From df4413edc736759a91c37fd1fb39c4c9107de116 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= Date: Tue, 2 Mar 2021 13:04:51 -0500 Subject: [PATCH] target/arm: fix handling of HCR.FB HCR should be applied when NS is set, not when it is cleared. Backports 373e7ffde9bae90a20fb5db21b053f23091689f4 --- qemu/target/arm/helper.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c index 94de308b..e506d434 100644 --- a/qemu/target/arm/helper.c +++ b/qemu/target/arm/helper.c @@ -471,13 +471,12 @@ static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri, /* * Non-IS variants of TLB operations are upgraded to - * IS versions if we are at NS EL1 and HCR_EL2.FB is set to + * IS versions if we are at EL1 and HCR_EL2.FB is effectively set to * force broadcast of these operations. */ static bool tlb_force_broadcast(CPUARMState *env) { - return (env->cp15.hcr_el2 & HCR_FB) && - arm_current_el(env) == 1 && arm_is_secure_below_el3(env); + return arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_FB); } static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,