Posting this to an internal list because v8.5 is still NDA.
There are a lot of holes to be filled wrt the user-level ABI. In the meantime, I have a cpu property to turn on GP for all pages. Which means that to test it, I provide a complete statically linked program, so that nothing uses indirect branches except that the ones I use myself.
r~
Richard Henderson (11): target/arm: Introduce isar_feature_aa64_bti target/arm: Add PSTATE.BTYPE target/arm: Add BT and BTYPE to tb->flags target/arm: Record the GP bit for a page in MemTxAttrs target/arm: Default handling of BTYPE during translation target/arm: Reset btype for direct branches and syscalls target/arm: Set btype for indirect branches target/arm: Add guarded_pages cpu property for user-only target/arm: Enable BTI for -cpu max linux-user/aarch64: Reset btype for signal handlers tests/tcg/aarch64: Add bti smoke test
include/exec/memattrs.h | 2 + target/arm/cpu.h | 22 +++- target/arm/internals.h | 6 + target/arm/translate.h | 9 ++ linux-user/aarch64/signal.c | 4 + target/arm/cpu64.c | 24 ++++ target/arm/helper.c | 28 +++-- target/arm/translate-a64.c | 196 +++++++++++++++++++++++++++++- tests/tcg/aarch64/bti-1.c | 61 ++++++++++ tests/tcg/aarch64/bti-crt.inc.c | 51 ++++++++ tests/tcg/aarch64/Makefile.target | 7 +- 11 files changed, 399 insertions(+), 11 deletions(-) create mode 100644 tests/tcg/aarch64/bti-1.c create mode 100644 tests/tcg/aarch64/bti-crt.inc.c