target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore

Split out gen_top_byte_ignore in preparation of handling these
data accesses; the new tbflags field is not yet honored.

Backports commit 4a9ee99db38ba513bf1e8f43665b79c60accd017 from qemu

qemu/target/arm/cpu.h

@@ -2999,6 +2999,7 @@ FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
 FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
 FIELD(TBFLAG_A64, BT, 9, 1)
 FIELD(TBFLAG_A64, BTYPE, 10, 2)
+FIELD(TBFLAG_A64, TBID, 12, 2)
 
 static inline bool bswap_code(bool sctlr_b)
 {

qemu/target/arm/helper.c

@@ -12872,6 +12872,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
             }
 
             flags = FIELD_DP32(flags, TBFLAG_A64, TBII, tbii);
+            flags = FIELD_DP32(flags, TBFLAG_A64, TBID, tbid);
         }
 #endif
 

qemu/target/arm/translate-a64.c

@@ -302,10 +302,10 @@ void gen_a64_set_pc_im(DisasContext *s, uint64_t val)
     tcg_gen_movi_i64(tcg_ctx, tcg_ctx->cpu_pc, val);
 }
 
-/* Load the PC from a generic TCG variable.
+/*
+ * Handle Top Byte Ignore (TBI) bits.
  *
- * If address tagging is enabled via the TCR TBI bits, then loading
+ * If address tagging is enabled via the TCR TBI bits:
- * an address into the PC will clear out any tag in it:
  *  + for EL2 and EL3 there is only one TBI bit, and if it is set
  *    then the address is zero-extended, clearing bits [63:56]
  *  + for EL0 and EL1, TBI0 controls addresses with bit 55 == 0
@@ -313,46 +313,47 @@ void gen_a64_set_pc_im(DisasContext *s, uint64_t val)
  *    If the appropriate TBI bit is set for the address then
  *    the address is sign-extended from bit 55 into bits [63:56]
  *
- * We can avoid doing this for relative-branches, because the
+ * Here We have concatenated TBI{1,0} into tbi.
- * PC + offset can never overflow into the tag bits (assuming
- * that virtual addresses are less than 56 bits wide, as they
- * are currently), but we must handle it for branch-to-register.
  */
+static void gen_top_byte_ignore(DisasContext *s, TCGv_i64 dst,
+                                TCGv_i64 src, int tbi)
+{
+    TCGContext *tcg_ctx = s->uc->tcg_ctx;
+    if (tbi == 0) {
+        /* Load unmodified address */
+        tcg_gen_mov_i64(tcg_ctx, dst, src);
+    } else if (s->current_el >= 2) {
+        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
+        /* Force tag byte to all zero */
+        tcg_gen_extract_i64(tcg_ctx, dst, src, 0, 56);
+    } else {
+        /* Sign-extend from bit 55.  */
+        tcg_gen_sextract_i64(tcg_ctx, dst, src, 0, 56);
+
+        if (tbi != 3) {
+            TCGv_i64 tcg_zero = tcg_const_i64(tcg_ctx, 0);
+
+            /*
+             * The two TBI bits differ.
+             * If tbi0, then !tbi1: only use the extension if positive.
+             * if !tbi0, then tbi1: only use the extension if negative.
+             */
+            tcg_gen_movcond_i64(tcg_ctx, tbi == 1 ? TCG_COND_GE : TCG_COND_LT,
+                                dst, dst, tcg_zero, dst, src);
+            tcg_temp_free_i64(tcg_ctx, tcg_zero);
+        }
+    }
+}
+
 static void gen_a64_set_pc(DisasContext *s, TCGv_i64 src)
 {
     TCGContext *tcg_ctx = s->uc->tcg_ctx;
-    /* Note that TBII is TBI1:TBI0.  */
-    int tbi = s->tbii;
 
-    if (s->current_el <= 1) {
+    /*
-        if (tbi != 0) {
+     * If address tagging is enabled for instructions via the TCR TBI bits,
-            /* Sign-extend from bit 55.  */
+     * then loading an address into the PC will clear out any tag.
-            tcg_gen_sextract_i64(tcg_ctx, tcg_ctx->cpu_pc, src, 0, 56);
+     */
-
+    gen_top_byte_ignore(s, tcg_ctx->cpu_pc, src, s->tbii);
-            if (tbi != 3) {
-                TCGv_i64 tcg_zero = tcg_const_i64(tcg_ctx, 0);
-
-                /*
-                 * The two TBI bits differ.
-                 * If tbi0, then !tbi1: only use the extension if positive.
-                 * if !tbi0, then tbi1: only use the extension if negative.
-                 */
-                tcg_gen_movcond_i64(tcg_ctx, tbi == 1 ? TCG_COND_GE : TCG_COND_LT,
-                                    tcg_ctx->cpu_pc, tcg_ctx->cpu_pc, tcg_zero, tcg_ctx->cpu_pc, src);
-                tcg_temp_free_i64(tcg_ctx, tcg_zero);
-            }
-            return;
-        }
-    } else {
-        if (tbi != 0) {
-            /* Force tag byte to all zero */
-            tcg_gen_extract_i64(tcg_ctx, tcg_ctx->cpu_pc, src, 0, 56);
-            return;
-        }
-    }
-
-    /* Load unmodified address */
-    tcg_gen_mov_i64(tcg_ctx, tcg_ctx->cpu_pc, src);
 }
 
 typedef struct DisasCompare64 {
@@ -14210,6 +14211,7 @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
     dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
     dc->tbii = FIELD_EX32(tb_flags, TBFLAG_A64, TBII);
+    dc->tbid = FIELD_EX32(tb_flags, TBFLAG_A64, TBID);
     dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
 #if !defined(CONFIG_USER_ONLY)
     dc->user = (dc->current_el == 0);

qemu/target/arm/translate.h

@@ -25,7 +25,8 @@ typedef struct DisasContext {
     int user;
 #endif
     ARMMMUIdx mmu_idx; /* MMU index to use for normal loads/stores */
-    uint8_t tbii;      /* TBI1|TBI0 for EL0/1 or TBI for EL2/3 */
+    uint8_t tbii;      /* TBI1|TBI0 for insns */
+    uint8_t tbid;      /* TBI1|TBI0 for data */
     bool ns;        /* Use non-secure CPREG bank on access */
     int fp_excp_el; /* FP exception EL or 0 if enabled */
     int sve_excp_el; /* SVE exception EL or 0 if enabled */