From: Peter Maydell <peter.maydell@linaro.org>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org
Subject: Re: [PATCH 3/4] tcg/aarch64: Emit BTI insns at jump landing pads
Date: Tue, 12 Sep 2023 17:23:42 +0100 [thread overview]
Message-ID: <CAFEAcA9_St7e4G=BC2k_f8oWKphiD+3P6fEOKzW=vBGSijiKTA@mail.gmail.com> (raw)
In-Reply-To: <20230816142516.469743-4-richard.henderson@linaro.org>
On Wed, 16 Aug 2023 at 15:27, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The prologue is entered via "call"; the epilogue, each tb,
> and each goto_tb continuation point are all reached via "jump".
>
> As tcg_out_goto_long is only used by tcg_out_exit_tb, merge
> the two functions. Change the indirect register used to
> TCG_REG_TMP1, aka X16, so that the BTI condition created
> is "jump" instead of "jump or call".
TCG_REG_TMP1 is X17, not X16...
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> static void tcg_out_exit_tb(TCGContext *s, uintptr_t a0)
> {
> + const tcg_insn_unit *target;
> + ptrdiff_t offset;
> +
> /* Reuse the zeroing that exists for goto_ptr. */
> if (a0 == 0) {
> - tcg_out_goto_long(s, tcg_code_gen_epilogue);
> + target = tcg_code_gen_epilogue;
> } else {
> tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_X0, a0);
> - tcg_out_goto_long(s, tb_ret_addr);
> + target = tb_ret_addr;
> + }
> +
> + offset = tcg_pcrel_diff(s, target) >> 2;
> + if (offset == sextract64(offset, 0, 26)) {
> + tcg_out_insn(s, 3206, B, offset);
> + } else {
> + tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP1, (intptr_t)target);
> + tcg_out_insn(s, 3207, BR, TCG_REG_TMP1);
Since it's now important that the tempreg we have here is
one of X16/X17 in order to get the right BTI behaviour,
I think a build-time assert of this would be helpful.
That will catch the possibility that we forget about this
and decide to rearrange which registers we use as
tempregs later.
> }
> }
>
> @@ -1970,6 +1984,7 @@ static void tcg_out_goto_tb(TCGContext *s, int which)
> tcg_out32(s, I3206_B);
> tcg_out_insn(s, 3207, BR, TCG_REG_TMP0);
> set_jmp_reset_offset(s, which);
> + tcg_out_bti(s, BTI_J);
> }
Otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
"Did we miss anywhere that should have had a BTI insn"
is a bit tricky to review, but I assume you've done enough
testing on a BTI-enabled host to catch that.
thanks
-- PMM
next prev parent reply other threads:[~2023-09-12 16:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-16 14:25 [PATCH 0/4] tcg/aarch64: Enable BTI within the JIT Richard Henderson
2023-08-16 14:25 ` [PATCH 1/4] tcg: Add tcg_out_tb_start backend hook Richard Henderson
2023-08-16 21:38 ` Philippe Mathieu-Daudé
2023-08-16 14:25 ` [PATCH 2/4] util/cpuinfo-aarch64: Add CPUINFO_BTI Richard Henderson
2023-08-16 21:37 ` Philippe Mathieu-Daudé
2023-08-16 14:25 ` [PATCH 3/4] tcg/aarch64: Emit BTI insns at jump landing pads Richard Henderson
2023-09-12 16:23 ` Peter Maydell [this message]
2023-08-16 14:25 ` [PATCH 4/4] tcg: Map code_gen_buffer with PROT_BTI Richard Henderson
2023-08-16 22:13 ` Philippe Mathieu-Daudé
2023-09-09 20:50 ` [PATCH 0/4] tcg/aarch64: Enable BTI within the JIT Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA9_St7e4G=BC2k_f8oWKphiD+3P6fEOKzW=vBGSijiKTA@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).