{"id":2221271,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2221271/?format=json","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.0/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260409035015.132370-6-richard.henderson@linaro.org>","date":"2026-04-09T03:50:13","name":"[v2,5/7] target/arm: Recognize linux faux BPKT","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"289eb24afcb56c88b3d821e06c3cdf1d71cb3315","submitter":{"id":72104,"url":"http://patchwork.ozlabs.org/api/1.0/people/72104/?format=json","name":"Richard Henderson","email":"richard.henderson@linaro.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260409035015.132370-6-richard.henderson@linaro.org/mbox/","series":[{"id":499232,"url":"http://patchwork.ozlabs.org/api/1.0/series/499232/?format=json","date":"2026-04-09T03:50:08","name":"target/arm: Remove bswap_code","version":2,"mbox":"http://patchwork.ozlabs.org/series/499232/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2221271/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=Hhepclhr;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frmFt6jxFz1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 13:51:46 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wAgPj-0000hY-Mu; Wed, 08 Apr 2026 23:50:43 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)\n id 1wAgPi-0000gQ-4n\n for qemu-devel@nongnu.org; Wed, 08 Apr 2026 23:50:42 -0400","from mail-pg1-x535.google.com ([2607:f8b0:4864:20::535])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)\n id 1wAgPg-0003tM-DN\n for qemu-devel@nongnu.org; Wed, 08 Apr 2026 23:50:41 -0400","by mail-pg1-x535.google.com with SMTP id\n 41be03b00d2f7-c6e2355739dso197756a12.2\n for <qemu-devel@nongnu.org>; Wed, 08 Apr 2026 20:50:39 -0700 (PDT)","from stoup.. (124-150-69-109.tpgi.com.au. [124.150.69.109])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2b2745c480dsm277830605ad.0.2026.04.08.20.50.35\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 08 Apr 2026 20:50:38 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1775706639; x=1776311439; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=kcgoIr708tkn1serDSc8foai5KtjEdBhFQtOKk6QjDo=;\n b=Hhepclhr4MQKnRd+yhPqCFhg2j4WNQQgOYE4H0BeGYkCoTLESTpnXxCxP0NV2gGD4F\n 9JR5oHpRVYR22C4ACf83q9wyya8B+AGgWBPttAuA7dwQ1Z0sluCKGW18bXI8p4Asn6UX\n zqmcZFC4I3uqrgeYjOSeXuPLa7dqfYLQ8FcUSzJ+uu4nUDo1pwMR889Vm6AhrQ3hI1SL\n T/8tTBIYyGADxkKP9aQ0Q07ZLBJ6TnjA2V6Zl3CrZlADtUtw5XgZw0oPjElXuvqQzkRx\n u+QHMIar4/mrTCBHQSmREIL+fBwf6ed+5KzUXsu6SLjRVxuHrdOEQDzZAnd+zXj/IUmH\n TNbw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775706639; x=1776311439;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=kcgoIr708tkn1serDSc8foai5KtjEdBhFQtOKk6QjDo=;\n b=Eu4R4ANj0HvCdcX1qfh/J1UJqpLPLg2p0QtgFxYFFOaBpSvOHXnUoJAGxiKNmBhSE6\n 7v4YUxqnWR+dzLwxiVAG967at3/25W94qUK/s+AIURtRyXNBzJ+TiGBOhF1hgvIIxBNu\n OAjPiLY+vlWKYx19nE31hBjqwabZe+5HSvPKjv4iTZex47E5LaFPTxkRRBDCB93xdneU\n G3pn3xpL8OU5HY5eA27EDoAgjZA/lRAjh+S8xSCdQRi8uSgugOegmTP6v45t4m8Me21x\n +lNuswW+YIgBTv+WpaPNjNSN5zmTEra/yJS26PEWhNWxOHttvCVvyg/Qj5x2i1TJnzPj\n xggQ==","X-Gm-Message-State":"AOJu0YwZAa1lAxdaIQERcZ156ZVNzJtYzAgF/yjwPa8VTiBT1uepMPbQ\n G0b5X2wDiMFXHsslD+NH1+5+3Utz5XxSo7i2mw39KNgThwbYTpUnGjZrXfbXhFem3sweeFRYZli\n IdZ0pc4w=","X-Gm-Gg":"AeBDiesvIhOxKd8Df03DX4tQPt9ieodQ8vKwnUHdcFphS1R3BiT1xX3qOeTobfBrMk0\n P/cUREEXdM7OxLdv6iTJIN15/celFPs/YefQ43nLOARzGzINsnvKPq3fnJgalXdeHr1+4VIx0/w\n 24j7mqP4B+fUvDBjsorAyQeW1edAHFs3KQ83gPp9TLsJE0SzJ4YRk/fmYwNmqFynybaFF930uPN\n acRrqn6eEsm/pDDH81MzRqidmO3J3do20VofMv415xRoqjgsHB58Sv5+Jaqwwl/yONt9wZ1Ko94\n te8BBTXU8XvBTnpwg1Q1G/ZWj2ucaGB2kYjT4MRu9D4sUxwUPDMH8Vm2GF2B327g7t+oCEblFTG\n rYnYDcI58xxftLp2/m/661PLtpiZC2yC0DSOz8hORfrnLwMAOVkOzxIxCw0GjBMnKzMI0SvV1e5\n jjK6sIvgb6wrgvKGlLq/a/PhNcdb39ewyKIl5vREQHMXLYKMzsgiKM0dtx","X-Received":"by 2002:a17:902:ccc9:b0:2b2:539b:d2b1 with SMTP id\n d9443c01a7336-2b2816cfd51mr247559615ad.16.1775706638838;\n Wed, 08 Apr 2026 20:50:38 -0700 (PDT)","From":"Richard Henderson <richard.henderson@linaro.org>","To":"qemu-devel@nongnu.org","Cc":"qemu-arm@nongnu.org, pierrick.bouvier@linaro.org, philmd@linaro.org,\n peter.maydell@linaro.org","Subject":"[PATCH v2 5/7] target/arm: Recognize linux faux BPKT","Date":"Thu,  9 Apr 2026 13:50:13 +1000","Message-ID":"<20260409035015.132370-6-richard.henderson@linaro.org>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260409035015.132370-1-richard.henderson@linaro.org>","References":"<20260409035015.132370-1-richard.henderson@linaro.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=2607:f8b0:4864:20::535;\n envelope-from=richard.henderson@linaro.org; helo=mail-pg1-x535.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"It is easier to recognize the insn from decodetree than it\nis from cpu_loop.  In particular, there is a BE32 bug in\nhow we rebuild thumb2 insns in get_user_code_u32.\n\nSigned-off-by: Richard Henderson <richard.henderson@linaro.org>\n---\n linux-user/arm/cpu_loop.c  | 28 ----------------------------\n target/arm/tcg/translate.c | 17 +++++++++++++++++\n target/arm/tcg/a32.decode  |  5 ++++-\n target/arm/tcg/t16.decode  |  1 +\n target/arm/tcg/t32.decode  |  5 ++++-\n 5 files changed, 26 insertions(+), 30 deletions(-)","diff":"diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c\nindex 86f13ad83a..4f7c5dab9c 100644\n--- a/linux-user/arm/cpu_loop.c\n+++ b/linux-user/arm/cpu_loop.c\n@@ -194,24 +194,6 @@ do_kernel_trap(CPUARMState *env)\n     return 0;\n }\n \n-static bool insn_is_linux_bkpt(uint32_t opcode, bool is_thumb)\n-{\n-    /*\n-     * Return true if this insn is one of the three magic UDF insns\n-     * which the kernel treats as breakpoint insns.\n-     */\n-    if (!is_thumb) {\n-        return (opcode & 0x0fffffff) == 0x07f001f0;\n-    } else {\n-        /*\n-         * Note that we get the two halves of the 32-bit T32 insn\n-         * in the opposite order to the value the kernel uses in\n-         * its undef_hook struct.\n-         */\n-        return ((opcode & 0xffff) == 0xde01) || (opcode == 0xa000f7f0);\n-    }\n-}\n-\n static bool emulate_arm_fpa11(CPUARMState *env, uint32_t opcode)\n {\n     TaskState *ts = get_task_state(env_cpu(env));\n@@ -291,16 +273,6 @@ void cpu_loop(CPUARMState *env)\n                 /* FIXME - what to do if get_user() fails? */\n                 get_user_code_u32(opcode, env->regs[15], env);\n \n-                /*\n-                 * The Linux kernel treats some UDF patterns specially\n-                 * to use as breakpoints (instead of the architectural\n-                 * bkpt insn). These should trigger a SIGTRAP rather\n-                 * than SIGILL.\n-                 */\n-                if (insn_is_linux_bkpt(opcode, env->thumb)) {\n-                    goto excp_debug;\n-                }\n-\n                 if (!env->thumb && emulate_arm_fpa11(env, opcode)) {\n                     break;\n                 }\ndiff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c\nindex ec21e33a06..0447be0907 100644\n--- a/target/arm/tcg/translate.c\n+++ b/target/arm/tcg/translate.c\n@@ -4508,6 +4508,23 @@ static bool trans_BFCI(DisasContext *s, arg_BFCI *a)\n     return true;\n }\n \n+static bool trans_LINUX_BKPT(DisasContext *s, arg_LINUX_BKPT *a)\n+{\n+#ifdef CONFIG_USER_ONLY\n+# ifdef CONFIG_LINUX\n+    /*\n+     * The Linux kernel recognizes 3 UDF patterns as breakpoints.\n+     * Recognizing these during translate is much less error prone\n+     * than deferring to cpu_loop.\n+     */\n+    gen_exception_bkpt_insn(s, 0);\n+    return true;\n+# endif\n+#endif\n+    /* Fall through to UDF. */\n+    return false;\n+}\n+\n static bool trans_UDF(DisasContext *s, arg_UDF *a)\n {\n     unallocated_encoding(s);\ndiff --git a/target/arm/tcg/a32.decode b/target/arm/tcg/a32.decode\nindex f2ca480949..c7e8e9803e 100644\n--- a/target/arm/tcg/a32.decode\n+++ b/target/arm/tcg/a32.decode\n@@ -425,7 +425,10 @@ BFCI             ---- 0111 110 msb:5 rd:4 lsb:5 001 rn:4      &bfi\n \n # While we could get UDEF by not including this, add the pattern for\n # documentation and to conflict with any other typos in this file.\n-UDF              1110 0111 1111 ---- ---- ---- 1111 ----\n+{\n+  LINUX_BKPT     1110 0111 1111 0000 0000 0001 1111 0000\n+  UDF            1110 0111 1111 ---- ---- ---- 1111 ----\n+}\n \n # Parallel addition and subtraction\n \ndiff --git a/target/arm/tcg/t16.decode b/target/arm/tcg/t16.decode\nindex 778fbf1627..836e929684 100644\n--- a/target/arm/tcg/t16.decode\n+++ b/target/arm/tcg/t16.decode\n@@ -263,6 +263,7 @@ LDM_t16         1011 110 ......... \\\n %imm8_0x2       0:s8 !function=times_2\n \n {\n+  LINUX_BKPT    1101 1110 0000 0001\n   UDF           1101 1110 ---- ----\n   SVC           1101 1111 imm:8                 &i\n   B_cond_thumb  1101 cond:4 ........            &ci imm=%imm8_0x2\ndiff --git a/target/arm/tcg/t32.decode b/target/arm/tcg/t32.decode\nindex 49b8d0037e..05217da8b3 100644\n--- a/target/arm/tcg/t32.decode\n+++ b/target/arm/tcg/t32.decode\n@@ -418,7 +418,10 @@ CLZ              1111 1010 1011 ---- 1111 .... 1000 ....      @rdm\n     SMC          1111 0111 1111 imm:4 1000 0000 0000 0000     &i\n     HVC          1111 0111 1110 ....  1000 .... .... ....     \\\n                  &i imm=%imm16_16_0\n-    UDF          1111 0111 1111 ----  1010 ---- ---- ----\n+    {\n+      LINUX_BKPT 1111 0111 1111 0000  1010 0000 0000 0000\n+      UDF        1111 0111 1111 ----  1010 ---- ---- ----\n+    }\n   ]\n   B_cond_thumb   1111 0. cond:4 ...... 10.0 ............      &ci imm=%imm21\n }\n","prefixes":["v2","5/7"]}