target/arm: fix incorrect current EL bug in aarch32 exception emulation

The arm_current_el() should be invoked after mode switching. Otherwise, we get a wrong current EL value, since current EL is also determined by current mode. Fixes: 4a2696c0d4 ("target/arm: Set PAN bit as required on exception entry") Backports commit 88828bf133b64b7a860c166af3423ef1a47c5d3b from qemu
2025-01-10 19:05:45 +00:00 · 2020-04-30 06:57:29 -04:00 · 2020-04-30 06:57:29 -04:00 · 1e274425bd
parent 5ac51ff092
commit 1e274425bd
1 changed files with 4 additions and 1 deletions
--- a/qemu/target/arm/helper.c
+++ b/qemu/target/arm/helper.c
@ -8851,7 +8851,6 @@ static void take_aarch32_exception(CPUARMState *env, int new_mode,

    /* Change the CPU state so as to actually take the exception. */
    switch_mode(env, new_mode);
-    new_el = arm_current_el(env);

    /*
     * For exceptions taken to AArch32 we must clear the SS bit in both
@ -8863,6 +8862,10 @@ static void take_aarch32_exception(CPUARMState *env, int new_mode,
    env->condexec_bits = 0;
    /* Switch to the new mode, and to the correct instruction set.  */
    env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
+
+    /* This must be after mode switching. */
+    new_el = arm_current_el(env);
+
    /* Set new mode endianness */
    env->uncached_cpsr &= ~CPSR_E;
    if (env->cp15.sctlr_el[new_el] & SCTLR_EE) {