On 10 April 2017 at 11:39, Peter Maydell <peter.mayd...@linaro.org> wrote:
> On M profile, return from exceptions happen when privileged code
> executes one of the following function call return instructions:
> * POP or LDM which loads the PC
> * LDR to PC
> * BX register
> and the new PC value is 0xFFxxxxxx.
So this isn't quite right -- the special behaviour happens only
when in Handler mode. (Handler is always privileged, but not
all privileged code is in Handler mode)...
> +static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
> +{
> + /* Generate the same code here as for a simple bx, but flag via
> + * s->is_jmp that we need to do the rest of the work later.
> + */
> + gen_bx(s, var);
> + if (!IS_USER(s) && arm_dc_feature(s, ARM_FEATURE_M)) {
...so we need to track "are we in Handler mode" (ie
env->v7m.exception != 0) in the TB flags and test that here
rather than testing IS_USER.
(Otherwise if you have code which executes the same 'bx' instruction
both as a legitimate exception return and as a fake exception
return while in privileged thread mode then we assert() in
do_v7m_exception_exit. I have a test case that does this but no
real code would ever do it.)
thanks
-- PMM
