git.proxmox.com Git - mirror

author	Peter Maydell <peter.maydell@linaro.org>
	Fri, 10 Nov 2023 16:25:46 +0000 (16:25 +0000)
committer	Peter Maydell <peter.maydell@linaro.org>
	Mon, 13 Nov 2023 13:15:50 +0000 (13:15 +0000)
commit	4d044472ab7666adf99d4daa0cc90b7502b90109
tree	4b82e3123d570af7db4f829417cfe42dbfcd6fe7	tree
parent	fc58891d0422607d172a3d6b3158798f2556aef1	commit \| diff

target/arm: Correct MTE tag checking for reverse-copy MOPS

When we are doing a FEAT_MOPS copy that must be performed backwards,
we call mte_mops_probe_rev(), passing it the address of the last byte
in the region we are probing.  However, allocation_tag_mem_probe()
wants the address of the first byte to get the tag memory for.
Because we passed it (ptr, size) we could incorrectly trip the
allocation_tag_mem_probe() check for "does this access run across to
the following page", and if that following page happened not to be
valid then we would assert.

We know we will always be only dealing with a single page because the
code that calls mte_mops_probe_rev() ensures that.  We could make
mte_mops_probe_rev() pass 'ptr - (size - 1)' to
allocation_tag_mem_probe(), but then we would have to adjust the
returned 'mem' pointer to get back to the tag RAM for the last byte
of the region.  It's simpler to just pass in a size of 1 byte,
because we know that allocation_tag_mem_probe() in pure-probe
single-page mode doesn't care about the size.

Fixes: 69c51dc3723b ("target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231110162546.2192512-1-peter.maydell@linaro.org