summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1907137
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1907137')
-rw-r--r--results/scraper/launchpad-without-comments/190713736
1 files changed, 36 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1907137 b/results/scraper/launchpad-without-comments/1907137
new file mode 100644
index 00000000..08186229
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1907137
@@ -0,0 +1,36 @@
+LDTR not properly emulated when MTE tag checks enabled at EL0
+
+I am trying to boot Android (just the non-GUI parts for now) under QEMU with MTE enabled. This can be done by following the instructions here to build the fvp-eng target with MTE support:
+
+https://cs.android.com/android/platform/superproject/+/master:device/generic/goldfish/fvpbase/
+
+and launching QEMU with the following command:
+
+qemu-system-aarch64 -kernel $ANDROID_PRODUCT_OUT/kernel -initrd $ANDROID_PRODUCT_OUT/combined-ramdisk.img -machine virt,mte=on -cpu max -drive driver=raw,file=$ANDROID_PRODUCT_OUT/system-qemu.img,if=none,id=system -device virtio-blk-device,drive=system -append "console=ttyAMA0 earlyprintk=ttyAMA0 androidboot.hardware=fvpbase androidboot.boot_devices=a003e00.virtio_mmio loglevel=9 printk.devkmsg=on buildvariant=eng" -m 512 -nographic -no-reboot
+
+If I do this then QEMU crashes like so:
+
+**
+ERROR:../target/arm/mte_helper.c:558:mte_check_fail: code should not be reached
+Bail out! ERROR:../target/arm/mte_helper.c:558:mte_check_fail: code should not be reached
+
+The error is caused by an MTE tag check fault from an LDTR instruction in __arch_copy_from_user. At this point TCF=0 and TCF0=2.
+
+I have this patch that gets me past the error but it is unclear whether this is the correct fix since there may be other confusion between TCF and TCF0 elsewhere.
+
+diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
+index 153bd1e9df..aa5db4eac4 100644
+--- a/target/arm/mte_helper.c
++++ b/target/arm/mte_helper.c
+@@ -552,10 +552,8 @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
+     case 0:
+         /*
+          * Tag check fail does not affect the PE.
+-         * We eliminate this case by not setting MTE_ACTIVE
+-         * in tb_flags, so that we never make this runtime call.
+          */
+-        g_assert_not_reached();
++        break;
+ 
+     case 2:
+         /* Tag check fail causes asynchronous flag set.  */
\ No newline at end of file