On 2/19/21 12:18 PM, Peter Collingbourne wrote:
> Section D6.7 of the ARM ARM states:
>
> For the purpose of determining Tag Check Fault handling, unprivileged
> load and store instructions are treated as if executed at EL0 when
> executed at either:
> - EL1, when the Effective value of PSTATE.UAO is 0.
> - EL2, when both the Effective value of HCR_EL2.{E2H, TGE} is {1, 1}
> and the Effective value of PSTATE.UAO is 0.
>
> ARM has confirmed a defect in the pseudocode function
> AArch64.TagCheckFault that makes it inconsistent with the above
> wording. The remedy is to adjust references to PSTATE.EL in that
> function to instead refer to AArch64.AccessUsesEL(acctype), so
> that unprivileged instructions use SCTLR_EL1.TCF0 and TFSRE0_EL1.
> The exception type for synchronous tag check faults remains unchanged.
>
> This patch implements the described change by partially reverting
> commits 50244cc76abc and cc97b0019bb5.
>
> Signed-off-by: Peter Collingbourne <p...@google.com>
> ---
> target/arm/helper.c | 2 +-
> target/arm/mte_helper.c | 13 +++++++++----
> 2 files changed, 10 insertions(+), 5 deletions(-)
Interesting. When the the 50244cc bug was reported, I had wondered if this
were intentional. The reversions, with the additional change to the el for the
syndrome, looks correct based on the described change to TagCheckFault.
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
r~
