id = 1204
title = "AArch64 unaligned accesses are allowed by QEMU when SCTLR_EL3.A is 0, but SCTLR_EL3.M is also 0"
state = "closed"
created_at = "2022-09-11T12:12:15.036Z"
closed_at = "2024-03-05T15:25:53.778Z"
labels = ["Closed::Fixed", "accel: TCG", "kind::Bug", "target: arm"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/1204"
host-os = "n/a"
host-arch = "aarch64"
qemu-version = "master"
guest-os = "n/a"
guest-arch = "aarch64"
description = """As per the ARM ARM, when address translation is disabled and the access is not done from EL1/0 with HCR_EL2.DC set to 1, data accesses receive the 'Device-nGnRnE' memory attribute (D.8.2.10 The effects of disabling an address translation stage - DDi0487I.a, Page D8-5119).
Memory regions marked as Device do not support unaligned access."""
reproduce = """Run the following snippet under EL3, and notice the last load instruction completes successfully (doesn't raise an alignment fault)
```
.balign 8
.global first_variable
first_variable:
      .word 0x1
.balign 4
.global second_variable
second_variable:
      .word 0x2

no_mmu_sctlr: .dword 0x0000000030C51834

.globl reproducer
reproducer:
      ldr  x1, no_mmu_sctlr // A=0,M=0
      msr  sctlr_el3, x1
      dsb  sy
      isb

      ldr  x0, =first_variable
      ldr  x1, [x0, #0] // Aligned - Success
      ldr  x1, [x0, #4] // Unaligned - Success??? (Should be failure)
```"""
additional = "n/a"