On Wed, 16 Aug 2023 at 15:27, Richard Henderson
<richard.hender...@linaro.org> wrote:
>
> The prologue is entered via "call"; the epilogue, each tb,
> and each goto_tb continuation point are all reached via "jump".
>
> As tcg_out_goto_long is only used by tcg_out_exit_tb, merge
> the two functions. Change the indirect register used to
> TCG_REG_TMP1, aka X16, so that the BTI condition created
> is "jump" instead of "jump or call".
TCG_REG_TMP1 is X17, not X16...
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> static void tcg_out_exit_tb(TCGContext *s, uintptr_t a0)
> {
> + const tcg_insn_unit *target;
> + ptrdiff_t offset;
> +
> /* Reuse the zeroing that exists for goto_ptr. */
> if (a0 == 0) {
> - tcg_out_goto_long(s, tcg_code_gen_epilogue);
> + target = tcg_code_gen_epilogue;
> } else {
> tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_X0, a0);
> - tcg_out_goto_long(s, tb_ret_addr);
> + target = tb_ret_addr;
> + }
> +
> + offset = tcg_pcrel_diff(s, target) >> 2;
> + if (offset == sextract64(offset, 0, 26)) {
> + tcg_out_insn(s, 3206, B, offset);
> + } else {
> + tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP1, (intptr_t)target);
> + tcg_out_insn(s, 3207, BR, TCG_REG_TMP1);
Since it's now important that the tempreg we have here is
one of X16/X17 in order to get the right BTI behaviour,
I think a build-time assert of this would be helpful.
That will catch the possibility that we forget about this
and decide to rearrange which registers we use as
tempregs later.
> }
> }
>
> @@ -1970,6 +1984,7 @@ static void tcg_out_goto_tb(TCGContext *s, int which)
> tcg_out32(s, I3206_B);
> tcg_out_insn(s, 3207, BR, TCG_REG_TMP0);
> set_jmp_reset_offset(s, which);
> + tcg_out_bti(s, BTI_J);
> }
Otherwise
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
"Did we miss anywhere that should have had a BTI insn"
is a bit tricky to review, but I assume you've done enough
testing on a BTI-enabled host to catch that.
thanks
-- PMM
