[PATCH RFC 0/5] target/arm: add support for MTE4

[Gabriel Brookman <brookmangabriel@gmail.com>]

This patch, when complete, will implement ARM's Enhanced Memory
Tagging Extension (MTE4). MTE4 guarantees the presence of several
subfeatures: FEAT_MTE_CANONICAL_TAGS, FEAT_MTE_TAGGED_FAR,
FEAT_MTE_STORE_ONLY, FEAT_MTE_NO_ADDRESS_TAGS, and FEAT_MTE_PERM,
none of which are currently implemented in QEMU.

According to the ARM ARM, the presence of any of these features (except
FEAT_MTE_PERM) implies the presence of all the others. For simplicity  
and ease of review, I plan to introduce them one at a time. This patch
handles FEAT_MTE_TAGGED_FAR and FEAT_MTE_STORE_ONLY, with the plan to
introduce FEAT_MTE_CANONICAL_TAGS, FEAT_MTE_NO_ADDRESS_TAGS, and
FEAT_MTE_PERM in later versions of the patch, although I'm submitting
in pieces for ease of review.

FEAT_MTE_TAGGED_FAR guarantees that the full fault address (including
tag bits) is reported after a SEGV_MTESERR, and exposes itself in the
ID_AA64PFR2_EL1 register. QEMU already reports the full address in this
case, so this change only advertises the feature by setting the
appropriate field in ID_AA64PFR2_EL1. My previous version also unset
the feature when MTE was disabled, but looking at the way that similar
features (e.g. MTE_ASYNC) are not unset in this case, I changed my
design to be consistent with them.

FEAT_MTE_STORE_ONLY, when enabled, skips tag checks for memory reads (it
keeps them for writes). I implemented this by creating a helper that
reads the appropriate control registers to determine whether or not this
feature is enabled, and introduced a conditional at the start of
mte_check that skips the check if it's a read and if the feature is
enabled. The conditional only hinges on the contents of the control
register for this feature, not whether or not the feature is actually
implemented on the chosen cpu. I would appreciate feedback about whether
or not I should explicitly check for cpu implementation of this feature.

Testing:
- For FEAT_MTE_TAGGED_FAR, I wrote a test for this functionality that is
  now included as mte-9.c, as per Gustavo's suggestion.
- For FEAT_MTE_STORE_ONLY, I wrote a test for this functionality, but
  since the feature requires setting a SCTLR_EL1 bit to be enabled, I
  was only able to pass this test successfully after I manually set the
  bit in question. It's not clear to me how I should go about submitting
  this test, since I don't see a way to set this SCTLR_EL1 bit from
  within a user-mode test. Some guidance here would be useful.

Follow-up patches will implement the remaining MTE4 subfeatures listed
above.

Thanks,
Gabriel Brookman

Signed-off-by: Gabriel Brookman <brookmangabriel@gmail.com>
---
Gabriel Brookman (5):
      target/arm: explicitly disable MTE4 for max
      tests/tcg: added test for MTE FAR
      target/arm: add TCSO bitmasks to SCTLR
      target/arm: add FEAT_MTE_STORE_ONLY logic
      docs: added MTE4 features to docs

 docs/system/arm/emulation.rst     |  2 ++
 target/arm/cpu.h                  |  2 ++
 target/arm/helper.c               |  4 ++--
 target/arm/tcg/cpu64.c            |  8 +++++++
 target/arm/tcg/mte_helper.c       | 22 ++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  2 +-
 tests/tcg/aarch64/mte-9.c         | 48 +++++++++++++++++++++++++++++++++++++++
 7 files changed, 85 insertions(+), 3 deletions(-)
---
base-commit: 593aee5df98b4a862ff8841a57ea3dbf22131a5f
change-id: 20251109-feat-mte4-6740a6202e83

Best regards,
-- 
Gabriel Brookman <brookmangabriel@gmail.com>