[PATCH for-5.1 0/3] target/arm: MTE improvements

[PATCH for-5.1 0/3] target/arm: MTE improvements

[Richard Henderson]

Since MTE is new, and guest support for MTE is still under
development, let's disable it by default.

Peter mentioned memory hotplug on IRC as something that
would break MTE's assumptions.  By putting the enable flag
on the machine it's much easier to control.

For 5.1, we won't have kvm support, so error for that combo.


r~


Richard Henderson (3):
  hw/arm/virt: Enable MTE via a machine property
  hw/arm/virt: Error for MTE enabled with KVM
  hw/arm/virt: Disable memory hotplug when MTE is enabled

 include/hw/arm/virt.h |  1 +
 hw/arm/virt.c         | 50 ++++++++++++++++++++++++++++++++++++++-----
 target/arm/cpu.c      | 19 +++++++++-------
 target/arm/cpu64.c    |  5 +++--
 4 files changed, 60 insertions(+), 15 deletions(-)

-- 
2.25.1

[PATCH 1/3] hw/arm/virt: Enable MTE via a machine property

[Richard Henderson]

Control this cpu feature via a machine property, much as we do
with secure=on, since both require specialized support in the
machine setup to be functional.

Default MTE to off, since this feature implies extra overhead.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/arm/virt.h |  1 +
 hw/arm/virt.c         | 39 ++++++++++++++++++++++++++++++++++-----
 target/arm/cpu.c      | 19 +++++++++++--------
 target/arm/cpu64.c    |  5 +++--
 4 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 54bcf17afd..dff67e1bef 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -140,6 +140,7 @@ typedef struct {
     bool its;
     bool virt;
     bool ras;
+    bool mte;
     OnOffAuto acpi;
     VirtGICType gic_version;
     VirtIOMMUType iommu;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9005dae356..5866c4ce20 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1837,12 +1837,19 @@ static void machvirt_init(MachineState *machine)
                                      OBJECT(secure_sysmem), &error_abort);
         }
 
-        /*
-         * The cpu adds the property if and only if MemTag is supported.
-         * If it is, we must allocate the ram to back that up.
-         */
-        if (object_property_find(cpuobj, "tag-memory", NULL)) {
+        if (vms->mte) {
+            /* Create the memory region only once, but link to all cpus. */
             if (!tag_sysmem) {
+                /*
+                 * The property exists only if MemTag is supported.
+                 * If it is, we must allocate the ram to back that up.
+                 */
+                if (!object_property_find(cpuobj, "tag-memory", NULL)) {
+                    error_report("MTE requested, but not supported "
+                                 "by the guest CPU");
+                    exit(1);
+                }
+
                 tag_sysmem = g_new(MemoryRegion, 1);
                 memory_region_init(tag_sysmem, OBJECT(machine),
                                    "tag-memory", UINT64_MAX / 32);
@@ -2061,6 +2068,20 @@ static void virt_set_ras(Object *obj, bool value, Error **errp)
     vms->ras = value;
 }
 
+static bool virt_get_mte(Object *obj, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    return vms->mte;
+}
+
+static void virt_set_mte(Object *obj, bool value, Error **errp)
+{
+    VirtMachineState *vms = VIRT_MACHINE(obj);
+
+    vms->mte = value;
+}
+
 static char *virt_get_gic_version(Object *obj, Error **errp)
 {
     VirtMachineState *vms = VIRT_MACHINE(obj);
@@ -2481,6 +2502,14 @@ static void virt_instance_init(Object *obj)
                                     "Set on/off to enable/disable reporting host memory errors "
                                     "to a KVM guest using ACPI and guest external abort exceptions");
 
+    /* MTE is disabled by default.  */
+    vms->mte = false;
+    object_property_add_bool(obj, "mte", virt_get_mte, virt_set_mte);
+    object_property_set_description(obj, "mte",
+                                    "Set on/off to enable/disable emulating a "
+                                    "guest CPU which implements the ARM "
+                                    "Memory Tagging Extension");
+
     vms->irqmap = a15irqmap;
 
     virt_flash_create(vms);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 5050e1843a..111579554f 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1698,6 +1698,17 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
         cpu->id_pfr1 &= ~0xf000;
     }
 
+#ifndef CONFIG_USER_ONLY
+    if (cpu->tag_memory == NULL && cpu_isar_feature(aa64_mte, cpu)) {
+        /*
+         * Disable the MTE feature bits if we do not have tag-memory
+         * provided by the machine.
+         */
+        cpu->isar.id_aa64pfr1 =
+            FIELD_DP64(cpu->isar.id_aa64pfr1, ID_AA64PFR1, MTE, 0);
+    }
+#endif
+
     /* MPU can be configured out of a PMSA CPU either by setting has-mpu
      * to false or by setting pmsav7-dregion to 0.
      */
@@ -1787,14 +1798,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
             cpu_address_space_init(cs, ARMASIdx_TagS, "cpu-tag-memory",
                                    cpu->secure_tag_memory);
         }
-    } else if (cpu_isar_feature(aa64_mte, cpu)) {
-        /*
-         * Since there is no tag memory, we can't meaningfully support MTE
-         * to its fullest.  To avoid problems later, when we would come to
-         * use the tag memory, downgrade support to insns only.
-         */
-        cpu->isar.id_aa64pfr1 =
-            FIELD_DP64(cpu->isar.id_aa64pfr1, ID_AA64PFR1, MTE, 1);
     }
 
     cpu_address_space_init(cs, ARMASIdx_NS, "cpu-memory", cs->memory);
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 15494002d2..dd696183df 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -646,8 +646,9 @@ static void aarch64_max_initfn(Object *obj)
         t = cpu->isar.id_aa64pfr1;
         t = FIELD_DP64(t, ID_AA64PFR1, BT, 1);
         /*
-         * Begin with full support for MTE; will be downgraded to MTE=1
-         * during realize if the board provides no tag memory.
+         * Begin with full support for MTE. This will be downgraded to MTE=0
+         * during realize if the board provides no tag memory, much like
+         * we do for EL2 with the virtualization=on property.
          */
         t = FIELD_DP64(t, ID_AA64PFR1, MTE, 2);
         cpu->isar.id_aa64pfr1 = t;
-- 
2.25.1

[PATCH 2/3] hw/arm/virt: Error for MTE enabled with KVM

[Richard Henderson]

While we expect KVM to support MTE at some future point,
it certainly won't be ready in time for qemu 5.1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/arm/virt.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 5866c4ce20..a7f3d442db 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1773,6 +1773,12 @@ static void machvirt_init(MachineState *machine)
         exit(1);
     }
 
+    if (vms->mte && kvm_enabled()) {
+        error_report("mach-virt: KVM does not support providing "
+                     "MTE to the guest CPU");
+        exit(1);
+    }
+
     create_fdt(vms);
 
     possible_cpus = mc->possible_cpu_arch_ids(machine);
-- 
2.25.1

[PATCH 3/3] hw/arm/virt: Disable memory hotplug when MTE is enabled

[Richard Henderson]

When MTE is enabled, tag memory must exist for all RAM.

It might be possible to simultaneously hot plug tag memory
alongside the corresponding normal memory, but for now just
disable hotplug.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/arm/virt.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a7f3d442db..ecfee362a1 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2194,6 +2194,11 @@ static void virt_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
         return;
     }
 
+    if (vms->mte) {
+        error_setg(errp, "memory hotplug is not enabled: MTE is enabled");
+        return;
+    }
+
     if (is_nvdimm && !ms->nvdimms_state->is_enabled) {
         error_setg(errp, "nvdimm is not enabled: add 'nvdimm=on' to '-M'");
         return;
-- 
2.25.1

Re: [PATCH for-5.1 0/3] target/arm: MTE improvements

[Peter Maydell]

On Mon, 13 Jul 2020 at 22:33, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Since MTE is new, and guest support for MTE is still under
> development, let's disable it by default.
>
> Peter mentioned memory hotplug on IRC as something that
> would break MTE's assumptions.  By putting the enable flag
> on the machine it's much easier to control.
>
> For 5.1, we won't have kvm support, so error for that combo.

Applied to target-arm.next for 5.1, thanks.

-- PMM