From: Gabriel Brookman <brookmangabriel@gmail.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Gustavo Romero <gustavo.romero@linaro.org>,
Richard Henderson <richard.henderson@linaro.org>,
qemu-arm@nongnu.org, Laurent Vivier <laurent@vivier.eu>,
Pierrick Bouvier <pierrick.bouvier@linaro.org>,
Gabriel Brookman <brookmangabriel@gmail.com>
Subject: [PATCH v4 03/13] target/arm: mte_check unemitted on STORE_ONLY load
Date: Mon, 09 Mar 2026 17:59:35 -0400 [thread overview]
Message-ID: <20260309-feat-mte4-v4-3-daaf0375620d@gmail.com> (raw)
In-Reply-To: <20260309-feat-mte4-v4-0-daaf0375620d@gmail.com>
This feature disables generation of the mte check helper on loads when
STORE_ONLY tag checking mode is enabled.
Signed-off-by: Gabriel Brookman <brookmangabriel@gmail.com>
---
target/arm/cpu.h | 2 ++
target/arm/tcg/hflags.c | 12 ++++++++++++
target/arm/tcg/translate-a64.c | 8 ++++++--
target/arm/tcg/translate.h | 2 ++
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 677ac18f6f..7911912c3e 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2525,6 +2525,8 @@ FIELD(TBFLAG_A64, ZT0EXC_EL, 39, 2)
FIELD(TBFLAG_A64, GCS_EN, 41, 1)
FIELD(TBFLAG_A64, GCS_RVCEN, 42, 1)
FIELD(TBFLAG_A64, GCSSTR_EL, 43, 2)
+FIELD(TBFLAG_A64, MTE_STORE_ONLY, 45, 1)
+FIELD(TBFLAG_A64, MTE0_STORE_ONLY, 46, 1)
/*
* Helpers for using the above. Note that only the A64 accessors use
diff --git a/target/arm/tcg/hflags.c b/target/arm/tcg/hflags.c
index 7e6f8d3647..75c55b1a6d 100644
--- a/target/arm/tcg/hflags.c
+++ b/target/arm/tcg/hflags.c
@@ -423,6 +423,15 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
*/
DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1);
}
+ /*
+ * Repeat for MTE_STORE_ONLY
+ */
+ if ((el == 0 ? SCTLR_TCSO0 : SCTLR_TCSO) & sctlr) {
+ DP_TBFLAG_A64(flags, MTE_STORE_ONLY, 1);
+ if (!EX_TBFLAG_A64(flags, UNPRIV)) {
+ DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1);
+ }
+ }
}
}
/* And again for unprivileged accesses, if required. */
@@ -432,6 +441,9 @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
&& (sctlr & SCTLR_TCF0)
&& allocation_tag_access_enabled(env, 0, sctlr)) {
DP_TBFLAG_A64(flags, MTE0_ACTIVE, 1);
+ if (SCTLR_TCSO0 & sctlr) {
+ DP_TBFLAG_A64(flags, MTE0_STORE_ONLY, 1);
+ }
}
/*
* For unpriv tag-setting accesses we also need ATA0. Again, in
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 5d261a5e32..874174a15b 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -301,7 +301,8 @@ static TCGv_i64 gen_mte_check1_mmuidx(DisasContext *s, TCGv_i64 addr,
MemOp memop, bool is_unpriv,
int core_idx)
{
- if (tag_checked && s->mte_active[is_unpriv]) {
+ if (tag_checked && s->mte_active[is_unpriv] &&
+ (is_write || !s->mte_store_only[is_unpriv])) {
TCGv_i64 ret;
int desc = 0;
@@ -333,7 +334,8 @@ TCGv_i64 gen_mte_check1(DisasContext *s, TCGv_i64 addr, bool is_write,
TCGv_i64 gen_mte_checkN(DisasContext *s, TCGv_i64 addr, bool is_write,
bool tag_checked, int total_size, MemOp single_mop)
{
- if (tag_checked && s->mte_active[0]) {
+ if (tag_checked && s->mte_active[0] &&
+ (is_write || !s->mte_store_only[0])) {
TCGv_i64 ret;
int desc = 0;
@@ -10696,6 +10698,8 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
dc->ata[1] = EX_TBFLAG_A64(tb_flags, ATA0);
dc->mte_active[0] = EX_TBFLAG_A64(tb_flags, MTE_ACTIVE);
dc->mte_active[1] = EX_TBFLAG_A64(tb_flags, MTE0_ACTIVE);
+ dc->mte_store_only[0] = EX_TBFLAG_A64(tb_flags, MTE_STORE_ONLY);
+ dc->mte_store_only[1] = EX_TBFLAG_A64(tb_flags, MTE0_STORE_ONLY);
dc->pstate_sm = EX_TBFLAG_A64(tb_flags, PSTATE_SM);
dc->pstate_za = EX_TBFLAG_A64(tb_flags, PSTATE_ZA);
dc->sme_trap_nonstreaming = EX_TBFLAG_A64(tb_flags, SME_TRAP_NONSTREAMING);
diff --git a/target/arm/tcg/translate.h b/target/arm/tcg/translate.h
index 3e3094a463..74143161f4 100644
--- a/target/arm/tcg/translate.h
+++ b/target/arm/tcg/translate.h
@@ -140,6 +140,8 @@ typedef struct DisasContext {
bool ata[2];
/* True if v8.5-MTE tag checks affect the PE; index with is_unpriv. */
bool mte_active[2];
+ /* True if v8.5-MTE tag checks disabled for reads; index with is_unpriv. */
+ bool mte_store_only[2];
/* True with v8.5-BTI and SCTLR_ELx.BT* set. */
bool bt;
/* True if any CP15 access is trapped by HSTR_EL2 */
--
2.52.0
next prev parent reply other threads:[~2026-03-09 22:02 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 21:59 [PATCH v4 00/13] target/arm: add support for MTE4 Gabriel Brookman
2026-03-09 21:59 ` [PATCH v4 01/13] target/arm: implement MTE_PERM Gabriel Brookman
2026-04-04 23:17 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 02/13] target/arm: add TCSO bitmasks to SCTLR Gabriel Brookman
2026-04-04 23:27 ` Richard Henderson
2026-03-09 21:59 ` Gabriel Brookman [this message]
2026-04-04 23:37 ` [PATCH v4 03/13] target/arm: mte_check unemitted on STORE_ONLY load Richard Henderson
2026-03-09 21:59 ` [PATCH v4 04/13] linux-user: add MTE_STORE_ONLY to prctl Gabriel Brookman
2026-04-04 23:39 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 05/13] target/arm: tag check emitted when MTX and not TBI Gabriel Brookman
2026-04-05 0:31 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 06/13] target/arm: add canonical tag check logic Gabriel Brookman
2026-04-05 21:46 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 07/13] target/arm: ldg on canonical tag loads the tag Gabriel Brookman
2026-04-05 22:20 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 08/13] target/arm: storing to canonical tag faults Gabriel Brookman
2026-04-05 22:37 ` Richard Henderson
2026-03-09 21:59 ` [PATCH v4 09/13] target/arm: with MTX, no tag bit bounds check Gabriel Brookman
2026-03-09 21:59 ` [PATCH v4 10/13] target/arm: with MTX, tag is not a part of PAuth Gabriel Brookman
2026-03-09 21:59 ` [PATCH v4 11/13] docs: add MTE4 features to docs Gabriel Brookman
2026-03-09 21:59 ` [PATCH v4 12/13] tests/tcg: add test for MTE FAR Gabriel Brookman
2026-03-09 21:59 ` [PATCH v4 13/13] tests/tcg: add test for MTE_STORE_ONLY Gabriel Brookman
2026-04-04 1:20 ` [PATCH v4 00/13] target/arm: add support for MTE4 Gabriel Brookman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260309-feat-mte4-v4-3-daaf0375620d@gmail.com \
--to=brookmangabriel@gmail.com \
--cc=gustavo.romero@linaro.org \
--cc=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.