mbox series

[0/4] tcg/aarch64: Enable BTI within the JIT

Message ID 20230816142516.469743-1-richard.henderson@linaro.org
Headers show
Series tcg/aarch64: Enable BTI within the JIT | expand

Message

Richard Henderson Aug. 16, 2023, 2:25 p.m. UTC 
Patch 1 is cherry-picked from

[PATCH v3 02/14] tcg: Add tcg_out_tb_start backend hook
https://lore.kernel.org/qemu-devel/20230815195741.8325-3-richard.henderson@linaro.org/T/#u

here used for a different application.

There are not as many landing pads as I had imagined, so the
overhead here is really quite minimal.

The architecture enables the check only when the PTE for the
jump target is marked "guarded".  Linux implements this by
adding a PROT_BTI bit for mmap and mprotect.  I have isolated
this within a host_prot_read_exec() local function, which
seems clean enough.  So far, as far as I can tell, Linux it
the only OS to support BTI.


r~


Richard Henderson (4):
  tcg: Add tcg_out_tb_start backend hook
  util/cpuinfo-aarch64: Add CPUINFO_BTI
  tcg/aarch64: Emit BTI insns at jump landing pads
  tcg: Map code_gen_buffer with PROT_BTI

 host/include/aarch64/host/cpuinfo.h |  1 +
 tcg/region.c                        | 39 ++++++++++++++++------
 tcg/tcg.c                           |  3 ++
 util/cpuinfo-aarch64.c              |  4 +++
 tcg/aarch64/tcg-target.c.inc        | 52 +++++++++++++++++++++--------
 tcg/arm/tcg-target.c.inc            |  5 +++
 tcg/i386/tcg-target.c.inc           |  5 +++
 tcg/loongarch64/tcg-target.c.inc    |  5 +++
 tcg/mips/tcg-target.c.inc           |  5 +++
 tcg/ppc/tcg-target.c.inc            |  5 +++
 tcg/riscv/tcg-target.c.inc          |  5 +++
 tcg/s390x/tcg-target.c.inc          |  5 +++
 tcg/sparc64/tcg-target.c.inc        |  5 +++
 tcg/tci/tcg-target.c.inc            |  5 +++
 14 files changed, 119 insertions(+), 25 deletions(-)

Comments

Richard Henderson Sept. 9, 2023, 8:50 p.m. UTC | #1 
Ping.  Patch 3 still missing review.

On 8/16/23 07:25, Richard Henderson wrote:
> Patch 1 is cherry-picked from
> 
> [PATCH v3 02/14] tcg: Add tcg_out_tb_start backend hook
> https://lore.kernel.org/qemu-devel/20230815195741.8325-3-richard.henderson@linaro.org/T/#u
> 
> here used for a different application.
> 
> There are not as many landing pads as I had imagined, so the
> overhead here is really quite minimal.
> 
> The architecture enables the check only when the PTE for the
> jump target is marked "guarded".  Linux implements this by
> adding a PROT_BTI bit for mmap and mprotect.  I have isolated
> this within a host_prot_read_exec() local function, which
> seems clean enough.  So far, as far as I can tell, Linux it
> the only OS to support BTI.
> 
> 
> r~
> 
> 
> Richard Henderson (4):
>    tcg: Add tcg_out_tb_start backend hook
>    util/cpuinfo-aarch64: Add CPUINFO_BTI
>    tcg/aarch64: Emit BTI insns at jump landing pads
>    tcg: Map code_gen_buffer with PROT_BTI
> 
>   host/include/aarch64/host/cpuinfo.h |  1 +
>   tcg/region.c                        | 39 ++++++++++++++++------
>   tcg/tcg.c                           |  3 ++
>   util/cpuinfo-aarch64.c              |  4 +++
>   tcg/aarch64/tcg-target.c.inc        | 52 +++++++++++++++++++++--------
>   tcg/arm/tcg-target.c.inc            |  5 +++
>   tcg/i386/tcg-target.c.inc           |  5 +++
>   tcg/loongarch64/tcg-target.c.inc    |  5 +++
>   tcg/mips/tcg-target.c.inc           |  5 +++
>   tcg/ppc/tcg-target.c.inc            |  5 +++
>   tcg/riscv/tcg-target.c.inc          |  5 +++
>   tcg/s390x/tcg-target.c.inc          |  5 +++
>   tcg/sparc64/tcg-target.c.inc        |  5 +++
>   tcg/tci/tcg-target.c.inc            |  5 +++
>   14 files changed, 119 insertions(+), 25 deletions(-)
>