target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL

It is incorrect to call arm_el_is_aa64() function for unimplemented EL. This patch fixes several attempts to do so. Backports commit 2cde031f5a34996bab32571a26b1a6bcf3e5b5d9 from qemu
2025-03-28 07:26:57 +00:00 · 2018-02-16 14:39:38 -05:00 · 2018-02-16 14:39:38 -05:00 · 1152631b4b
parent 04992f0fb3
commit 1152631b4b
2 changed files with 21 additions and 5 deletions
--- a/qemu/target-arm/cpu.h
+++ b/qemu/target-arm/cpu.h
@ -1030,11 +1030,11 @@ static inline bool access_secure_reg(CPUARMState *env)
 */
 #define A32_BANKED_CURRENT_REG_GET(_env, _regname)        \
    A32_BANKED_REG_GET((_env), _regname,                \
-                       ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))))
+                       (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)))

 #define A32_BANKED_CURRENT_REG_SET(_env, _regname, _val)                       \
    A32_BANKED_REG_SET((_env), _regname,                                    \
-                       ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))),  \
+                       (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)), \
                       (_val))

 void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf);
@ -1601,7 +1601,12 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
     * interrupt.
     */
    if ((target_el > cur_el) && (target_el != 1)) {
-        if (arm_el_is_aa64(env, 3) || ((scr || hcr) && (!secure))) {
+        /* ARM_FEATURE_AARCH64 enabled means the highest EL is AArch64.
+         * This code currently assumes that EL2 is not implemented
+         * (and so that highest EL will be 3 and the target_el also 3).
+         */
+        if (arm_feature(env, ARM_FEATURE_AARCH64) ||
+            ((scr || hcr) && (!secure))) {
            unmasked = 1;
        }
    }
--- a/qemu/target-arm/helper.c
+++ b/qemu/target-arm/helper.c
@ -4586,11 +4586,22 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
                                 uint32_t cur_el, bool secure)
 {
    CPUARMState *env = cs->env_ptr;
-    int rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+    int rw;
    int scr;
    int hcr;
    int target_el;
-    int is64 = arm_el_is_aa64(env, 3);
+    /* Is the highest EL AArch64? */
+    int is64 = arm_feature(env, ARM_FEATURE_AARCH64);
+
+    if (arm_feature(env, ARM_FEATURE_EL3)) {
+        rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+    } else {
+        /* Either EL2 is the highest EL (and so the EL2 register width
+         * is given by is64); or there is no EL2 or EL3, in which case
+         * the value of 'rw' does not affect the table lookup anyway.
+         */
+        rw = is64;
+    }

    switch (excp_idx) {
    case EXCP_IRQ: