From: Ralf-Philipp Weinmann <ralf+de...@comsecuris.com>
Commit cbc0326b6fb9 caused SRS instructions executed from Secure
EL1 to trap to EL3 even if the specified mode was not monitor mode.
According to the ARMv8 Architecture reference manual [F6.1.203], ALL
of the following conditions need to be met for SRS to trap to EL3:
* It is executed at Secure PL1.
* The specified mode is monitor mode.
* EL3 is using AArch64.
Correct the condition governing the trap to EL3 to check the
specified mode.
Signed-off-by: Ralf-Philipp Weinmann <ralf+de...@comsecuris.com>
Message-id: 20160222224251.ga11...@beta.comsecuris.com
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
[PMM: tweaked comment text to read 'specified mode'; edited
commit message]
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
target-arm/translate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 25db09e..025c7a5 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7655,6 +7655,7 @@ static void gen_srs(DisasContext *s,
/* SRS is:
* - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
+ * and specified mode is monitor mode
* - UNDEFINED in Hyp mode
* - UNPREDICTABLE in User or System mode
* - UNPREDICTABLE if the specified mode is:
@@ -7664,7 +7665,7 @@ static void gen_srs(DisasContext *s,
* -- Monitor, if we are Non-secure
* For the UNPREDICTABLE cases we choose to UNDEF.
*/
- if (s->current_el == 1 && !s->ns) {
+ if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
return;
}
--
1.9.1
