Revert "arm/kvm: add support for MTE"

pm215 · rth7680 · commit d009607d08d2 · 2023-05-19T08:01:15.000-07:00
This reverts commit b320e21, which accidentally broke TCG, because it made the TCG -cpu max report the presence of MTE to the guest even if the board hadn't enabled MTE by wiring up the tag RAM. This meant that if the guest then tried to use MTE QEMU would segfault accessing the non-existent tag RAM: ==346473==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address (pc 0x55f328952a4a bp 0x00000213a400 sp 0x7f7871859b80 T346476) ==346473==The signal is caused by a READ memory access. ==346473==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x55f328952a4a in address_space_to_flatview /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/exec/memory.h:1108:12 #1 0x55f328952a4a in address_space_translate /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/exec/memory.h:2797:31 qemu#2 0x55f328952a4a in allocation_tag_mem /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-clang/../../target/arm/tcg/mte_helper.c:176:10 qemu#3 0x55f32895366c in helper_stgm /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-clang/../../target/arm/tcg/mte_helper.c:461:15 qemu#4 0x7f782431a293 (<unknown module>) It's also not clear that the KVM logic is correct either: MTE defaults to on there, rather than being only on if the board wants it on. Revert the whole commit for now so we can sort out the issues. (We didn't catch this in CI because we have no test cases in avocado that use guests with MTE support.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20230519145808.348701-1-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
@@ -2146,7 +2146,7 @@ static void machvirt_init(MachineState *machine)
         exit(1);
     }
 
-    if (vms->mte && hvf_enabled()) {
+    if (vms->mte && (kvm_enabled() || hvf_enabled())) {
         error_report("mach-virt: %s does not support providing "
                      "MTE to the guest CPU",
                      current_accel_name());
@@ -2216,48 +2216,39 @@ static void machvirt_init(MachineState *machine)
         }
 
         if (vms->mte) {
-            if (tcg_enabled()) {
-                /* Create the memory region only once, but link to all cpus. */
-                if (!tag_sysmem) {
-                    /*
-                     * The property exists only if MemTag is supported.
-                     * If it is, we must allocate the ram to back that up.
-                     */
-                    if (!object_property_find(cpuobj, "tag-memory")) {
-                        error_report("MTE requested, but not supported "
-                                     "by the guest CPU");
-                        exit(1);
-                    }
-
-                    tag_sysmem = g_new(MemoryRegion, 1);
-                    memory_region_init(tag_sysmem, OBJECT(machine),
-                                       "tag-memory", UINT64_MAX / 32);
-
-                    if (vms->secure) {
-                        secure_tag_sysmem = g_new(MemoryRegion, 1);
-                        memory_region_init(secure_tag_sysmem, OBJECT(machine),
-                                           "secure-tag-memory",
-                                           UINT64_MAX / 32);
-
-                        /* As with ram, secure-tag takes precedence over tag. */
-                        memory_region_add_subregion_overlap(secure_tag_sysmem,
-                                                            0, tag_sysmem, -1);
-                    }
+            /* Create the memory region only once, but link to all cpus. */
+            if (!tag_sysmem) {
+                /*
+                 * The property exists only if MemTag is supported.
+                 * If it is, we must allocate the ram to back that up.
+                 */
+                if (!object_property_find(cpuobj, "tag-memory")) {
+                    error_report("MTE requested, but not supported "
+                                 "by the guest CPU");
+                    exit(1);
                 }
 
-                object_property_set_link(cpuobj, "tag-memory",
-                                         OBJECT(tag_sysmem), &error_abort);
+                tag_sysmem = g_new(MemoryRegion, 1);
+                memory_region_init(tag_sysmem, OBJECT(machine),
+                                   "tag-memory", UINT64_MAX / 32);
+
                 if (vms->secure) {
-                    object_property_set_link(cpuobj, "secure-tag-memory",
-                                             OBJECT(secure_tag_sysmem),
-                                             &error_abort);
-                }
-            } else if (kvm_enabled()) {
-                if (!kvm_arm_mte_supported()) {
-                    error_report("MTE requested, but not supported by KVM");
-                    exit(1);
+                    secure_tag_sysmem = g_new(MemoryRegion, 1);
+                    memory_region_init(secure_tag_sysmem, OBJECT(machine),
+                                       "secure-tag-memory", UINT64_MAX / 32);
+
+                    /* As with ram, secure-tag takes precedence over tag.  */
+                    memory_region_add_subregion_overlap(secure_tag_sysmem, 0,
+                                                        tag_sysmem, -1);
                 }
-                kvm_arm_enable_mte(cpuobj, &error_abort);
+            }
+
+            object_property_set_link(cpuobj, "tag-memory", OBJECT(tag_sysmem),
+                                     &error_abort);
+            if (vms->secure) {
+                object_property_set_link(cpuobj, "secure-tag-memory",
+                                         OBJECT(secure_tag_sysmem),
+                                         &error_abort);
             }
         }
 
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
@@ -1480,7 +1480,6 @@ void arm_cpu_post_init(Object *obj)
                                      qdev_prop_allow_set_link_before_realize,
                                      OBJ_PROP_LINK_STRONG);
         }
-        cpu->has_mte = true;
     }
 #endif
 }
@@ -1617,7 +1616,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
         }
         if (cpu->tag_memory) {
             error_setg(errp,
-                       "Cannot enable %s when guest CPUs has tag memory enabled",
+                       "Cannot enable %s when guest CPUs has MTE enabled",
                        current_accel_name());
             return;
         }
@@ -1997,10 +1996,10 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
     }
 
 #ifndef CONFIG_USER_ONLY
-    if (!cpu->has_mte && cpu_isar_feature(aa64_mte, cpu)) {
+    if (cpu->tag_memory == NULL && cpu_isar_feature(aa64_mte, cpu)) {
         /*
-         * Disable the MTE feature bits if we do not have the feature
-         * setup by the machine.
+         * Disable the MTE feature bits if we do not have tag-memory
+         * provided by the machine.
          */
         cpu->isar.id_aa64pfr1 =
             FIELD_DP64(cpu->isar.id_aa64pfr1, ID_AA64PFR1, MTE, 0);
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
@@ -935,9 +935,6 @@ struct ArchCPU {
      */
     uint32_t psci_conduit;
 
-    /* CPU has Memory Tag Extension */
-    bool has_mte;
-
     /* For v8M, initial value of the Secure VTOR */
     uint32_t init_svtor;
     /* For v8M, initial value of the Non-secure VTOR */
@@ -1056,7 +1053,6 @@ struct ArchCPU {
     bool prop_pauth;
     bool prop_pauth_impdef;
     bool prop_lpa2;
-    OnOffAuto prop_mte;
 
     /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
     uint32_t dcz_blocksize;
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
@@ -31,7 +31,6 @@
 #include "hw/boards.h"
 #include "hw/irq.h"
 #include "qemu/log.h"
-#include "migration/blocker.h"
 
 const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
     KVM_CAP_LAST_INFO
@@ -1065,37 +1064,3 @@ bool kvm_arch_cpu_check_are_resettable(void)
 void kvm_arch_accel_class_init(ObjectClass *oc)
 {
 }
-
-void kvm_arm_enable_mte(Object *cpuobj, Error **errp)
-{
-    static bool tried_to_enable;
-    static bool succeeded_to_enable;
-    Error *mte_migration_blocker = NULL;
-    int ret;
-
-    if (!tried_to_enable) {
-        /*
-         * MTE on KVM is enabled on a per-VM basis (and retrying doesn't make
-         * sense), and we only want a single migration blocker as well.
-         */
-        tried_to_enable = true;
-
-        ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_ARM_MTE, 0);
-        if (ret) {
-            error_setg_errno(errp, -ret, "Failed to enable KVM_CAP_ARM_MTE");
-            return;
-        }
-
-        /* TODO: add proper migration support with MTE enabled */
-        error_setg(&mte_migration_blocker,
-                   "Live migration disabled due to MTE enabled");
-        if (migrate_add_blocker(mte_migration_blocker, errp)) {
-            error_free(mte_migration_blocker);
-            return;
-        }
-        succeeded_to_enable = true;
-    }
-    if (succeeded_to_enable) {
-        object_property_set_bool(cpuobj, "has_mte", true, NULL);
-    }
-}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
@@ -756,11 +756,6 @@ bool kvm_arm_steal_time_supported(void)
     return kvm_check_extension(kvm_state, KVM_CAP_STEAL_TIME);
 }
 
-bool kvm_arm_mte_supported(void)
-{
-    return kvm_check_extension(kvm_state, KVM_CAP_ARM_MTE);
-}
-
 QEMU_BUILD_BUG_ON(KVM_ARM64_SVE_VQ_MIN != 1);
 
 uint32_t kvm_arm_sve_get_vls(CPUState *cs)
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
@@ -313,13 +313,6 @@ bool kvm_arm_pmu_supported(void);
  */
 bool kvm_arm_sve_supported(void);
 
-/**
- * kvm_arm_mte_supported:
- *
- * Returns: true if KVM can enable MTE, and false otherwise.
- */
-bool kvm_arm_mte_supported(void);
-
 /**
  * kvm_arm_get_max_vm_ipa_size:
  * @ms: Machine state handle
@@ -384,8 +377,6 @@ void kvm_arm_pvtime_init(CPUState *cs, uint64_t ipa);
 
 int kvm_arm_set_irq(int cpu, int irqtype, int irq, int level);
 
-void kvm_arm_enable_mte(Object *cpuobj, Error **errp);
-
 #else
 
 /*
@@ -412,11 +403,6 @@ static inline bool kvm_arm_steal_time_supported(void)
     return false;
 }
 
-static inline bool kvm_arm_mte_supported(void)
-{
-    return false;
-}
-
 /*
  * These functions should never actually be called without KVM support.
  */
@@ -465,11 +451,6 @@ static inline uint32_t kvm_arm_sve_get_vls(CPUState *cs)
     g_assert_not_reached();
 }
 
-static inline void kvm_arm_enable_mte(Object *cpuobj, Error **errp)
-{
-    g_assert_not_reached();
-}
-
 #endif
 
 static inline const char *gic_class_name(void)

Original file line number	Diff line number	Diff line change
`@@ -1480,7 +1480,6 @@ void arm_cpu_post_init(Object *obj)`
`1480`	`1480`	`qdev_prop_allow_set_link_before_realize,`
`1481`	`1481`	`OBJ_PROP_LINK_STRONG);`
`1482`	`1482`	`}`
`1483`		`- cpu->has_mte = true;`
`1484`	`1483`	`}`
`1485`	`1484`	`#endif`
`1486`	`1485`	`}`
`@@ -1617,7 +1616,7 @@ static void arm_cpu_realizefn(DeviceState dev, Error *errp)`
`1617`	`1616`	`}`
`1618`	`1617`	`if (cpu->tag_memory) {`
`1619`	`1618`	`error_setg(errp,`
`1620`		`- "Cannot enable %s when guest CPUs has tag memory enabled",`
	`1619`	`+ "Cannot enable %s when guest CPUs has MTE enabled",`
`1621`	`1620`	`current_accel_name());`
`1622`	`1621`	`return;`
`1623`	`1622`	`}`
`@@ -1997,10 +1996,10 @@ static void arm_cpu_realizefn(DeviceState dev, Error *errp)`
`1997`	`1996`	`}`
`1998`	`1997`
`1999`	`1998`	`#ifndef CONFIG_USER_ONLY`
`2000`		`- if (!cpu->has_mte && cpu_isar_feature(aa64_mte, cpu)) {`
	`1999`	`+ if (cpu->tag_memory == NULL && cpu_isar_feature(aa64_mte, cpu)) {`
`2001`	`2000`	`/*`
`2002`		`- * Disable the MTE feature bits if we do not have the feature`
`2003`		`- * setup by the machine.`
	`2001`	`+ * Disable the MTE feature bits if we do not have tag-memory`
	`2002`	`+ * provided by the machine.`
`2004`	`2003`	`*/`
`2005`	`2004`	`cpu->isar.id_aa64pfr1 =`
`2006`	`2005`	`FIELD_DP64(cpu->isar.id_aa64pfr1, ID_AA64PFR1, MTE, 0);`