ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

target/arm: Fix mte page crossing test 

The test was off-by-one, because tag_last points to the
last byte of the tag to check, thus tag_last - prev_page
will equal TARGET_PAGE_SIZE when we use the first byte
of the next page.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/403
Reported-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210612195707.840217-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Richard Henderson 2021-06-12 12:57:07 -07:00 committed by Peter Maydell
parent a25c84c7e0
commit d3327a38cd
3 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
target/arm/mte_helper.c
View File

@ -730,7 +730,7 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
prev_page = ptr & TARGET_PAGE_MASK; prev_page = ptr & TARGET_PAGE_MASK;
next_page = prev_page + TARGET_PAGE_SIZE; next_page = prev_page + TARGET_PAGE_SIZE;
if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) { if (likely(tag_last - prev_page < TARGET_PAGE_SIZE)) {
/* Memory access stays on one page. */ /* Memory access stays on one page. */
tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1; tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,

2
tests/tcg/aarch64/Makefile.target
View File

@ -37,7 +37,7 @@ AARCH64_TESTS += bti-2
# MTE Tests # MTE Tests
ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),) ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),)
AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7
mte-%: CFLAGS += -march=armv8.5-a+memtag mte-%: CFLAGS += -march=armv8.5-a+memtag
endif endif

31
tests/tcg/aarch64/mte-7.c Normal file
View File

@ -0,0 +1,31 @@
/*
* Memory tagging, unaligned access crossing pages.
* https://gitlab.com/qemu-project/qemu/-/issues/403
*
* Copyright (c) 2021 Linaro Ltd
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "mte.h"
int main(int ac, char **av)
{
void *p;
enable_mte(PR_MTE_TCF_SYNC);
p = alloc_mte_mem(2 * 0x1000);
/* Tag the pointer. */
p = (void *)((unsigned long)p | (1ul << 56));
/* Store tag in sequential granules. */
asm("stg %0, [%0]" : : "r"(p + 0x0ff0));
asm("stg %0, [%0]" : : "r"(p + 0x1000));
/*
* Perform an unaligned store with tag 1 crossing the pages.
* Failure dies with SIGSEGV.
*/
asm("str %0, [%0]" : : "r"(p + 0x0ffc));
return 0;
}