From 6d81235ebb577ae4510663c258bdf70522ec7ead Mon Sep 17 00:00:00 2001
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 3 Jul 2018 05:07:07 -0400
Subject: [PATCH] target/arm: Fix SVE system register access checks

Leave ARM_CP_SVE, removing ARM_CP_FPU; the sve_access_check
produced by the flag already includes fp_access_check. If
we also check ARM_CP_FPU the double fp_access_check asserts.

Backports commit 11d7870b1b4d038d7beb827f3afa72e284701351 from qemu
---
 qemu/target/arm/helper.c        | 8 ++++----
 qemu/target/arm/translate-a64.c | 5 ++---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c
index c64a96b6..5e353088 100644
--- a/qemu/target/arm/helper.c
+++ b/qemu/target/arm/helper.c
@@ -3851,25 +3851,25 @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
 }
 
 static const ARMCPRegInfo zcr_el1_reginfo = {
-    "ZCR_EL1", 0,1,2, 3,0,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
+    "ZCR_EL1", 0,1,2, 3,0,0, ARM_CP_STATE_AA64, ARM_CP_SVE,
     PL1_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[1]), {0, 0},
     NULL, NULL, zcr_write, NULL, raw_write
 };
 
 static const ARMCPRegInfo zcr_el2_reginfo = {
-    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
+    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE,
     PL2_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[2]), {0, 0},
     NULL, NULL, zcr_write, NULL, raw_write
 };
 
 static const ARMCPRegInfo zcr_no_el2_reginfo = {
-    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
+    "ZCR_EL2", 0,1,2, 3,4,0, ARM_CP_STATE_AA64, ARM_CP_SVE,
     PL2_RW, 0, NULL, 0, 0, {0, 0},
     NULL, arm_cp_read_zero, arm_cp_write_ignore
 };
 
 static const ARMCPRegInfo zcr_el3_reginfo = {
-    "ZCR_EL3", 0,1,2, 3,6,0, ARM_CP_STATE_AA64, ARM_CP_SVE | ARM_CP_FPU,
+    "ZCR_EL3", 0,1,2, 3,6,0, ARM_CP_STATE_AA64, ARM_CP_SVE,
     PL3_RW, 0, NULL, 0, offsetof(CPUARMState, vfp.zcr_el[3]), {0, 0},
     NULL, NULL, zcr_write, NULL, raw_write
 };
diff --git a/qemu/target/arm/translate-a64.c b/qemu/target/arm/translate-a64.c
index 911d7257..592abff5 100644
--- a/qemu/target/arm/translate-a64.c
+++ b/qemu/target/arm/translate-a64.c
@@ -1698,11 +1698,10 @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
     default:
         break;
     }
-    if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
-        return;
-    }
     if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
         return;
+    } else if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {
+        return;
     }
 
     // Unicorn: if'd out