Re: [Qemu-devel] [Qemu-arm] [PATCH 6/7] arm: Implement M profile exception return properly

[Peter Maydell <peter.maydell@linaro.org>]

On 10 April 2017 at 11:39, Peter Maydell <peter.maydell@linaro.org> wrote:
> On M profile, return from exceptions happen when privileged code
> executes one of the following function call return instructions:
>  * POP or LDM which loads the PC
>  * LDR to PC
>  * BX register
> and the new PC value is 0xFFxxxxxx.

So this isn't quite right -- the special behaviour happens only
when in Handler mode. (Handler is always privileged, but not
all privileged code is in Handler mode)...

> +static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
> +{
> +    /* Generate the same code here as for a simple bx, but flag via
> +     * s->is_jmp that we need to do the rest of the work later.
> +     */
> +    gen_bx(s, var);
> +    if (!IS_USER(s) && arm_dc_feature(s, ARM_FEATURE_M)) {

...so we need to track "are we in Handler mode" (ie
env->v7m.exception != 0) in the TB flags and test that here
rather than testing IS_USER.

(Otherwise if you have code which executes the same 'bx' instruction
both as a legitimate exception return and as a fake exception
return while in privileged thread mode then we assert() in
do_v7m_exception_exit. I have a test case that does this but no
real code would ever do it.)

thanks
-- PMM