=== target-arm/helper.c
==================================================================
--- target-arm/helper.c	(revision 1912)
+++ target-arm/helper.c	(local)
@@ -162,10 +162,11 @@
     }
     switch_mode (env, new_mode);
     env->spsr = cpsr_read(env);
-    /* Switch to the new mode, and clear the thumb bit.  */
+    /* Switch to the new mode, and switch to Arm mode.  */
     /* ??? Thumb interrupt handlers not implemented.  */
-    env->uncached_cpsr = (env->uncached_cpsr & ~(CPSR_M | CPSR_T)) | new_mode;
+    env->uncached_cpsr = (env->uncached_cpsr & ~CPSR_M) | new_mode;
     env->uncached_cpsr |= mask;
+    env->thumb = 0;
     env->regs[14] = env->regs[15] + offset;
     env->regs[15] = addr;
     env->interrupt_request |= CPU_INTERRUPT_EXITTB;
=== target-arm/translate.c
==================================================================
--- target-arm/translate.c	(revision 1912)
+++ target-arm/translate.c	(local)
@@ -2431,10 +2431,10 @@
 void cpu_reset(CPUARMState *env)
 {
 #if defined (CONFIG_USER_ONLY)
+    env->uncached_cpsr = ARM_CPU_MODE_USR;
+#else
     /* SVC mode with interrupts disabled.  */
     env->uncached_cpsr = ARM_CPU_MODE_SVC | CPSR_A | CPSR_F | CPSR_I;
-#else
-    env->uncached_cpsr = ARM_CPU_MODE_USR;
 #endif
     env->regs[15] = 0;
 }