From patchwork Mon Jan 28 22:31:14 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 156902
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp3961727jaa;
 Mon, 28 Jan 2019 14:46:03 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4BZvfyu6EBrIwkQkhvMd0mLTrlh+TZa5/3l56CZS2HLi3b6kg7TSoymRtFCaE8Wm2xBSOu
X-Received: by 2002:a1c:5fd7:: with SMTP id
 t206mr19718615wmb.145.1548715563464; 
 Mon, 28 Jan 2019 14:46:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548715563; cv=none;
 d=google.com; s=arc-20160816;
 b=WrZmDO0S7O3vh6v+lfIXNl1LoTBQ+7BTHQgAFcVINbsOSJMPHvlR8HdSbO3AfQE/j+
 OkfXm5tOcftPcbg/a3HKROaLcPXL5mo38Oz74Dab5EfUkh+GrRr89PmUp+C/+srWGcGu
 6rdZndT9LlTBnsUFEQctK4AP7jby3P7LHWiwcuK1QqSmIgAnCqjOqgp/8xKfsLnx0Wra
 NyP3lE8tjMiC5DlbFtcGHInnlFSkkJuRUKBXV2xCr/CvElr5j3WZPN9B604TRs3XuTFv
 PIhVkzIyPxi3StHoDn8rKuGsS7uJloMtITMACSSF2WBLNb3fLeUJxYij7zg1J4eGwNtr
 A1wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=aRqO13PLpb8W1n66DnnonWFep8pSE0GiVCC/pgwaWCQ=;
 b=0dY1ROJpX63RC3+AzzMGeJT1SCsmcSBdzAozcd+dn1V4/lS2TmmPshyATyiqCbNZ1X
 fGGf6KLIfOrYTYyt29YSWOXkxqAxi+G2iRR0KM1PVTX8uuk9e64uJO8aiEawv+LXPNry
 V2rGUmDgGeLcnSV/s/NyxHje38/1KZEtBebhXHDDUTroHKpr12WW7RiRz7hbrcse3lO4
 8B0TpfdAw5jcowBMubj35RJpUtoMKsNN/FDFSqWJlgp0zeRQ65iHhT4sfrLTDsz9jrri
 Vvs3i4PT7xzhEgz6KHVs941Ja4ijaVF7fxPpoaPRnD+Pq1hCPmwNSyDOue7yPSp4bjFb
 iTRw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=PKihwxIr;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 y7si79380986wrs.393.2019.01.28.14.46.03 for <patch@linaro.org>
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Mon, 28 Jan 2019 14:46:03 -0800 (PST)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=PKihwxIr;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1]:39645 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1goFfG-0000o6-Ci
 for patch@linaro.org; Mon, 28 Jan 2019 17:46:02 -0500
Received: from eggs.gnu.org ([209.51.188.92]:47054)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1goFcA-0006rk-8B
 for qemu-devel@nongnu.org; Mon, 28 Jan 2019 17:42:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1goFRS-0006K6-Nk
 for qemu-devel@nongnu.org; Mon, 28 Jan 2019 17:31:48 -0500
Received: from mail-oi1-x242.google.com ([2607:f8b0:4864:20::242]:43115)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1goFRR-0006Dv-So
 for qemu-devel@nongnu.org; Mon, 28 Jan 2019 17:31:46 -0500
Received: by mail-oi1-x242.google.com with SMTP id u18so14489180oie.10
 for <qemu-devel@nongnu.org>; Mon, 28 Jan 2019 14:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=aRqO13PLpb8W1n66DnnonWFep8pSE0GiVCC/pgwaWCQ=;
 b=PKihwxIrGPGSXs+bIXxW9YSKLQPSZQLQz4sXM6HpYPS1Yzafh8FK+8uVmRls3d0ocU
 pq0033qUW+BD+qJ5Uru7btawxqHNZ+VHi3sTv9XJacz3JUo97LB449ve9ULdG/ExiCO2
 JSEqRWvb91RhaSbIjAz3tIntNLKjb+jHLZevI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=aRqO13PLpb8W1n66DnnonWFep8pSE0GiVCC/pgwaWCQ=;
 b=sTdAKyyov/+Sp72pvSdQLP7o0EmqXfMSH09mZUidM2/0g5iD49unUTgscyVFpRhozZ
 MYQGUSvoaaVwqRMsUWdfZEkP/DWX9H6BlNWIauOR0atI6mYuKfegazOjsVtTdlcwRkTl
 cPJLrmG78HDn6cT4nrwuyUhD0WpsGtz997Kwdv2BRgH+toGwcU7vxAuEaf8Dn5VxoTnr
 2SEm8veGJ+g9W5oR6CN9S98D+h1SZGqq3C80xl19VXZsbxbIc/qEJoNRKBQ0fzrKuXPb
 FCnfeSKSAycARC0CC0oypQMZegTxf+BbVhCkhCVUFho6TyWG4ZC5JzFQsnrTi/CcA9BU
 EUqQ==
X-Gm-Message-State: AJcUukfEhYu9KA2I1ej6XRzIgFcgqGJzFZN2Wr6uA7R4YrnGHveXzCSo
 6BjljnfGcnscDWBnFuhEAjNUi7Ld+EE=
X-Received: by 2002:aca:4fc5:: with SMTP id
 d188mr7086403oib.138.1548714694392; 
 Mon, 28 Jan 2019 14:31:34 -0800 (PST)
Received: from cloudburst.twiddle.net ([12.227.73.85])
 by smtp.gmail.com with ESMTPSA id
 v3sm7460438oib.57.2019.01.28.14.31.33
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 28 Jan 2019 14:31:33 -0800 (PST)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Mon, 28 Jan 2019 14:31:14 -0800
Message-Id: <20190128223118.5255-9-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.2
In-Reply-To: <20190128223118.5255-1-richard.henderson@linaro.org>
References: <20190128223118.5255-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::242
Subject: [Qemu-devel] [PATCH v2 08/12] target/arm: Set btype for indirect
 branches
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/translate-a64.c | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

-- 
2.17.2

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index dbac09743c..89cc54dbed 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -138,6 +138,19 @@ static void reset_btype(DisasContext *s)
     }
 }
 
+static void set_btype(DisasContext *s, int val)
+{
+    TCGv_i32 tcg_val;
+
+    /* BTYPE is a 2-bit field, and 0 should be done with reset_btype.  */
+    tcg_debug_assert(val >= 1 && val <= 3);
+
+    tcg_val = tcg_const_i32(val);
+    tcg_gen_st_i32(tcg_val, cpu_env, offsetof(CPUARMState, btype));
+    tcg_temp_free_i32(tcg_val);
+    s->btype = -1;
+}
+
 void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
                             fprintf_function cpu_fprintf, int flags)
 {
@@ -1982,6 +1995,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
 static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
 {
     unsigned int opc, op2, op3, rn, op4;
+    unsigned btype_mod = 2;   /* 0: BR, 1: BLR, 2: other */
     TCGv_i64 dst;
     TCGv_i64 modifier;
 
@@ -1999,6 +2013,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
     case 0: /* BR */
     case 1: /* BLR */
     case 2: /* RET */
+        btype_mod = opc;
         switch (op3) {
         case 0:
             /* BR, BLR, RET */
@@ -2042,7 +2057,6 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         default:
             goto do_unallocated;
         }
-
         gen_a64_set_pc(s, dst);
         /* BLR also needs to load return address */
         if (opc == 1) {
@@ -2058,6 +2072,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         if (op3 != 2 || op3 != 3) {
             goto do_unallocated;
         }
+        btype_mod = opc & 1;
         if (s->pauth_active) {
             dst = new_tmp_a64(s);
             modifier = cpu_reg_sp(s, op4);
@@ -2141,6 +2156,26 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         return;
     }
 
+    switch (btype_mod) {
+    case 0: /* BR */
+        if (dc_isar_feature(aa64_bti, s)) {
+            /* BR to {x16,x17} or !guard -> 1, else 3.  */
+            set_btype(s, rn == 16 || rn == 17 || !s->guarded_page ? 1 : 3);
+        }
+        break;
+
+    case 1: /* BLR */
+        if (dc_isar_feature(aa64_bti, s)) {
+            /* BLR sets BTYPE to 2, regardless of source guarded page.  */
+            set_btype(s, 2);
+        }
+        break;
+
+    default: /* RET or none of the above.  */
+        /* BTYPE will be set to 0 by normal end-of-insn processing.  */
+        break;
+    }
+
     s->base.is_jmp = DISAS_JUMP;
 }