From 0751366e5c83fdbc99b73b80557b76a9d7197628 Mon Sep 17 00:00:00 2001
From: Lioncash <mathew1800@gmail.com>
Date: Mon, 12 Mar 2018 11:40:17 -0400
Subject: [PATCH] target/arm/op_helper: Correct bad merge

---
 qemu/target/arm/op_helper.c | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/qemu/target/arm/op_helper.c b/qemu/target/arm/op_helper.c
index 913bfb71..d3460aa7 100644
--- a/qemu/target/arm/op_helper.c
+++ b/qemu/target/arm/op_helper.c
@@ -217,7 +217,6 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
     cpu_restore_state(cs, retaddr);
 
     fi.ea = arm_extabort_type(response);
-
     fi.type = ARMFault_SyncExternal;
     deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
 }
@@ -889,7 +888,6 @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome)
          * "firmware" via HCR.TSC, so for these purposes treat
          * PSCI-via-SMC as implying an EL3.
          */
-        /* If we have no EL3 then SMC always UNDEFs */
         undef = true;
     } else if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) {
         /* In NS EL1, HCR controlled routing to EL2 has priority over SMD.
@@ -1114,15 +1112,27 @@ static bool bp_wp_matches(ARMCPU *cpu, int n, bool is_wp)
     CPUARMState *env = &cpu->env;
     uint64_t cr;
     int pac, hmc, ssc, wt, lbn;
-    /* TODO: check against CPU security state when we implement TrustZone */
-    bool is_secure = false;
+    /* Note that for watchpoints the check is against the CPU security
+     * state, not the S/NS attribute on the offending data access.
+     */
+    bool is_secure = arm_is_secure(env);
+    int access_el = arm_current_el(env);
 
     if (is_wp) {
-        if (!env->cpu_watchpoint[n]
-            || !(env->cpu_watchpoint[n]->flags & BP_WATCHPOINT_HIT)) {
+        CPUWatchpoint *wp = env->cpu_watchpoint[n];
+
+        if (!wp || !(wp->flags & BP_WATCHPOINT_HIT)) {
             return false;
         }
         cr = env->cp15.dbgwcr[n];
+       // Unicorn: commented out
+       // if (wp->hitattrs.user) {
+       //     /* The LDRT/STRT/LDT/STT "unprivileged access" instructions should
+       //      * match watchpoints as if they were accesses done at EL0, even if
+       //      * the CPU is at EL1 or higher.
+       //      */
+       //     access_el = 0;
+       // }
     } else {
         uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
 
@@ -1163,15 +1173,7 @@ static bool bp_wp_matches(ARMCPU *cpu, int n, bool is_wp)
         break;
     }
 
-    /* TODO: this is not strictly correct because the LDRT/STRT/LDT/STT
-     * "unprivileged access" instructions should match watchpoints as if
-     * they were accesses done at EL0, even if the CPU is at EL1 or higher.
-     * Implementing this would require reworking the core watchpoint code
-     * to plumb the mmu_idx through to this point. Luckily Linux does not
-     * rely on this behaviour currently.
-     * For breakpoints we do want to use the current CPU state.
-     */
-    switch (arm_current_el(env)) {
+    switch (access_el) {
     case 3:
     case 2:
         if (!hmc) {
@@ -1300,6 +1302,7 @@ void arm_debug_excp_handler(CPUState *cs)
             bool same_el = arm_debug_target_el(env) == arm_current_el(env);
 
             cs->watchpoint_hit = NULL;
+
             if (extended_addresses_enabled(env)) {
                 env->exception.fsr = (1 << 9) | 0x22;
             } else {