summary refs log tree commit diff stats
path: root/gitlab/issues/target_arm/host_missing/accel_TCG/514.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_TCG/514.toml')
-rw-r--r--gitlab/issues/target_arm/host_missing/accel_TCG/514.toml33
1 files changed, 33 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_TCG/514.toml b/gitlab/issues/target_arm/host_missing/accel_TCG/514.toml
new file mode 100644
index 000000000..a0e4d976f
--- /dev/null
+++ b/gitlab/issues/target_arm/host_missing/accel_TCG/514.toml
@@ -0,0 +1,33 @@
+id = 514
+title = "MTE reports false positive for \"str\" instruction with the SP as the base register."
+state = "closed"
+created_at = "2021-08-04T17:17:17.140Z"
+closed_at = "2021-09-07T15:05:49.630Z"
+labels = ["Closed::Invalid", "accel: TCG", "target: arm"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/514"
+host-os = "Android"
+host-arch = "ARM"
+qemu-version = "QEMU emulator version 6.0.0"
+guest-os = "Android"
+guest-arch = "ARM"
+description = """When PE executes "sp"-based store instruction with offset I got tag check fault exception. But according to arm spec. load or store that uses "sp" register should generate Tag Unchecked access."""
+reproduce = """Clang version: clang version 12.0.1. 
+I compiled my code using "-target aarch64-linux -march=armv8+memtag -fsanitize=memtag" for Clang. Clang generates following code:
+```
+0000000000000c14 <test_func>:
+     c14:       a9bc7bfd        stp     x29, x30, [sp, #-64]!
+     c18:       f9000bf7        str     x23, [sp, #16]
+     ...
+```
+Whole stack was mapped in translation tables as Tagged memory."SCTLR" register was configured to trigger synchronous exception on tag mismatch.
+When cpu executes firs instruction "stp     x29, x30, [sp, #-64]!" I got tag check fault exception: "0b010001 When FEAT_MTE is implemented Synchronous Tag Check Fault":
+ESR_EL1=0x96000051.
+
+According to ARM specification load or store that uses "sp" register should generate Tag Unchecked access:
+```
+A Tag Unchecked access will be generated for a load or store that uses either of the following:
+• A base register only, with the SP as the base register.
+• A base register plus immediate offset addressing form, with the SP as the base register.
+```
+Looks like qemu erroneously generates tag mismatch exceptions for SP-based loads and stores with immediate offset."""
+additional = """"""