The kernel ABI for this is (finally) close to being merged:

https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/bti-user

I've made a couple of tweaks from v8:

 (1) Only map the interpreter or a static executable with BTI.
     The interpreter is responsible for handling the pages of
     a dynamic executable.  This is a behaviour change in the
     kernel ABI since the last time I audited the code.

 (2) Rely on the recently released gcc 10 for building the test case.
     Thanks to Alex for helping me get a docker setup for that.

Based-on: <20200519185645.3915-1-richard.henderson@linaro.org>
("linux-user: mmap/mprotect prot values")

Based-on: An unpublished version of stsquad's testing/next

So for avoidance of doubt, the complete tree may be found at

https://github.com/rth7680/qemu/tree/tgt-arm-bti


r~


Richard Henderson (5):
  linux-user/aarch64: Reset btype for signals
  linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
  include/elf: Add defines related to GNU property notes for AArch64
  linux-user: Parse NT_GNU_PROPERTY_TYPE_0 notes
  tests/tcg/aarch64: Add bti smoke test

 include/elf.h                     |  22 +++++
 include/exec/cpu-all.h            |   2 +
 linux-user/qemu.h                 |   4 +
 linux-user/syscall_defs.h         |   4 +
 linux-user/aarch64/signal.c       |  10 ++-
 linux-user/elfload.c              | 143 ++++++++++++++++++++++--------
 linux-user/mmap.c                 |  16 ++++
 target/arm/translate-a64.c        |   6 +-
 tests/tcg/aarch64/bti-1.c         |  62 +++++++++++++
 tests/tcg/aarch64/bti-crt.inc.c   |  51 +++++++++++
 tests/tcg/aarch64/Makefile.target |   7 ++
 tests/tcg/configure.sh            |   4 +
 12 files changed, 291 insertions(+), 40 deletions(-)
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c

-- 
2.20.1

On 5/20/20 10:27 AM, Richard Henderson wrote:
> The kernel ABI for this is (finally) close to being merged:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/bti-user
> 
> I've made a couple of tweaks from v8:
> 
>  (1) Only map the interpreter or a static executable with BTI.
>      The interpreter is responsible for handling the pages of
>      a dynamic executable.  This is a behaviour change in the
>      kernel ABI since the last time I audited the code.
> 
>  (2) Rely on the recently released gcc 10 for building the test case.
>      Thanks to Alex for helping me get a docker setup for that.
> 
> Based-on: <20200519185645.3915-1-richard.henderson@linaro.org>
> ("linux-user: mmap/mprotect prot values")
> 
> Based-on: An unpublished version of stsquad's testing/next
> 
> So for avoidance of doubt, the complete tree may be found at
> 
> https://github.com/rth7680/qemu/tree/tgt-arm-bti

The Linux ABI on which this is based has been merged for v5.8-rc1, so pinging
this series.

Alex's testing/next is upstream, but the "mmap/mprotect prot values" patch is
still outstanding.

Everything rebases without issue onto qemu master.  Again for avoidance of
doubt, I have updated my branch.


r~