From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50365)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1XhdBb-0006Z9-J2
	for qemu-devel@nongnu.org; Fri, 24 Oct 2014 07:37:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1XhdBa-0008Qf-Lm
	for qemu-devel@nongnu.org; Fri, 24 Oct 2014 07:37:39 -0400
Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:54280)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1XhdBa-0008OE-G6
	for qemu-devel@nongnu.org; Fri, 24 Oct 2014 07:37:38 -0400
Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80)
	(envelope-from <pm215@archaic.org.uk>) id 1XhdBS-0007wb-G9
	for qemu-devel@nongnu.org; Fri, 24 Oct 2014 12:37:30 +0100
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 24 Oct 2014 12:37:23 +0100
Message-Id: <1414150649-30428-18-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1414150649-30428-1-git-send-email-peter.maydell@linaro.org>
References: <1414150649-30428-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PULL 17/23] target-arm: correctly UNDEF writes to
	FPINST/FPINST2 from EL0
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

The ARM ARM requires that the FPINST and FPINST2 VFP control
registers are not accessible to code at EL0. We were already
correctly implementing this for reads of these registers; add
the missing check for the write code path.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 1412967447-20931-1-git-send-email-peter.maydell@linaro.org
---
 target-arm/translate.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 4e764d3..656b09e 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3232,6 +3232,9 @@ static int disas_vfp_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
                             break;
                         case ARM_VFP_FPINST:
                         case ARM_VFP_FPINST2:
+                            if (IS_USER(s)) {
+                                return 1;
+                            }
                             tmp = load_reg(s, rd);
                             store_cpu_field(tmp, vfp.xregs[rn]);
                             break;
-- 
1.9.1