0.15.2","X-Developer-Signature":"v=1; a=ed25519-sha256; t=1777909867; l=5087;\n i=brookmangabriel@gmail.com; s=20251009; h=from:subject:message-id;\n bh=HMCENyYuzYOzcc9QE9JQvMCcTO5kh+qhX6EVpUZWlXw=;\n b=mQHiEfKFcAecsu5d/Vr2zsSJoPgIVb63ZtKogI6r+QxempCDNK7z4xnw8JRZOYkgskpTPqNnR\n 40Iqgb8TgFaB81NQOXKDRlOOSKZiJWBMqNL+KlTgT1YqZCZZdxI9UVw","X-Developer-Key":"i=brookmangabriel@gmail.com; a=ed25519;\n pk=m9TtPDal6WzoHNnQiHHKf8dTrv3DUCPUUTujuo8vNrw=","Received-SPF":"pass client-ip=2607:f8b0:4864:20::831;\n envelope-from=brookmangabriel@gmail.com; helo=mail-qt1-x831.google.com","X-Spam_score_int":"-10","X-Spam_score":"-1.1","X-Spam_bar":"-","X-Spam_report":"(-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_GMAIL_RCVD=1,\n FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=no autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"Virtual address canonicity checks should ignore mismatch in tag bits\nduring translation step if MTX is set. This mismatch is checked during\nthe tag check instead, in that case.\n\nSigned-off-by: Gabriel Brookman \n---\n target/arm/helper.c | 6 +++++-\n target/arm/internals.h | 1 +\n target/arm/ptw.c | 29 ++++++++++++++++++++++++++---\n 3 files changed, 32 insertions(+), 4 deletions(-)","diff":"diff --git a/target/arm/helper.c b/target/arm/helper.c\nindex 18352bd186..0e70822d34 100644\n--- a/target/arm/helper.c\n+++ b/target/arm/helper.c\n@@ -9693,7 +9693,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,\n {\n uint64_t tcr = regime_tcr(env, mmu_idx);\n bool epd, hpd, tsz_oob, ds, ha, hd, pie = false;\n- bool aie = false;\n+ bool mtx, aie = false;\n int select, tsz, tbi, max_tsz, min_tsz, ps, sh;\n ARMGranuleSize gran;\n ARMCPU *cpu = env_archcpu(env);\n@@ -9730,6 +9730,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,\n ha = extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu);\n hd = extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu);\n ds = extract64(tcr, 32, 1);\n+ mtx = extract64(tcr, 33, 1) && cpu_isar_feature(aa64_mte_mtx, cpu);\n } else {\n bool e0pd;\n \n@@ -9745,6 +9746,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,\n sh = extract32(tcr, 12, 2);\n hpd = extract64(tcr, 41, 1);\n e0pd = extract64(tcr, 55, 1);\n+ mtx = extract64(tcr, 60, 1) && cpu_isar_feature(aa64_mte_mtx, cpu);\n } else {\n tsz = extract32(tcr, 16, 6);\n gran = tg1_to_gran_size(extract32(tcr, 30, 2));\n@@ -9752,6 +9754,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,\n sh = extract32(tcr, 28, 2);\n hpd = extract64(tcr, 42, 1);\n e0pd = extract64(tcr, 56, 1);\n+ mtx = extract64(tcr, 61, 1) && cpu_isar_feature(aa64_mte_mtx, cpu);\n }\n ps = extract64(tcr, 32, 3);\n ha = extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu);\n@@ -9851,6 +9854,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,\n .gran = gran,\n .pie = pie,\n .aie = aie,\n+ .mtx = mtx,\n };\n }\n \ndiff --git a/target/arm/internals.h b/target/arm/internals.h\nindex 779eafabc8..d313d36603 100644\n--- a/target/arm/internals.h\n+++ b/target/arm/internals.h\n@@ -1407,6 +1407,7 @@ typedef struct ARMVAParameters {\n ARMGranuleSize gran : 2;\n bool pie : 1;\n bool aie : 1;\n+ bool mtx : 1;\n } ARMVAParameters;\n \n /**\ndiff --git a/target/arm/ptw.c b/target/arm/ptw.c\nindex 4fdb27697d..4fa50d0320 100644\n--- a/target/arm/ptw.c\n+++ b/target/arm/ptw.c\n@@ -1931,7 +1931,17 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,\n * validation to do here.\n */\n if (inputsize < addrsize) {\n- uint64_t top_bits = sextract64(address, inputsize,\n+ /*\n+ * If MTX is enabled, bits 56-59 aren't checked for canonicity\n+ * during translation, since they will later be checked during\n+ * the tag check step.\n+ */\n+ uint64_t top_bits;\n+ uint64_t masked_address = address;\n+ if (param.mtx) {\n+ masked_address = deposit64(address, 56, 4, param.select * 0xf);\n+ }\n+ top_bits = sextract64(masked_address, inputsize,\n addrsize - inputsize);\n if (-top_bits != param.select) {\n /* The gap between the two regions is a Translation fault */\n@@ -3492,15 +3502,28 @@ static bool get_phys_addr_disabled(CPUARMState *env,\n if (arm_el_is_aa64(env, r_el)) {\n int pamax = arm_pamax(env_archcpu(env));\n uint64_t tcr = env->cp15.tcr_el[r_el];\n- int addrtop, tbi;\n+ int addrtop, tbi, mtx;\n+ bool bit55;\n \n tbi = aa64_va_parameter_tbi(tcr, mmu_idx);\n+ mtx = aa64_va_parameter_mtx(tcr, mmu_idx);\n if (access_type == MMU_INST_FETCH) {\n tbi &= ~aa64_va_parameter_tbid(tcr, mmu_idx);\n }\n- tbi = (tbi >> extract64(address, 55, 1)) & 1;\n+ bit55 = extract64(address, 55, 1);\n+ tbi = (tbi >> bit55) & 1;\n+ mtx = (mtx >> bit55) & 1;\n addrtop = (tbi ? 55 : 63);\n \n+ /*\n+ * With MTX enabled, bits 56-59 are not checked according to\n+ * AArch64.S1DisabledOutput.\n+ */\n+ if (cpu_isar_feature(aa64_mte_mtx, env_archcpu(env)) && mtx &&\n+ access_type != MMU_INST_FETCH) {\n+ address = deposit64(address, 56, 4, bit55 * 0xF);\n+ }\n+\n if (extract64(address, pamax, addrtop - pamax + 1) != 0) {\n fi->type = ARMFault_AddressSize;\n fi->level = 0;\n","prefixes":["v5","11/15"]}