target/arm: Implement UAO semantics

We need only override the current condition under which
TBFLAG_A64.UNPRIV is set.

Backports commit 7a8014ab871d5320effd737dfe88b2e80f16a509 from qemu

qemu/target/arm/helper.c

@@ -11999,28 +11999,29 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
 
         /* Compute the condition for using AccType_UNPRIV for LDTR et al. */
-        /* TODO: ARMv8.2-UAO */
-        switch (mmu_idx) {
-        case ARMMMUIdx_E10_1:
-        case ARMMMUIdx_E10_1_PAN:
-        case ARMMMUIdx_SE10_1:
-        case ARMMMUIdx_SE10_1_PAN:
-            /* TODO: ARMv8.3-NV */
-            flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
-            break;
-        case ARMMMUIdx_E20_2:
-        case ARMMMUIdx_E20_2_PAN:
-            /* TODO: ARMv8.4-SecEL2 */
-            /*
-             * Note that E20_2 is gated by HCR_EL2.E2H == 1, but E20_0 is
-             * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
-             */
-            if (env->cp15.hcr_el2 & HCR_TGE) {
+        if (!(env->pstate & PSTATE_UAO)) {
+            switch (mmu_idx) {
+            case ARMMMUIdx_E10_1:
+            case ARMMMUIdx_E10_1_PAN:
+            case ARMMMUIdx_SE10_1:
+            case ARMMMUIdx_SE10_1_PAN:
+                /* TODO: ARMv8.3-NV */
                 flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+                break;
+            case ARMMMUIdx_E20_2:
+            case ARMMMUIdx_E20_2_PAN:
+                /* TODO: ARMv8.4-SecEL2 */
+                /*
+                 * Note that EL20_2 is gated by HCR_EL2.E2H == 1, but EL20_0 is
+                 * gated by HCR_EL2.<E2H,TGE> == '11', and so is LDTR.
+                 */
+                if (env->cp15.hcr_el2 & HCR_TGE) {
+                    flags = FIELD_DP32(flags, TBFLAG_A64, UNPRIV, 1);
+                }
+                break;
+            default:
+                break;
             }
-            break;
-        default:
-            break;
         }
     } else {
         *pc = env->regs[15];