Richard Henderson d3327a38cd target/arm: Fix mte page crossing test
The test was off-by-one, because tag_last points to the
last byte of the tag to check, thus tag_last - prev_page
will equal TARGET_PAGE_SIZE when we use the first byte
of the next page.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/403
Reported-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210612195707.840217-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-06-16 14:33:51 +01:00

32 lines
713 B
C

/*
* Memory tagging, unaligned access crossing pages.
* https://gitlab.com/qemu-project/qemu/-/issues/403
*
* Copyright (c) 2021 Linaro Ltd
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "mte.h"
int main(int ac, char **av)
{
void *p;
enable_mte(PR_MTE_TCF_SYNC);
p = alloc_mte_mem(2 * 0x1000);
/* Tag the pointer. */
p = (void *)((unsigned long)p | (1ul << 56));
/* Store tag in sequential granules. */
asm("stg %0, [%0]" : : "r"(p + 0x0ff0));
asm("stg %0, [%0]" : : "r"(p + 0x1000));
/*
* Perform an unaligned store with tag 1 crossing the pages.
* Failure dies with SIGSEGV.
*/
asm("str %0, [%0]" : : "r"(p + 0x0ffc));
return 0;
}