* [PATCH] target/arm: Fix mte page crossing test
@ 2021-06-12 19:57 Richard Henderson
2021-06-15 9:20 ` Peter Maydell
0 siblings, 1 reply; 2+ messages in thread
From: Richard Henderson @ 2021-06-12 19:57 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Peter Collingbourne
The test was off-by-one, because tag_last points to the
last byte of the tag to check, thus tag_last - prev_page
will equal TARGET_PAGE_SIZE when we use the first byte
of the next page.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/403
Reported-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/arm/mte_helper.c | 2 +-
tests/tcg/aarch64/mte-7.c | 31 +++++++++++++++++++++++++++++++
tests/tcg/aarch64/Makefile.target | 2 +-
3 files changed, 33 insertions(+), 2 deletions(-)
create mode 100644 tests/tcg/aarch64/mte-7.c
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 166b9d260f..9e615cc513 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -730,7 +730,7 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,
prev_page = ptr & TARGET_PAGE_MASK;
next_page = prev_page + TARGET_PAGE_SIZE;
- if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) {
+ if (likely(tag_last - prev_page < TARGET_PAGE_SIZE)) {
/* Memory access stays on one page. */
tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;
mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,
diff --git a/tests/tcg/aarch64/mte-7.c b/tests/tcg/aarch64/mte-7.c
new file mode 100644
index 0000000000..a981de62d4
--- /dev/null
+++ b/tests/tcg/aarch64/mte-7.c
@@ -0,0 +1,31 @@
+/*
+ * Memory tagging, unaligned access crossing pages.
+ * https://gitlab.com/qemu-project/qemu/-/issues/403
+ *
+ * Copyright (c) 2021 Linaro Ltd
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "mte.h"
+
+int main(int ac, char **av)
+{
+ void *p;
+
+ enable_mte(PR_MTE_TCF_SYNC);
+ p = alloc_mte_mem(2 * 0x1000);
+
+ /* Tag the pointer. */
+ p = (void *)((unsigned long)p | (1ul << 56));
+
+ /* Store tag in sequential granules. */
+ asm("stg %0, [%0]" : : "r"(p + 0x0ff0));
+ asm("stg %0, [%0]" : : "r"(p + 0x1000));
+
+ /*
+ * Perform an unaligned store with tag 1 crossing the pages.
+ * Failure dies with SIGSEGV.
+ */
+ asm("str %0, [%0]" : : "r"(p + 0x0ffc));
+ return 0;
+}
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index 928357b10a..2c05c90d17 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -37,7 +37,7 @@ AARCH64_TESTS += bti-2
# MTE Tests
ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_MTE),)
-AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6
+AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7
mte-%: CFLAGS += -march=armv8.5-a+memtag
endif
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] target/arm: Fix mte page crossing test
2021-06-12 19:57 [PATCH] target/arm: Fix mte page crossing test Richard Henderson
@ 2021-06-15 9:20 ` Peter Maydell
0 siblings, 0 replies; 2+ messages in thread
From: Peter Maydell @ 2021-06-15 9:20 UTC (permalink / raw)
To: Richard Henderson; +Cc: Peter Collingbourne, QEMU Developers
On Sat, 12 Jun 2021 at 20:57, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The test was off-by-one, because tag_last points to the
> last byte of the tag to check, thus tag_last - prev_page
> will equal TARGET_PAGE_SIZE when we use the first byte
> of the next page.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/403
> Reported-by: Peter Collingbourne <pcc@google.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Applied to target-arm.next, thanks.
-- PMM
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-15 9:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-12 19:57 [PATCH] target/arm: Fix mte page crossing test Richard Henderson
2021-06-15 9:20 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.