diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2021-06-12 12:57:07 -0700 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-06-16 14:33:51 +0100 |
| commit | d3327a38cda104dd292105b6b9d140f2158209f9 (patch) | |
| tree | 5c45b533a29c26ab25ddc0f611e901e73d37ed21 /target | |
| parent | a25c84c7e0ac00c026afa28fbbfa044e12fe0b1a (diff) | |
| download | qemu-d3327a38cda104dd292105b6b9d140f2158209f9.zip | |
target/arm: Fix mte page crossing test
The test was off-by-one, because tag_last points to the
last byte of the tag to check, thus tag_last - prev_page
will equal TARGET_PAGE_SIZE when we use the first byte
of the next page.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/403
Reported-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210612195707.840217-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target')
| -rw-r--r-- | target/arm/mte_helper.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c index 166b9d260f..9e615cc513 100644 --- a/target/arm/mte_helper.c +++ b/target/arm/mte_helper.c @@ -730,7 +730,7 @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr, prev_page = ptr & TARGET_PAGE_MASK; next_page = prev_page + TARGET_PAGE_SIZE; - if (likely(tag_last - prev_page <= TARGET_PAGE_SIZE)) { + if (likely(tag_last - prev_page < TARGET_PAGE_SIZE)) { /* Memory access stays on one page. */ tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1; mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1, |