Comment 9 for bug 1922617

commit be5d6f4884021208ae0e73379c83e51500ad3a8d
Author: Richard Henderson <email address hidden>
Date: Wed Oct 21 10:37:39 2020 -0700

    linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI

    Transform the prot bit to a qemu internal page bit, and save
    it in the page tables.

    Reviewed-by: Peter Maydell <email address hidden>
    Signed-off-by: Richard Henderson <email address hidden>
    Message-id: <email address hidden>
    Signed-off-by: Peter Maydell <email address hidden>
...

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 49cd5cabcf2a..c18a91676656 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3445,6 +3445,11 @@ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
 #define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
 #define arm_tlb_mte_tagged(x) (typecheck_memtxattrs(x)->target_tlb_bit1)

+/*
+ * AArch64 usage of the PAGE_TARGET_* bits for linux-user.
+ */
+#define PAGE_BTI PAGE_TARGET_1
+
 /*
  * Naming convention for isar_feature functions:
  * Functions which test 32-bit ID registers should have _aa32_ in
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 71888083417d..072754fa24d4 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -14507,10 +14507,10 @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn)
  */
 static bool is_guarded_page(CPUARMState *env, DisasContext *s)
 {
+ uint64_t addr = s->base.pc_first;
 #ifdef CONFIG_USER_ONLY
- return false; /* FIXME */
+ return page_get_flags(addr) & PAGE_BTI;
 #else
- uint64_t addr = s->base.pc_first;
     int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
     unsigned int index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);