From nobody Mon Nov 10 06:16:44 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=linaro.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1553915997070574.4982363374074;
 Fri, 29 Mar 2019 20:19:57 -0700 (PDT)
Received: from localhost ([127.0.0.1]:47826 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1hA4Wx-0007OL-C5
	for importer@patchew.org; Fri, 29 Mar 2019 23:19:39 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33017)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1hA2L3-00078w-0D
	for qemu-devel@nongnu.org; Fri, 29 Mar 2019 20:59:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <richard.henderson@linaro.org>) id 1hA2L1-0001eu-RP
	for qemu-devel@nongnu.org; Fri, 29 Mar 2019 20:59:12 -0400
Received: from mail-pg1-x543.google.com ([2607:f8b0:4864:20::543]:38494)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
	id 1hA2L1-0001eX-KX
	for qemu-devel@nongnu.org; Fri, 29 Mar 2019 20:59:11 -0400
Received: by mail-pg1-x543.google.com with SMTP id j26so1982967pgl.5
	for <qemu-devel@nongnu.org>; Fri, 29 Mar 2019 17:59:11 -0700 (PDT)
Received: from cloudburst.ASUS (cpe-66-75-72-255.hawaii.res.rr.com.
	[66.75.72.255]) by smtp.gmail.com with ESMTPSA id
	e1sm2229900pfn.187.2019.03.29.17.59.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 29 Mar 2019 17:59:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ZWpQIT9YQySoKjzsWYha6BN9w4EITOUpOlIb69f+q0c=;
	b=vBsbT/5SgkzQwN36hGVORZmKZdaZ+X+wKaldsJy+Xu0hKjO5m7aB1AQbTmlwbkHZPJ
	2KfPwPXZ79dCGNjbz4RzdD3eYCKT023PRifJi/zQGM2Nlk7cjkj0tF5+kRcD/O+NQCkQ
	9LIpNBxJOFZjAF2edPZZQBFJdTYC6fR/Ju8jx2l5X1PrqAPr3m5vYRmDvGrhBP+G7Diy
	jC/c7fpfxclOrMLKTrQfGTYao8yCo4y2BQtp1DiJHp2gD4OU9bQOuFh31qVhipMCCVyq
	OlTIMa6UB9T2TX5Vi7AqcJ+VHsirzDMY+7Y1O+RAx23DcUcPa6Kz6839XMZycgauIvI7
	UThw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZWpQIT9YQySoKjzsWYha6BN9w4EITOUpOlIb69f+q0c=;
	b=Kn0xpU//Dzh9PnOI36s7sVvmvV9p68mn2FLEV/3NewgupDP5ixeC3cJA0wS/hp/+FK
	YZa2XA2UQx55so5+AjSWZxmfEoMuOVbSfaya+NjoY2NR54gDUGy9Y19K4LoRnOW8/bKj
	Kkuk4hJo6Ipo4wcNmI1BU5v4mPXE6dW5+HTh/C6JtXDqMVs1fAYFXjiehYML5chTsBz0
	PpB2qdbA5QH5MXs4bjZwT0ETD8gp8FLiaMqqSelatOizOKZxynoQbWIwh5iH/lT47wUu
	ykA5FkjGFfjlT+tvUYOst33Y0jpdE5ycQfrw1HuybcMmcPJcDFpqnA4qnpKyXamlu9q8
	naWA==
X-Gm-Message-State: APjAAAXDX9/ij8EnLuIDMx0diNIetTn7BXMKQiznPwEk84ECjvpT+ro6
	vCRfdtF1x34rbjPL9OO4a4KaTDQnYW4=
X-Google-Smtp-Source: 
 APXvYqze3iFSiYzNSs8BF2ZEbY9zRsCe2NS2XtQOA2wIUuUPiJ9GddvOEcrgptBCAs7yzgjrDMuD0A==
X-Received: by 2002:a63:84c7:: with SMTP id
	k190mr48616373pgd.255.1553907550171;
	Fri, 29 Mar 2019 17:59:10 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Fri, 29 Mar 2019 14:59:00 -1000
Message-Id: <20190330005900.17282-5-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190330005900.17282-1-richard.henderson@linaro.org>
References: <20190330005900.17282-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4864:20::543
Subject: [Qemu-devel] [PATCH v4 4/4] tests/tcg/aarch64: Add bti smoke test
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, alex.bennee@linaro.org,
	ramana.radhakrishnan@arm.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tests/tcg/aarch64/bti-1.c         | 62 +++++++++++++++++++++++++++
 tests/tcg/aarch64/bti-crt.inc.c   | 69 +++++++++++++++++++++++++++++++
 tests/tcg/aarch64/Makefile.target |  3 ++
 3 files changed, 134 insertions(+)
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c

diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
new file mode 100644
index 0000000000..61924f0d7a
--- /dev/null
+++ b/tests/tcg/aarch64/bti-1.c
@@ -0,0 +1,62 @@
+/*
+ * Branch target identification, basic notskip cases.
+ */
+
+#include "bti-crt.inc.c"
+
+static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
+{
+    uc->uc_mcontext.pc +=3D 8;
+    uc->uc_mcontext.pstate =3D 1;
+}
+
+#define NOP       "nop"
+#define BTI_N     "hint #32"
+#define BTI_C     "hint #34"
+#define BTI_J     "hint #36"
+#define BTI_JC    "hint #38"
+
+#define BTYPE_1(DEST) \
+    asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \
+        : "=3Dr"(skipped) : : "x16")
+
+#define BTYPE_2(DEST) \
+    asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \
+        : "=3Dr"(skipped) : : "x16", "x30")
+
+#define BTYPE_3(DEST) \
+    asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \
+        : "=3Dr"(skipped) : : "x15")
+
+#define TEST(WHICH, DEST, EXPECT) \
+    do { WHICH(DEST); fail +=3D skipped ^ EXPECT; } while (0)
+
+
+int main()
+{
+    int fail =3D 0;
+    int skipped;
+
+    /* Signal-like with SA_SIGINFO.  */
+    signal_info(SIGILL, skip2_sigill);
+
+    TEST(BTYPE_1, NOP, 1);
+    TEST(BTYPE_1, BTI_N, 1);
+    TEST(BTYPE_1, BTI_C, 0);
+    TEST(BTYPE_1, BTI_J, 0);
+    TEST(BTYPE_1, BTI_JC, 0);
+
+    TEST(BTYPE_2, NOP, 1);
+    TEST(BTYPE_2, BTI_N, 1);
+    TEST(BTYPE_2, BTI_C, 0);
+    TEST(BTYPE_2, BTI_J, 1);
+    TEST(BTYPE_2, BTI_JC, 0);
+
+    TEST(BTYPE_3, NOP, 1);
+    TEST(BTYPE_3, BTI_N, 1);
+    TEST(BTYPE_3, BTI_C, 1);
+    TEST(BTYPE_3, BTI_J, 0);
+    TEST(BTYPE_3, BTI_JC, 0);
+
+    return fail;
+}
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.in=
c.c
new file mode 100644
index 0000000000..bb363853de
--- /dev/null
+++ b/tests/tcg/aarch64/bti-crt.inc.c
@@ -0,0 +1,69 @@
+/*
+ * Minimal user-environment for testing BTI.
+ *
+ * Normal libc is not built with BTI support enabled, and so could
+ * generate a BTI TRAP before ever reaching main.
+ */
+
+#include <stdlib.h>
+#include <signal.h>
+#include <ucontext.h>
+#include <asm/unistd.h>
+
+int main(void);
+
+void _start(void)
+{
+    exit(main());
+}
+
+void exit(int ret)
+{
+    register int x0 __asm__("x0") =3D ret;
+    register int x8 __asm__("x8") =3D __NR_exit;
+
+    asm volatile("svc #0" : : "r"(x0), "r"(x8));
+    __builtin_unreachable();
+}
+
+/*
+ * Irritatingly, the user API struct sigaction does not match the
+ * kernel API struct sigaction.  So for simplicity, isolate the
+ * kernel ABI here, and make this act like signal.
+ */
+void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *))
+{
+    struct kernel_sigaction {
+        void (*handler)(int, siginfo_t *, ucontext_t *);
+        unsigned long flags;
+        unsigned long restorer;
+        unsigned long mask;
+    } sa =3D { fn, SA_SIGINFO, 0, 0 };
+
+    register int x0 __asm__("x0") =3D sig;
+    register void *x1 __asm__("x1") =3D &sa;
+    register void *x2 __asm__("x2") =3D 0;
+    register int x3 __asm__("x3") =3D sizeof(unsigned long);
+    register int x8 __asm__("x8") =3D __NR_rt_sigaction;
+
+    asm volatile("svc #0"
+                 : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory=
");
+}
+
+/*
+ * Create the PT_NOTE that will enable BTI in the page tables.
+ * This will be created by the compiler with -mbranch-protection=3Dstandar=
d,
+ * but as of 2019-03-29, this is has not been committed to gcc mainline.
+ * This will probably be in GCC10.
+ */
+asm(".section .note.gnu.property,\"a\"\n\
+	.align	3\n\
+	.long	4\n\
+        .long	16\n\
+        .long	5\n\
+        .string	\"GNU\"\n\
+	.long	0xc0000000\n\
+	.long	4\n\
+	.long	1\n\
+        .align  3\n\
+	.previous");
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile=
.target
index 2bb914975b..21da3bc37f 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -18,4 +18,7 @@ run-fcvt: fcvt
 AARCH64_TESTS +=3D pauth-1
 run-pauth-%: QEMU +=3D -cpu max
=20
+AARCH64_TESTS +=3D bti-1
+bti-1: LDFLAGS +=3D -nostartfiles -nodefaultlibs -nostdlib
+
 TESTS:=3D$(AARCH64_TESTS)
--=20
2.17.1