target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)

The AArch64 SPSR_EL1 register is architecturally mandated to
be mapped to the AArch32 SPSR_svc register. This means its
state should live in QEMU's env->banked_spsr[1] field.
Correct the various places in the code that incorrectly
put it in banked_spsr[0].

Backports commit 7847f9ea9fce15a9ecfb62ab72c1e84ff516b0db from qemu

qemu/target-arm/helper-a64.c

@@ -579,7 +579,7 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
         aarch64_save_sp(env, arm_current_el(env));
         env->elr_el[new_el] = env->pc;
     } else {
-        env->banked_spsr[0] = cpsr_read(env);
+        env->banked_spsr[aarch64_banked_spsr_index(new_el)] = cpsr_read(env);
         if (!env->thumb) {
             env->cp15.esr_el[new_el] |= 1 << 25;
         }

qemu/target-arm/helper.c

@@ -2108,7 +2108,7 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { "ELR_EL1", 0,4,0, 3,0,1, ARM_CP_STATE_AA64,
       ARM_CP_ALIAS, PL1_RW, 0, NULL, 0, offsetof(CPUARMState, elr_el[1]) },
     { "SPSR_EL1", 0,4,0, 3,0,0, ARM_CP_STATE_AA64,
-      ARM_CP_ALIAS, PL1_RW, 0, NULL, 0, offsetof(CPUARMState, banked_spsr[0]) },
+      ARM_CP_ALIAS, PL1_RW, 0, NULL, 0, offsetof(CPUARMState, banked_spsr[1]) },
     /* We rely on the access checks not allowing the guest to write to the
      * state field when SPSel indicates that it's being used as the stack
      * pointer.

qemu/target-arm/internals.h

@@ -83,12 +83,15 @@ static inline void arm_log_exception(int idx)
 
 /*
  * For AArch64, map a given EL to an index in the banked_spsr array.
+ * Note that this mapping and the AArch32 mapping defined in bank_number()
+ * must agree such that the AArch64<->AArch32 SPSRs have the architecturally
+ * mandated mapping between each other.
  */
 static inline unsigned int aarch64_banked_spsr_index(unsigned int el)
 {
     static const unsigned int map[4] = {
         0,
-        0, /* EL1.  */
+        1, /* EL1.  */
         6, /* EL2.  */
         7, /* EL3.  */
     };