From patchwork Sat Aug  3 21:07:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170510
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2429458ile;
 Sat, 3 Aug 2019 14:08:33 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxJn/dwGS/3MlUhjN5or1w7YucIZsLqslJlPb7BMZsHgwy0LcURCQIaabmlVgMGGBTj3GEs
X-Received: by 2002:aa7:c0cf:: with SMTP id
 j15mr27986604edp.138.1564866513255; 
 Sat, 03 Aug 2019 14:08:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866513; cv=none;
 d=google.com; s=arc-20160816;
 b=FxyAdO7B7Y8c1v68dInz+OuaW54GyOk947udHGOUw+K2DhHdte8aCH8BltNP7Nr9iv
 P8WCb5x+bz/rRas/xk9d8z6SXIuXF5qKLlurwlX8gpydM5xJrBQe5Taoq1ksEmU+z2Mz
 73zsGdFkOHYJHL0CTpXviQd9tzNkc1Bkb9n+uKid/BhZ226BdPEKVjlRTAqut3quHCq3
 q0JF7XTZa6gAhUJRLiGJ3Q8yVmvm8q502o+lwDtWfSA9b+BOqi2g+JwTDmjq8EJXrEue
 Boo5yiLTQwJhbUEXFaPkiwdZ+7NczEQFH8I5kY4joCkL1amVcdH/TdjOAxvhmgOU2ID/
 psAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=+x0WGSWw36fXqg8sJBr/e/px4PQ5p89CEe43iMHBL7I=;
 b=JV+uxdZY/HvEBCGVoGQaI4tNAGKSUc0LyHzYnRi9UmDvIRcPLcnlF9yjywDBki9iFx
 kYyO/6ZUzPAPfSmUcSIgEQOHs/6C/KwYkWn8yTV7s7+3Xcc3lJ+gkKzIjoEtJGVTDxtw
 IWK1Ib0UWy4OEzzI00z8o0kqVxvEN3zLlNW/ZAMl68O3OKcNZsr4OA+ubc1MPrwFhMTq
 +YyOkWv1JlTaGEy0nQeUPwbVfzkBMycQQyPQ1ktFe7KB/Z5YfMlir4gC41k3tp9Pu5sZ
 QKSd9YeP8WyWijcJ0h3sRxuRnTh3igoVsjqcq+s8Lm/WoOiGeCIbsXF9ecEX7w2BT6g5
 krAw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=Cwcnxi5L;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 c18si24379421ejf.196.2019.08.03.14.08.33 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:08:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=Cwcnxi5L;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:41988 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1GS-0000yl-8F
 for patch@linaro.org; Sat, 03 Aug 2019 17:08:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51917)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GC-0000xW-9Y
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1G6-0005Mk-5H
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:12 -0400
Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]:45611)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1G5-0005Ly-J7
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:10 -0400
Received: by mail-pf1-x443.google.com with SMTP id r1so37694468pfq.12
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=+x0WGSWw36fXqg8sJBr/e/px4PQ5p89CEe43iMHBL7I=;
 b=Cwcnxi5Ll9OoC5PykIu9TfQLHldwMsAvoEc5GYdHrv0oEpkGdUvSWDZOHssZzXVhSA
 ZwhC9Gh7AdPJde9++OK0GnIhE3yzaWgrAI7Z/Re9IIvsMm8PwOIpoO9qBU8sSy4S0nMS
 4jPbOD05A/lQ116UAkRA1qAe042pCBEOa9ey7y8RWftADpaZ+XcVZqCVXeKbsIEcfUib
 lsZv8Itprsc/qgMfYyBtYJmWuS9G9zMCLYm+f5GdXhfnNlRFsYX50Ok+lxHfjdZaL2Yg
 GvvXTJ+6V3nBSG29NGko2nj08Yn7bI6B7mGob9evEDVkRrrHMkUCEsNRR7JaB9ESvqNL
 CSwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=+x0WGSWw36fXqg8sJBr/e/px4PQ5p89CEe43iMHBL7I=;
 b=b5k+UQBZt3ZlFMkyN5ROThO7Hqia2fzRDDkpx64yBHhIT35S9Medb85Zfc/rfQE12J
 qmSBX9vhvB4F2NV3VGeCWvKhyR8E0l4fe4s+f7Vc94DxLaN4QiBkkIVRT5/S/DEhBu2k
 S9LtZe4HxLWc5+uMbKstYD11/WoY29rji7u/3vdLR2TplNC4Ez8GUxspbEUqP/HL+q23
 kI6zZIbgkDacBrlgWu73vFpY83YNn8SIOWidq00irTVQDd7JbXMVTPA8UWX7WYjFtB4c
 chGH7ahme/yXKd/G7HTneSDZvx+h9l5pCaku6x/mMuH3fAZAddbi+wQAhIj0t3/RkBbq
 2ZNQ==
X-Gm-Message-State: APjAAAVm1ARYbmRStOUaWIAq2FeBgrWNuwVB4gD8jkOmcNajN81tXHfd
 bmwpNM74kk5G79EGS2rqYTSWF/MDdqA=
X-Received: by 2002:a17:90a:5884:: with SMTP id
 j4mr11266253pji.142.1564866488176; 
 Sat, 03 Aug 2019 14:08:08 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.07
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:07 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:07:58 -0700
Message-Id: <20190803210803.5701-2-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::443
Subject: [Qemu-devel] [PATCH v7 1/6] linux-user/aarch64: Reset btype for
 signals
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

The kernel sets btype for the signal handler as if for a call.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/aarch64/signal.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

-- 
2.17.1

diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index cd521ee42d..2c596a7088 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -506,10 +506,16 @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
             + offsetof(struct target_rt_frame_record, tramp);
     }
     env->xregs[0] = usig;
-    env->xregs[31] = frame_addr;
     env->xregs[29] = frame_addr + fr_ofs;
-    env->pc = ka->_sa_handler;
     env->xregs[30] = return_addr;
+    env->xregs[31] = frame_addr;
+    env->pc = ka->_sa_handler;
+
+    /* Invoke the signal handler as if by indirect call.  */
+    if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
+        env->btype = 2;
+    }
+
     if (info) {
         tswap_siginfo(&frame->info, info);
         env->xregs[1] = frame_addr + offsetof(struct target_rt_sigframe, info);

From patchwork Sat Aug  3 21:07:59 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170514
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2430643ile;
 Sat, 3 Aug 2019 14:10:13 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxgmpC9edV/Mb3p/uz60L9p7ECJKgPW5eXUF6lE3VFAZUjyhPdbruEd+rZY7TDLhHeksCOF
X-Received: by 2002:a50:972c:: with SMTP id
 c41mr127368436edb.153.1564866613707; 
 Sat, 03 Aug 2019 14:10:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866613; cv=none;
 d=google.com; s=arc-20160816;
 b=m7YCBkejU2/IZShIBXX8Qu0paClXXsWHHriwg2w+AgVxtNAXXfZB2Wbbddsbuc3ywZ
 Srj+lwh5EOhObzXb+Is8AGvK3NQseNb1z+dgRSltxN23jHLxwEXi0++Cx3LSminogov+
 OqEiahNGvZDA2AC5k/dhGUnxfj4qxnqcGWVEy47r3DjvG9mL3vwjqIDxf/ZSiOERPsLq
 noncc8h84rDaoYLsQOPCbwoaDqwSA9xQoh3UQBcDVYPJGaj+QSv2DlTiHMyrJJu4sE9T
 dgnZ6GcfAyHTsVgeV78XVHc2TKf9GEHeUX2WxMLQeGMsY13OsjgORheGjiUT0F0oT/rn
 VOHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=iY1rJ5gqOJNqiFkLvVP5dE/pUQCE/8Q8pJZi7hZ3KUU=;
 b=biRp3woxKwmaLJsmPEP4+34JU+YotKttSeaJEPoVhHKou7stEkpcsDdvlCajcXCFzb
 yLhoU1WtZOlwqzNIGyK6vJXYZiQnzh6rqnqP/j/nEpg/SCjN+n3qQJIkb1wDl0pxKzj/
 1VwxLbg0VWt1tkEpwEad3ZF975KduvEyC7IlDvjuwJAGHZPOc7yGcyer3GTOQDOIKzcF
 U7nGy6hqF3j4qyaKQSUmnWVItJd+jdhRVlrD307j+cA/iNb68FQafADZ4UE8YEPbGXHc
 vyAr6uEPa2QKskgvIQqc+/ryzQiY902Mmjuo2A4OkzxQP0grF+dyNU9G+vSXFtyZNpJ8
 3DNw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=xME2Bdkw;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 oe22si24868215ejb.79.2019.08.03.14.10.13 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:10:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=xME2Bdkw;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:42028 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1I4-00057t-LW
 for patch@linaro.org; Sat, 03 Aug 2019 17:10:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52049)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GL-00016L-IS
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GJ-0005TG-Sy
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:25 -0400
Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]:36153)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1GH-0005N2-S2
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:23 -0400
Received: by mail-pg1-x541.google.com with SMTP id l21so37748320pgm.3
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=iY1rJ5gqOJNqiFkLvVP5dE/pUQCE/8Q8pJZi7hZ3KUU=;
 b=xME2BdkwnU1Jc2XfraqWMVV3Qmp2sp+V1P4tHhNZ400gndzuR1ADIhpaL3MsbeTrSw
 LeQrslH7jcjGxZ1p7pXhxOXZTP2bYlREQLzGF6Y/kEuvRuA6/rCOxwt5H+octEDGu9/+
 EXqaDrSiHtTc4cm0Z83Y1oe0gDhgDPZiA2nkk0Ps2fiiJpXwzvUtVaLffvMBc5lO8p0h
 zLhr4BtTAYwYgZHyavKTRt5YEk3NdFGbTajOd/L3xwccrz5+xJ3oycljuaqXMZ2/+Iok
 lKxSG1x57UKCrUxQZuFfmUvh719FIk9y5k+XxOpYE6XfUQRN9G8vRQ43ZnXIIxh5uWdp
 2PhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=iY1rJ5gqOJNqiFkLvVP5dE/pUQCE/8Q8pJZi7hZ3KUU=;
 b=Wt2Ss0SN2TlSAmj3jM/7xmjoggWqS/7j2KUkgB3RXzHcaiB4jsi7dchPJ4FmGv4X1C
 HxxBFOuW70ASTHSeIdIHcqlUva5U3YPCzhRSd6R0z5Y44+8Ux/jGj8eXarusSyUA7U/T
 FmJQQZt6ZoxxjegB2Q9nUOISzIf/1MpK2SR0AKUXjNTs8cZbtXcPZzXMvnDRHd0BYG8v
 QkHnOe0Wx8Krq52snKP7NRJQfwWCJLtMQ/JS6uiXqGu9THPvyX9xH8xARYPSzMMP0yKN
 M3wMqp6QPGx0hnZpz++FWNNQmDLYlz3MAhZ0FElxq1ek+w9uQ1uoSauJf2ogStdDVC0u
 kLdA==
X-Gm-Message-State: APjAAAU+tCGUp/lVM4CrGblKVKPdM6DCZkFhjJg5vO1k58C39OjlvcOL
 ssae6XaDP60GPfRxKkJcw68OsK5dIjo=
X-Received: by 2002:a63:4612:: with SMTP id
 t18mr121646295pga.85.1564866489358; 
 Sat, 03 Aug 2019 14:08:09 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.08
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:08 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:07:59 -0700
Message-Id: <20190803210803.5701-3-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::541
Subject: [Qemu-devel] [PATCH v7 2/6] linux-user: Validate mmap/mprotect prot
 value
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

The kernel will return -EINVAL for bits set in the prot argument
that are unknown or invalid.  Previously we were simply cropping
out the bits that we care about.

Introduce validate_prot_to_pageflags to perform this check in a
single place between the two syscalls.  Differentiate between
the target and host versions of prot.  Compute the qemu internal
page_flags value at the same time.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/mmap.c | 105 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 74 insertions(+), 31 deletions(-)

-- 
2.17.1
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 46a6e3a761..c1a188ec0b 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -60,11 +60,37 @@ void mmap_fork_end(int child)
         pthread_mutex_unlock(&mmap_mutex);
 }
 
+/*
+ * Validate target prot bitmask.
+ * Return the prot bitmask for the host in *HOST_PROT.
+ * Return 0 if the target prot bitmask is invalid, otherwise
+ * the internal qemu page_flags (which will include PAGE_VALID).
+ */
+static int validate_prot_to_pageflags(int *host_prot, int prot)
+{
+    int valid = PROT_READ | PROT_WRITE | PROT_EXEC | TARGET_PROT_SEM;
+    int page_flags = (prot & PAGE_BITS) | PAGE_VALID;
+
+    /*
+     * While PROT_SEM was added with the initial futex api, and continues
+     * to be accepted, it is documented as unused on all architectures.
+     * Moreover, it was never added to glibc so we don't have a definition
+     * for the host.  Follow the kernel and ignore it.
+     *
+     * TODO: We do not actually have to map guest pages as executable,
+     * since they will not be directly executed by the host.  We only
+     * need to remember exec within page_flags.
+     */
+    *host_prot = prot & (PROT_READ | PROT_WRITE | PROT_EXEC);
+
+    return prot & ~valid ? 0 : page_flags;
+}
+
 /* NOTE: all the constants are the HOST ones, but addresses are target. */
-int target_mprotect(abi_ulong start, abi_ulong len, int prot)
+int target_mprotect(abi_ulong start, abi_ulong len, int target_prot)
 {
     abi_ulong end, host_start, host_end, addr;
-    int prot1, ret;
+    int prot1, ret, page_flags, host_prot;
 
 #ifdef DEBUG_MMAP
     printf("mprotect: start=0x" TARGET_ABI_FMT_lx
@@ -74,56 +100,65 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
            prot & PROT_EXEC ? 'x' : '-');
 #endif
 
-    if ((start & ~TARGET_PAGE_MASK) != 0)
+    if ((start & ~TARGET_PAGE_MASK) != 0) {
         return -TARGET_EINVAL;
+    }
+    page_flags = validate_prot_to_pageflags(&host_prot, target_prot);
+    if (!page_flags) {
+        return -TARGET_EINVAL;
+    }
     len = TARGET_PAGE_ALIGN(len);
     end = start + len;
     if (!guest_range_valid(start, len)) {
         return -TARGET_ENOMEM;
     }
-    prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
-    if (len == 0)
+    if (len == 0) {
         return 0;
+    }
 
     mmap_lock();
     host_start = start & qemu_host_page_mask;
     host_end = HOST_PAGE_ALIGN(end);
     if (start > host_start) {
         /* handle host page containing start */
-        prot1 = prot;
-        for(addr = host_start; addr < start; addr += TARGET_PAGE_SIZE) {
+        prot1 = host_prot;
+        for (addr = host_start; addr < start; addr += TARGET_PAGE_SIZE) {
             prot1 |= page_get_flags(addr);
         }
         if (host_end == host_start + qemu_host_page_size) {
-            for(addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) {
+            for (addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) {
                 prot1 |= page_get_flags(addr);
             }
             end = host_end;
         }
-        ret = mprotect(g2h(host_start), qemu_host_page_size, prot1 & PAGE_BITS);
-        if (ret != 0)
+        ret = mprotect(g2h(host_start), qemu_host_page_size,
+                       prot1 & PAGE_BITS);
+        if (ret != 0) {
             goto error;
+        }
         host_start += qemu_host_page_size;
     }
     if (end < host_end) {
-        prot1 = prot;
-        for(addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) {
+        prot1 = host_prot;
+        for (addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) {
             prot1 |= page_get_flags(addr);
         }
-        ret = mprotect(g2h(host_end - qemu_host_page_size), qemu_host_page_size,
-                       prot1 & PAGE_BITS);
-        if (ret != 0)
+        ret = mprotect(g2h(host_end - qemu_host_page_size),
+                       qemu_host_page_size, prot1 & PAGE_BITS);
+        if (ret != 0) {
             goto error;
+        }
         host_end -= qemu_host_page_size;
     }
 
     /* handle the pages in the middle */
     if (host_start < host_end) {
-        ret = mprotect(g2h(host_start), host_end - host_start, prot);
-        if (ret != 0)
+        ret = mprotect(g2h(host_start), host_end - host_start, host_prot);
+        if (ret != 0) {
             goto error;
+        }
     }
-    page_set_flags(start, start + len, prot | PAGE_VALID);
+    page_set_flags(start, start + len, page_flags);
     mmap_unlock();
     return 0;
 error:
@@ -363,10 +398,11 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align)
 }
 
 /* NOTE: all the constants are the HOST ones */
-abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
+abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot,
                      int flags, int fd, abi_ulong offset)
 {
     abi_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len;
+    int page_flags, host_prot;
 
     mmap_lock();
 #ifdef DEBUG_MMAP
@@ -401,6 +437,12 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
         goto fail;
     }
 
+    page_flags = validate_prot_to_pageflags(&host_prot, target_prot);
+    if (!page_flags) {
+        errno = EINVAL;
+        goto fail;
+    }
+
     /* Also check for overflows... */
     len = TARGET_PAGE_ALIGN(len);
     if (!len) {
@@ -466,14 +508,15 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
         /* Note: we prefer to control the mapping address. It is
            especially important if qemu_host_page_size >
            qemu_real_host_page_size */
-        p = mmap(g2h(start), host_len, prot,
+        p = mmap(g2h(start), host_len, host_prot,
                  flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
-        if (p == MAP_FAILED)
+        if (p == MAP_FAILED) {
             goto fail;
+        }
         /* update start so that it points to the file position at 'offset' */
         host_start = (unsigned long)p;
         if (!(flags & MAP_ANONYMOUS)) {
-            p = mmap(g2h(start), len, prot,
+            p = mmap(g2h(start), len, host_prot,
                      flags | MAP_FIXED, fd, host_offset);
             if (p == MAP_FAILED) {
                 munmap(g2h(start), host_len);
@@ -507,19 +550,19 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
             /* msync() won't work here, so we return an error if write is
                possible while it is a shared mapping */
             if ((flags & MAP_TYPE) == MAP_SHARED &&
-                (prot & PROT_WRITE)) {
+                (host_prot & PROT_WRITE)) {
                 errno = EINVAL;
                 goto fail;
             }
-            retaddr = target_mmap(start, len, prot | PROT_WRITE,
+            retaddr = target_mmap(start, len, target_prot | PROT_WRITE,
                                   MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS,
                                   -1, 0);
             if (retaddr == -1)
                 goto fail;
             if (pread(fd, g2h(start), len, offset) == -1)
                 goto fail;
-            if (!(prot & PROT_WRITE)) {
-                ret = target_mprotect(start, len, prot);
+            if (!(host_prot & PROT_WRITE)) {
+                ret = target_mprotect(start, len, target_prot);
                 assert(ret == 0);
             }
             goto the_end;
@@ -530,13 +573,13 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
             if (real_end == real_start + qemu_host_page_size) {
                 /* one single host page */
                 ret = mmap_frag(real_start, start, end,
-                                prot, flags, fd, offset);
+                                host_prot, flags, fd, offset);
                 if (ret == -1)
                     goto fail;
                 goto the_end1;
             }
             ret = mmap_frag(real_start, start, real_start + qemu_host_page_size,
-                            prot, flags, fd, offset);
+                            host_prot, flags, fd, offset);
             if (ret == -1)
                 goto fail;
             real_start += qemu_host_page_size;
@@ -545,7 +588,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
         if (end < real_end) {
             ret = mmap_frag(real_end - qemu_host_page_size,
                             real_end - qemu_host_page_size, end,
-                            prot, flags, fd,
+                            host_prot, flags, fd,
                             offset + real_end - qemu_host_page_size - start);
             if (ret == -1)
                 goto fail;
@@ -561,13 +604,13 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
             else
                 offset1 = offset + real_start - start;
             p = mmap(g2h(real_start), real_end - real_start,
-                     prot, flags, fd, offset1);
+                     host_prot, flags, fd, offset1);
             if (p == MAP_FAILED)
                 goto fail;
         }
     }
  the_end1:
-    page_set_flags(start, start + len, prot | PAGE_VALID);
+    page_set_flags(start, start + len, page_flags);
  the_end:
 #ifdef DEBUG_MMAP
     printf("ret=0x" TARGET_ABI_FMT_lx "\n", start);

From patchwork Sat Aug  3 21:08:00 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170512
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2429590ile;
 Sat, 3 Aug 2019 14:08:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxN+uY4ugkM/K+AvUyoRHQBLHmgNPJxd7f8Y5RjX1nY5FgsO45J2BOW2W7ZG6pQieYelksn
X-Received: by 2002:a17:906:7681:: with SMTP id
 o1mr106502811ejm.207.1564866525993; 
 Sat, 03 Aug 2019 14:08:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866525; cv=none;
 d=google.com; s=arc-20160816;
 b=Zrco3bQATrCE8VUPG8ngi0vwVFAzXjg3ZsQO5FsgXtqEeNCCjtfxadQzqOPw0ezlhE
 g7nNffMzXgCVFmc0E3Zb7uW1REfBoZr2UsxmDsFGotqFkBye/RkmeH4+I2RkI0Pq8Cam
 +xTIV/piv2xwNCqafvhLhT07z6EY1qXn9GbKxDn58O6NUSQEQd3elMmm1TTuKKILzYiK
 AQaIhwV+gUZcrUIxMgeSVOWXSApCh+PlyEkdeVra4qv84tGMr8vfEZtO+hPUFOZFQG3u
 T4ZixB/g9dQzDGv1Xi40kSCfHrIS8lMqdiv4UCBAiz+WwbVtYzPa+Tc23ceQ6cWD8jjR
 vk6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=+dg5JIkpSzmoy0afkqhKVUwUedH22oFzTp8ibzMq0SE=;
 b=nfRcLJvst0dqiA+Uj28v/QqNJPgZJWfdzCnc+dbbb7LUmsJ5wTD6WQvDukF4YCCWbA
 NThgTDffljFWmeZa8s0SLApVxkpRp8NWFo2TjoukFE5+UwtF9mu5Xs0+kQfPh/bKYMbZ
 dxcITvcmY2aMl8zxMyBX/7pVi1b5XBLMWY1u5CmMtyOhxIDWDGWtOn6h/P3l64LCSa3p
 emn4rFyhaW3doNGwyJiYT2h2j4TSNvnEgUv1pLci8FXLMfMoYADMeNlNny/dwAMN6Gvn
 i3sQWsgIpyg71ybYajnPVO/aGvFJKjuKj35/94+2VeJl8oBf1yrCMFYAliVaFroydM44
 yOpw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=qNY3Sw+X;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 g19si27252965edb.435.2019.08.03.14.08.45 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:08:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=qNY3Sw+X;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:41996 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1Gf-0001l9-0i
 for patch@linaro.org; Sat, 03 Aug 2019 17:08:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51981)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GJ-0000zI-St
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GH-0005SZ-U3
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:23 -0400
Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]:34080)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1GD-0005NI-Ls
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:21 -0400
Received: by mail-pf1-x441.google.com with SMTP id b13so37706398pfo.1
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=+dg5JIkpSzmoy0afkqhKVUwUedH22oFzTp8ibzMq0SE=;
 b=qNY3Sw+XDQzjoWT4PxBw52H0kfB9SJ0QGxQmeR2rPEBDqbj14D4oTAb49uvqILtuwf
 WxrOCfI64/HwQNLD90HNO3IbbMw4vy9Q1t5WVSr8bmezdG4SuNpu0It8P+BcaLWHNWOV
 LYfFJsyMA8qzml31pvKrvohZuWzgGf4mhemtCZSC7/aqvrnJMvF6saYOXiE05GGL5UlL
 iloojqiMDAkHhY8VHGgVZfvtssPRdrgOWS8YllKif4xeo7fJ2PZ3Xl5HL6oLuZXIUorh
 O2LjuUrL1BX8y28tlurMMo0u/eQXrm8dQDBAWF+S85gtwrIp7tlIA4b6+o21k3VUdCxy
 F0Nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=+dg5JIkpSzmoy0afkqhKVUwUedH22oFzTp8ibzMq0SE=;
 b=kKyCgtj7p+n6hkFk8rNoouB7l+OhLynC2IIqd9CrcigVmUWlprMBqvmIFfSs2pAJ8q
 Ik6cOLdE/eYqZZYHFYUKCCmRZ04X8t78qlSvj8u37nROQKDLS5GqQJSnwO5Evuy6qOpr
 PoAfZIV0k8T5k39lCpx9T68uaKGQB+umst4aPIisDEKZ3Kn8IYxgG1B0JxvGUmSi1qYG
 C3+lorZwRFoCHMEfGAbPbPFJaijJXoZiTLoGXQrcn44ixPOHXBK0+3ErGcKJoGYasmmQ
 vjJH4AV8qOkcH9kCj5k2HhIvaSuFsjIP0y0V6h23P3sy8QUQIgD4037r00An2LSdVj7/
 XFfg==
X-Gm-Message-State: APjAAAVPFGAaifF72tw4utCB09doxeCSvh/Wb3XYOM0PqvvIRxmh95Hl
 ribPoS3DIoeHM5WyN7w9VZgGWXFxJIE=
X-Received: by 2002:a65:4c4d:: with SMTP id
 l13mr88114498pgr.156.1564866490564; 
 Sat, 03 Aug 2019 14:08:10 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.09
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:10 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:08:00 -0700
Message-Id: <20190803210803.5701-4-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::441
Subject: [Qemu-devel] [PATCH v7 3/6] linux-user: Set PAGE_TARGET_1 for
 TARGET_PROT_BTI
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Transform the prot bit to a qemu internal page bit, and save
it in the page tables.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-all.h     |  2 ++
 linux-user/syscall_defs.h  |  4 ++++
 linux-user/mmap.c          | 16 ++++++++++++++++
 target/arm/translate-a64.c |  6 +++---
 4 files changed, 25 insertions(+), 3 deletions(-)

-- 
2.17.1

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 40b140cbba..27470b73f7 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -248,6 +248,8 @@ extern intptr_t qemu_host_page_mask;
 /* FIXME: Code that sets/uses this is broken and needs to go away.  */
 #define PAGE_RESERVED  0x0020
 #endif
+/* Target-specific bits that will be used via page_get_flags().  */
+#define PAGE_TARGET_1  0x0080
 
 #if defined(CONFIG_USER_ONLY)
 void page_dump(FILE *f);
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 0662270300..a59a81e4b6 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -1124,6 +1124,10 @@ struct target_winsize {
 #define TARGET_PROT_SEM         0x08
 #endif
 
+#ifdef TARGET_AARCH64
+#define TARGET_PROT_BTI         0x10
+#endif
+
 /* Common */
 #define TARGET_MAP_SHARED	0x01		/* Share changes */
 #define TARGET_MAP_PRIVATE	0x02		/* Changes are private */
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index c1a188ec0b..c1bed290f6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -83,6 +83,22 @@ static int validate_prot_to_pageflags(int *host_prot, int prot)
      */
     *host_prot = prot & (PROT_READ | PROT_WRITE | PROT_EXEC);
 
+#ifdef TARGET_AARCH64
+    /*
+     * The PROT_BTI bit is only accepted if the cpu supports the feature.
+     * Since this is the unusual case, don't bother checking unless
+     * the bit has been requested.  If set and valid, record the bit
+     * within QEMU's page_flags as PAGE_TARGET_1.
+     */
+    if (prot & TARGET_PROT_BTI) {
+        ARMCPU *cpu = ARM_CPU(thread_cpu);
+        if (cpu_isar_feature(aa64_bti, cpu)) {
+            valid |= TARGET_PROT_BTI;
+            page_flags |= PAGE_TARGET_1;
+        }
+    }
+#endif
+
     return prot & ~valid ? 0 : page_flags;
 }
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 06ff3a7f2e..395e498acf 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13963,10 +13963,10 @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn)
  */
 static bool is_guarded_page(CPUARMState *env, DisasContext *s)
 {
-#ifdef CONFIG_USER_ONLY
-    return false;  /* FIXME */
-#else
     uint64_t addr = s->base.pc_first;
+#ifdef CONFIG_USER_ONLY
+    return page_get_flags(addr) & PAGE_TARGET_1;
+#else
     int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
     unsigned int index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);

From patchwork Sat Aug  3 21:08:01 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170513
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2429809ile;
 Sat, 3 Aug 2019 14:09:05 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyfY8Dx3BFja+ZqAMwhP6KRJPoU/3BRhXqiX7p4XR6A4w4q6qoHrVPuPBe4cXnCqWGdABse
X-Received: by 2002:a17:906:19cc:: with SMTP id
 h12mr44375565ejd.304.1564866545267; 
 Sat, 03 Aug 2019 14:09:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866545; cv=none;
 d=google.com; s=arc-20160816;
 b=LQAnXUVXt/RyDUTJmrVwoJS8LsikEgqFePbo4nHE9m/0EkUR1VHxGARXiPmje+azo7
 W7vUBJutALcsb6b8sGt+mnbiTv6+CLUhDeEHB7lhffy8MXbuJojx7IbsI4upIJgFQ731
 0X1oC2gKCBuTuU/3/66ely1DC6hYd8NeJON1sMb7NFj81aRpHgptw9hfCe7Qe8nq08qt
 4to3CbsCCY4PBH2MdsHXn8DDLVQbmNmMq7mxAUW2+w8Ujp3a1cdwyj/P5+sOt6oDj+zv
 Pbme0/UYiHsQjlXgJaopQJMKri4ONTuc65bzoH79xXB6sqSx2n7IIMH7zGfdK/elsmfv
 a24g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=bmpQuQaLO45/V21gwxDx+DwJ2G3aSCxmFjq9t4PMMQo=;
 b=RkWHIlIBfKcRCf/rS1/BKTRIyL8lVwQIwAEyCABPBrtVvq/MLQmlMmBgMMV3zhXOmg
 cvOdFwtr83+fxBga9dkzoG3bBEuHP6Fs3bnMgS80UkKYbojRk36aoTkl6mhOGGdFxbkR
 DovphneXa1VVyN9o1z6E9dbhpG5ZLTJUgCavRveoUR1r3l7EbWDCfxfr/SDdhIT+p5sp
 D7dIgWi5Fzm7NrmpHRsarUiEt4f0+9LB1NASx6M8u/NjZ/H+qz/aMB/UC/bLyHhJ61Cm
 3ivr23XeNmANXT/7kYCRw5q0uHHn1Eo3c/W/jLvLs4edEumz66KJDsigQu7yWDCRTRJw
 ggUw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b="TbDJ/7Un";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 s41si25989219edd.252.2019.08.03.14.09.05 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:09:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b="TbDJ/7Un";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:41998 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1Gy-0001rI-9j
 for patch@linaro.org; Sat, 03 Aug 2019 17:09:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52017)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GK-00013j-Ua
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GJ-0005T1-Qw
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:24 -0400
Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:42475)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1GH-0005Na-Qb
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:21 -0400
Received: by mail-pg1-x544.google.com with SMTP id t132so37748074pgb.9
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=bmpQuQaLO45/V21gwxDx+DwJ2G3aSCxmFjq9t4PMMQo=;
 b=TbDJ/7UnbJ5tKa+3jraWvw1FWaKuke5i8tZyS9pWJDDeQtApkyFVJM+SU6NDcd0JDS
 r702rKwzJRI0CPJ1dBDY8ZQaPev/ARW0VKWwSKRkxcXtz9kpTR1JwV2ms145AAcGqcBG
 fWymPRWy6iHEmfj3IK9leFrMGixXIx4peU61F0MUjJpO8ULjZUSQp8o1DXLEwHLivYOd
 h2QUK6aPr5w06YfjxkZokkRIljBuczwD3O/RaiaBPMbxOKjdJpzpHk1RAGsRlpIuwbat
 kuY+TzlwhC1H9k00Oqw2mF5Y5urGPdilkgtwrI7SobGrg7Ft0kP9YUlgg16XxY9tgA7H
 w1Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=bmpQuQaLO45/V21gwxDx+DwJ2G3aSCxmFjq9t4PMMQo=;
 b=jPmQHqGiAaA7+fJVK+e5d6+DoesJAV2HaNO2iTcVjGPC/G7Z2/etFMWj9jyBXCbcDI
 AYeIGW2JuEqZtG0uUcJmWMkOCpVkKPIeSoR3/4XlP26/LxMrdmu3Q6cjwTzUwIovLasa
 7gK+Di/FRw9r8tPeX+E/ptADRjjbmiEhqJpefiQcC4Db9SPI1GwK57CHiU4WYNt741fp
 w91b3Rr9yaQW40nJlzuct7mBscJKhDjTC6j2Rowfn+gxE3uS/DZ8lAMSN5Z6PXGWYreZ
 XHCttV9xGEimCl1le4r6mahXo3Pxjw80DLLGh8M7eLBvizPT6sh7uUyxCFRCej/bWiir
 uXqw==
X-Gm-Message-State: APjAAAU7sf297wuwmQ6D53Qcn5Bui2rYkYuC4/2pKk+1s9qEeyzufgIe
 PtEW+F3oRRVScBI0XWVMP0Ictj42J4Y=
X-Received: by 2002:a63:6947:: with SMTP id e68mr94509807pgc.60.1564866491659; 
 Sat, 03 Aug 2019 14:08:11 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.10
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:11 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:08:01 -0700
Message-Id: <20190803210803.5701-5-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::544
Subject: [Qemu-devel] [PATCH v7 4/6] include/elf: Add defines related to GNU
 property notes for AArch64
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

These are all of the defines required to parse
GNU_PROPERTY_AARCH64_FEATURE_1_AND, copied from binutils.
Other missing defines related to other GNU program headers
and notes are elided for now.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/elf.h | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

-- 
2.17.1
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/include/elf.h b/include/elf.h
index 3501e0c8d0..7c4dc4b2cc 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -26,9 +26,13 @@ typedef int64_t  Elf64_Sxword;
 #define PT_NOTE    4
 #define PT_SHLIB   5
 #define PT_PHDR    6
+#define PT_LOOS    0x60000000
+#define PT_HIOS    0x6fffffff
 #define PT_LOPROC  0x70000000
 #define PT_HIPROC  0x7fffffff
 
+#define PT_GNU_PROPERTY   (PT_LOOS + 0x474e553)
+
 #define PT_MIPS_REGINFO   0x70000000
 #define PT_MIPS_RTPROC    0x70000001
 #define PT_MIPS_OPTIONS   0x70000002
@@ -1651,6 +1655,24 @@ typedef struct elf64_shdr {
 #define NT_ARM_HW_WATCH 0x403           /* ARM hardware watchpoint registers */
 #define NT_ARM_SYSTEM_CALL      0x404   /* ARM system call number */
 
+/* Defined note types for GNU systems.  */
+
+#define NT_GNU_PROPERTY_TYPE_0  5       /* Program property */
+
+/* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */
+
+#define GNU_PROPERTY_STACK_SIZE                 1
+#define GNU_PROPERTY_NO_COPY_ON_PROTECTED       2
+
+#define GNU_PROPERTY_LOPROC                     0xc0000000
+#define GNU_PROPERTY_HIPROC                     0xdfffffff
+#define GNU_PROPERTY_LOUSER                     0xe0000000
+#define GNU_PROPERTY_HIUSER                     0xffffffff
+
+#define GNU_PROPERTY_AARCH64_FEATURE_1_AND      0xc0000000
+#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI      (1u << 0)
+#define GNU_PROPERTY_AARCH64_FEATURE_1_PAC      (1u << 1)
+
 /*
  * Physical entry point into the kernel.
  *

From patchwork Sat Aug  3 21:08:02 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170515
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2430748ile;
 Sat, 3 Aug 2019 14:10:23 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyzhouo6kHlF9VgQwz9FvCRrc5Fw2J4HqO6vQgCgyC7EBtqodmHvIgnWatf94sTy71oGwbP
X-Received: by 2002:a50:b7a7:: with SMTP id
 h36mr126090223ede.234.1564866623135; 
 Sat, 03 Aug 2019 14:10:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866623; cv=none;
 d=google.com; s=arc-20160816;
 b=oGhriZF/ZQ+GnCT0b70huyEQSEV3zQ+eIAc3ny042WcsGzf0IraqhsNN+UOxiEKSdy
 wWzEpeByM5uRciUwLv4x/FuQWeKqi6yCE/5wMoEYcbdINR9t0GGgZOrmP7nUZYZ3qApw
 SnhCyIg7Pzcwu8Qd8+jsul2tMxlVznb5gh1dTlIO2ZQ22IKpY7RpqH+DavDhbc1cgEaS
 qdpTdTWylSKbJR5N+KU0N1Zj29O/vCquV0Rg2Oud4cZwqIyOyPUPEgrFioa8WAXS3Bex
 VmL5H+ggVGVvGUAc06TOuaOQ1AtvIXj0w5gHGrsWYDDCfyPddToZQDoUM4m4sXntN+2j
 NR5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=ijiZOLpvZs8wYEcrSua+yyDmUDcG7PPSoeYhYrFW+FU=;
 b=YXwlqlWjcZZo3H76hdAlKHQI2f6yQdPIl3Ekagh14k7m8v4xFWX61ZLCgR6vFQFqxp
 h3nDQxfkIe8K+sz1dUe6aBGw4a4q2Vjo9KmN/nP2gb2zI9IedtHkvw/Zg2nLXLwH4FGo
 4JGH+UeMNP8WCJnHDGmgZeouof8+23JJExnsWC8uz07sH9S2ASaLS94EhFN0mk3hVyiS
 xFn2R5ri0SjdqNK1Mg3atJocBUjrStRHWlZxOHxi8+fR52XNwReN3mtniH8VviK3V64l
 v2K9Yvu0PzWIz2VJjK3oJwbBPOYDONlwFScnvI0cHwabYSbRF0G6Ne/H4dUJwASre0ws
 KoEA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=atruJesB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 b21si25761253edw.264.2019.08.03.14.10.22 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:10:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=atruJesB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:42027 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1IE-0004zT-4Y
 for patch@linaro.org; Sat, 03 Aug 2019 17:10:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52055)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GL-00017A-Q8
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GK-0005Th-3V
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:25 -0400
Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]:44841)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1GJ-0005Nn-SA
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:24 -0400
Received: by mail-pg1-x541.google.com with SMTP id i18so37754443pgl.11
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=ijiZOLpvZs8wYEcrSua+yyDmUDcG7PPSoeYhYrFW+FU=;
 b=atruJesBQmmDOSQE6mv5huwgbTxeK5blO5CxhiFkeECgtegRHtIof0HSIT75p79my0
 fTm2VLv8gh382rxTvg4qrtlzfwT6xOMv+1fqVP6G1MnRfxmlVKftdZs8nZWZlYmkJT74
 Xt+2AW2z+c0gIexCFZmxsnJCf2YCazy+9i/iKOW0hYS5X08DPCL35nvsNa0f6e4PZqZt
 /Zo/WpB3UoIH4VZW/TGQOEW8CeDUHwyexDGb/4JLybW1btrMyIbmasPzs9JgxnmtEfQp
 uVaJh3bUqOellP+u2P+xfZVqXAuGUaDzhs0QIZDmsAFboxClIqpdLKkaeKbJc4h1zatd
 yfkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=ijiZOLpvZs8wYEcrSua+yyDmUDcG7PPSoeYhYrFW+FU=;
 b=aPUurZg+uC3raIGFd6xzuBPQNz2eTPN+SE52vDUDGlC9HP+yvVTh5aMefMQ3G92aaV
 GFBH28YUT4oICwHJ6M6QvoxRVDZMl4buCI5k9VFspnYcShXBXEhnwZ7VzGeRKeBfoeiz
 HDgvFOIMarmRhVlGn3xMGxMWSMb0AtzmUNOyc2k38bDd7xKrNeThcJrCWzKK+l+B9r2g
 bfRteYumCoAHD5CIMLnlDNis5x1xwxP/8r9806A/XPUt2zvMZIe9pV8YGX9j6d3mdgCQ
 Iw/mEuQ1HtnjI7rtDl8153PcjotZkL7Rxi7DgoWE5WfLQ5QX+iwig82SOW+uO3hJk/vg
 ZBgA==
X-Gm-Message-State: APjAAAXpgcb6Wu+Q8GDISPvTBmF7NVglUJIC/lmzO2K6kOnhOhYKIInK
 bo5rCwMa+Td9bDIG2BrlKESxJdnK1Iw=
X-Received: by 2002:a62:be04:: with SMTP id l4mr63898674pff.77.1564866493177; 
 Sat, 03 Aug 2019 14:08:13 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.11
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:12 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:08:02 -0700
Message-Id: <20190803210803.5701-6-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::541
Subject: [Qemu-devel] [PATCH v7 5/6] linux-user: Parse
 NT_GNU_PROPERTY_TYPE_0 notes
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

For aarch64, this includes the GNU_PROPERTY_AARCH64_FEATURE_1_BTI bit,
which indicates that the image should be mapped with guarded pages.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/elfload.c | 94 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 86 insertions(+), 8 deletions(-)
---

Note: The behaviour here when GNU_PROPERTY_AARCH64_FEATURE_1_BTI
is present differs from Dave's v1 patch set, in which the kernel
refuses to load the binary if the host does not support BTI.

However, I feel that's not the best way to introduce a feature
that adds security and is otherwise designed to be backward
compatible to such hosts.  We should want entire distributions
to be built indicating compatibility with BTI via this markup.

I included this rationale in my review of Dave's patch set.


r~


-- 
2.17.1

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index bd43c4817d..d18e7dd313 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2289,7 +2289,7 @@ static void load_elf_image(const char *image_name, int image_fd,
     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
     struct elf_phdr *phdr;
     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
-    int i, retval;
+    int i, retval, prot_exec = PROT_EXEC;
     const char *errmsg;
 
     /* First of all, some simple consistency checks */
@@ -2324,17 +2324,89 @@ static void load_elf_image(const char *image_name, int image_fd,
     loaddr = -1, hiaddr = 0;
     info->alignment = 0;
     for (i = 0; i < ehdr->e_phnum; ++i) {
-        if (phdr[i].p_type == PT_LOAD) {
-            abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
+        struct elf_phdr *eppnt = phdr + i;
+
+        if (eppnt->p_type == PT_LOAD) {
+            abi_ulong a = eppnt->p_vaddr - eppnt->p_offset;
             if (a < loaddr) {
                 loaddr = a;
             }
-            a = phdr[i].p_vaddr + phdr[i].p_memsz;
+            a = eppnt->p_vaddr + eppnt->p_memsz;
             if (a > hiaddr) {
                 hiaddr = a;
             }
             ++info->nsegs;
-            info->alignment |= phdr[i].p_align;
+            info->alignment |= eppnt->p_align;
+        } else if (eppnt->p_type == PT_GNU_PROPERTY) {
+#ifdef TARGET_AARCH64
+            /*
+             * Process NT_GNU_PROPERTY_TYPE_0.
+             *
+             * TODO: For AArch64, the PT_GNU_PROPERTY is authoritative:
+             * it is present if and only if NT_GNU_PROPERTY_TYPE_0 is.
+             * That may or may not be true for other architectures.
+             *
+             * TODO: The only item that is AArch64 specific is the
+             * GNU_PROPERTY_AARCH64_FEATURE_1_AND processing at the end.
+             * If we were to ever process GNU_PROPERTY_X86_*, all of the
+             * code through checking the gnu0 magic number is sharable.
+             * But for now, since this *is* only used by AArch64, don't
+             * process the note elsewhere.
+             */
+            const uint32_t gnu0_magic = const_le32('G' | 'N' << 8 | 'U' << 16);
+            uint32_t note[7];
+
+            /*
+             * The note contents are 7 words, but depending on LP64 vs ILP32
+             * there may be an 8th padding word at the end.  Check for and
+             * read the minimum size.  Further checks below will validate
+             * that the sizes of everything involved are as we expect.
+             */
+            if (eppnt->p_filesz < sizeof(note)) {
+                continue;
+            }
+            if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
+                memcpy(note, bprm_buf + eppnt->p_offset, sizeof(note));
+            } else {
+                retval = pread(image_fd, note, sizeof(note), eppnt->p_offset);
+                if (retval != sizeof(note)) {
+                    goto exit_perror;
+                }
+            }
+#ifdef BSWAP_NEEDED
+            for (i = 0; i < ARRAY_SIZE(note); ++i) {
+                bswap32s(note + i);
+            }
+#endif
+            /*
+             * Check that this is a NT_GNU_PROPERTY_TYPE_0 note.
+             * Again, descsz includes padding.  Full size validation
+             * awaits checking the final payload.
+             */
+            if (note[0] != 4 ||                       /* namesz */
+                note[1] < 12 ||                       /* descsz */
+                note[2] != NT_GNU_PROPERTY_TYPE_0 ||  /* type */
+                note[3] != gnu0_magic) {              /* name */
+                continue;
+            }
+            /*
+             * Check for the BTI feature.  If present, this indicates
+             * that all the executable pages of the binary should be
+             * mapped with PROT_BTI, so that branch targets are enforced.
+             */
+            if (note[4] == GNU_PROPERTY_AARCH64_FEATURE_1_AND &&
+                note[5] == 4 &&
+                (note[6] & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) {
+                /*
+                 * Elf notes are backward compatible to older cpus.
+                 * Do not enable unless it is supported.
+                 */
+                ARMCPU *cpu = ARM_CPU(thread_cpu);
+                if (cpu_isar_feature(aa64_bti, cpu)) {
+                    prot_exec |= TARGET_PROT_BTI;
+                }
+            }
+#endif /* TARGET_AARCH64 */
         }
     }
 
@@ -2394,9 +2466,15 @@ static void load_elf_image(const char *image_name, int image_fd,
             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em, vaddr_len;
             int elf_prot = 0;
 
-            if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
-            if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
-            if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
+            if (eppnt->p_flags & PF_R) {
+                elf_prot |= PROT_READ;
+            }
+            if (eppnt->p_flags & PF_W) {
+                elf_prot |= PROT_WRITE;
+            }
+            if (eppnt->p_flags & PF_X) {
+                elf_prot |= prot_exec;
+            }
 
             vaddr = load_bias + eppnt->p_vaddr;
             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);

From patchwork Sat Aug  3 21:08:03 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 170516
Delivered-To: patch@linaro.org
Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp2431132ile;
 Sat, 3 Aug 2019 14:10:57 -0700 (PDT)
X-Google-Smtp-Source: APXvYqy8a02LIXYNBJhDagvzKHGXQHnhwhUEmN2dZX7oUazlFxxDBEFusF867sg95Tu4ZdLYPH2k
X-Received: by 2002:a05:620a:64c:: with SMTP id
 a12mr96136678qka.391.1564866657724; 
 Sat, 03 Aug 2019 14:10:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564866657; cv=none;
 d=google.com; s=arc-20160816;
 b=SHzxhg3zJEDD07roCfTK3nx8xZ/+YD+xuL3H0pMTO862jYKaYe9EeWQUuZBGvRHGJk
 Wh9QKFeAcSs8TB0h4Gyy8vcrSxSFWPAy/8My1bZ2A2+5mgEJIm2Tzi9O8EgFs/Bw4iVT
 TQLVe7K0RF/etgPunUw9CZ5B2lUwi3kJvK4E/RTMqC2dn5ae/XGYgcVhchbEOBvjVSZq
 RewWcdyXWdyvMrzmZHK3iIjmhxsAPcBhIDU4GRfN89JSnuhPr9cOWAFth+7pRAI+KHam
 MByiZpIa82NJUcJqGaOLHiZphK6nADuoqfF7iNqwX3x26a6ACDKgxmvqqyz2xjcjMpcg
 E4EQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:to:from:dkim-signature;
 bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=;
 b=vKa0xLhnsK49DpAACtCe27/48SiKoMC7xfqlbWW8EEtHs723MKHSRPq6HxOwdhqObh
 ovj4KDjsueigslaXp0YsT+2G32r8inGQkW1v6wwXExfGF4+SRl52DsP8dH7S/RX9Dd4H
 AmCzxA+5CtpVydrrnHUpQTOCFFRGyKiPWOXmhdKWiqjn0Z/BxkiNR5VD/Smuk9YpMteu
 lHH/7qiiTFqMrm/NEkHwqlJmyJSSrOM9FNttYoTE4uAriTEjCYfS/UGTLfyqT/MTPSiY
 2TyjBfvVpdk8PJG3kcjUiwIf7Na7hbYxumvrV/xZVKCZWxgeJeeWnRBi1Ld6SqRBj7xn
 qmdw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=wXt7I3zB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 n37si47966841qtk.173.2019.08.03.14.10.57 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 03 Aug 2019 14:10:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=wXt7I3zB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:42040 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1hu1In-0006w5-D2
 for patch@linaro.org; Sat, 03 Aug 2019 17:10:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52056)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GL-00017B-Pw
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1hu1GK-0005TV-1B
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:25 -0400
Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:46126)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1hu1GJ-0005O2-Q4
 for qemu-devel@nongnu.org; Sat, 03 Aug 2019 17:08:23 -0400
Received: by mail-pg1-x544.google.com with SMTP id w3so546512pgt.13
 for <qemu-devel@nongnu.org>; Sat, 03 Aug 2019 14:08:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=;
 b=wXt7I3zB3wMa4+YLho9mQUxPzGQBbZhOb362mB0lupmEWE5Ts5RvEoLDu8UMmPJ16A
 SsoSkjCXr6uWvF0RInoU3J/L5jkRaBe1XYxZ+aLOYjfq61vjnWvOjz6MsAIJ+KGps+dP
 Z6CJXwPSprvhq9I9y74vl96j3jmzv03HxjdCYgvAPcXky2VC/Bx8fnzlk9EblFtwRb+J
 m5OWJrUu4nILp0jOk5n6kdsSSIeD/eZGSdqtTSD7wkMp79ulM1J446NIGP8yF9ZLQCb+
 MW8a3DtPA1epzLqQYc9cx9tv2xfmO/EyAHjtGFlLO34AJq3UjLE+s5fmwLrl9NWMCVA0
 r5SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=hqDSppWw6vFGW1wxYzaEvtXw5fh6OAkiiQRpVHdER/Q=;
 b=UQB1y117WglQh7GqxJeaD/zHHE7aiRTWNjedb/lxbeHWeUGB2Se22QcJkP+bxWf7ui
 2Jbk06kiPkFTTVxrX9ECJRDiKkugg6CFeaKS93h0RmDzKhI3ONso8wfBpb7lrHu7Yyiz
 l4uZX57727IU0uqei42J5Pspt1nNj8r6+rWpCoITNB85wVkw3mu7FgDamxpVdJZxPaZH
 1jV4OjtOE4sDd8OhFh+xqKd78aS10TZV+miXK92C0m5PulEsUOTdElGo5Gay0AUaZncp
 dPMxuYGN9IsFJG5W07Q6rVPFlLHaZ1CorzfRqirKhhBQwQE1YOChfUwbEAW00r5hbR5z
 y0mQ==
X-Gm-Message-State: APjAAAWTV3Hrf4QtK6Fvjd00bAxIq1jTrZWXZyB7gnM19GpYArKmoRFH
 USWwRvZExqBEXcfwb1GZuCygfhZqMzQ=
X-Received: by 2002:a63:3006:: with SMTP id w6mr8164127pgw.440.1564866494221; 
 Sat, 03 Aug 2019 14:08:14 -0700 (PDT)
Received: from localhost.localdomain (97-113-7-119.tukw.qwest.net.
 [97.113.7.119]) by smtp.gmail.com with ESMTPSA id
 x25sm110129644pfa.90.2019.08.03.14.08.13
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Sat, 03 Aug 2019 14:08:13 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Sat,  3 Aug 2019 14:08:03 -0700
Message-Id: <20190803210803.5701-7-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190803210803.5701-1-richard.henderson@linaro.org>
References: <20190803210803.5701-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::544
Subject: [Qemu-devel] [PATCH v7 6/6] tests/tcg/aarch64: Add bti smoke test
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org, alex.bennee@linaro.org,
 Dave.Martin@arm.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

This will build with older toolchains, without the upstream support
for -mbranch-protection.  Such a toolchain will produce a warning
in such cases,

ld: warning: /tmp/ccyZt0kq.o: unsupported GNU_PROPERTY_TYPE (5) \
type: 0xc0000000

but the still places the note at the correct location in the binary
for processing by the runtime loader.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tests/tcg/aarch64/bti-1.c         | 77 +++++++++++++++++++++++++++++++
 tests/tcg/aarch64/bti-crt.inc.c   | 69 +++++++++++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  3 ++
 tests/tcg/aarch64/bti.ld          | 15 ++++++
 4 files changed, 164 insertions(+)
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c
 create mode 100644 tests/tcg/aarch64/bti.ld

-- 
2.17.1

diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
new file mode 100644
index 0000000000..2aee57ea7a
--- /dev/null
+++ b/tests/tcg/aarch64/bti-1.c
@@ -0,0 +1,77 @@
+/*
+ * Branch target identification, basic notskip cases.
+ */
+
+#include "bti-crt.inc.c"
+
+/*
+ * Work around lack of -mbranch-protection=standard in older toolchains.
+ * The signal handler is invoked by the kernel with PSTATE.BTYPE=2, which
+ * means that the handler must begin with a marker like BTI_C.
+ */
+asm("skip2_sigill1:\n\
+	hint	#34\n\
+	b	skip2_sigill2\n\
+.type skip2_sigill1,%function\n\
+.size skip2_sigill1,8");
+
+extern void skip2_sigill1(int sig, siginfo_t *info, ucontext_t *uc)
+    __attribute__((visibility("hidden")));
+
+static void __attribute__((used))
+skip2_sigill2(int sig, siginfo_t *info, ucontext_t *uc)
+{
+    uc->uc_mcontext.pc += 8;
+    uc->uc_mcontext.pstate = 1;
+}
+
+#define NOP       "nop"
+#define BTI_N     "hint #32"
+#define BTI_C     "hint #34"
+#define BTI_J     "hint #36"
+#define BTI_JC    "hint #38"
+
+#define BTYPE_1(DEST) \
+    asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \
+        : "=r"(skipped) : : "x16")
+
+#define BTYPE_2(DEST) \
+    asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \
+        : "=r"(skipped) : : "x16", "x30")
+
+#define BTYPE_3(DEST) \
+    asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \
+        : "=r"(skipped) : : "x15")
+
+#define TEST(WHICH, DEST, EXPECT) \
+    do { WHICH(DEST); fail += skipped ^ EXPECT; } while (0)
+
+
+int main()
+{
+    int fail = 0;
+    int skipped;
+
+    /* Signal-like with SA_SIGINFO.  */
+    signal_info(SIGILL, skip2_sigill1);
+
+    TEST(BTYPE_1, NOP, 1);
+    TEST(BTYPE_1, BTI_N, 1);
+    TEST(BTYPE_1, BTI_C, 0);
+    TEST(BTYPE_1, BTI_J, 0);
+    TEST(BTYPE_1, BTI_JC, 0);
+
+    TEST(BTYPE_2, NOP, 1);
+    TEST(BTYPE_2, BTI_N, 1);
+    TEST(BTYPE_2, BTI_C, 0);
+    TEST(BTYPE_2, BTI_J, 1);
+    TEST(BTYPE_2, BTI_JC, 0);
+
+    TEST(BTYPE_3, NOP, 1);
+    TEST(BTYPE_3, BTI_N, 1);
+    TEST(BTYPE_3, BTI_C, 1);
+    TEST(BTYPE_3, BTI_J, 0);
+    TEST(BTYPE_3, BTI_JC, 0);
+
+    return fail;
+}
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.inc.c
new file mode 100644
index 0000000000..bb363853de
--- /dev/null
+++ b/tests/tcg/aarch64/bti-crt.inc.c
@@ -0,0 +1,69 @@
+/*
+ * Minimal user-environment for testing BTI.
+ *
+ * Normal libc is not built with BTI support enabled, and so could
+ * generate a BTI TRAP before ever reaching main.
+ */
+
+#include <stdlib.h>
+#include <signal.h>
+#include <ucontext.h>
+#include <asm/unistd.h>
+
+int main(void);
+
+void _start(void)
+{
+    exit(main());
+}
+
+void exit(int ret)
+{
+    register int x0 __asm__("x0") = ret;
+    register int x8 __asm__("x8") = __NR_exit;
+
+    asm volatile("svc #0" : : "r"(x0), "r"(x8));
+    __builtin_unreachable();
+}
+
+/*
+ * Irritatingly, the user API struct sigaction does not match the
+ * kernel API struct sigaction.  So for simplicity, isolate the
+ * kernel ABI here, and make this act like signal.
+ */
+void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *))
+{
+    struct kernel_sigaction {
+        void (*handler)(int, siginfo_t *, ucontext_t *);
+        unsigned long flags;
+        unsigned long restorer;
+        unsigned long mask;
+    } sa = { fn, SA_SIGINFO, 0, 0 };
+
+    register int x0 __asm__("x0") = sig;
+    register void *x1 __asm__("x1") = &sa;
+    register void *x2 __asm__("x2") = 0;
+    register int x3 __asm__("x3") = sizeof(unsigned long);
+    register int x8 __asm__("x8") = __NR_rt_sigaction;
+
+    asm volatile("svc #0"
+                 : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory");
+}
+
+/*
+ * Create the PT_NOTE that will enable BTI in the page tables.
+ * This will be created by the compiler with -mbranch-protection=standard,
+ * but as of 2019-03-29, this is has not been committed to gcc mainline.
+ * This will probably be in GCC10.
+ */
+asm(".section .note.gnu.property,\"a\"\n\
+	.align	3\n\
+	.long	4\n\
+        .long	16\n\
+        .long	5\n\
+        .string	\"GNU\"\n\
+	.long	0xc0000000\n\
+	.long	4\n\
+	.long	1\n\
+        .align  3\n\
+	.previous");
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
index 31ba9cfcaa..68135c6ee8 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -18,4 +18,7 @@ run-fcvt: fcvt
 AARCH64_TESTS += pauth-1 pauth-2
 run-pauth-%: QEMU += -cpu max
 
+AARCH64_TESTS += bti-1
+bti-1: LDFLAGS += -nostdlib -Wl,-T,$(AARCH64_SRC)/bti.ld
+
 TESTS:=$(AARCH64_TESTS)
diff --git a/tests/tcg/aarch64/bti.ld b/tests/tcg/aarch64/bti.ld
new file mode 100644
index 0000000000..a5ef98f8a2
--- /dev/null
+++ b/tests/tcg/aarch64/bti.ld
@@ -0,0 +1,15 @@
+ENTRY(_start)
+
+PHDRS
+{
+  text PT_LOAD FILEHDR PHDRS;
+  prop 0x6474e553 ;  /* PT_GNU_PROPERTY */
+}
+
+SECTIONS
+{
+  . = 1M + SIZEOF_HEADERS;
+  .note.gnu.property : { *(.note.gnu.property) } :text :prop
+  .text : { *(.text) *(.rodata) } :text
+  /DISCARD/ : { *(.note.gnu.build-id) }
+}