From: Tobias Röhmel <quic_troh...@quicinc.com> The Cortex-R52 can access SPSR_hyp from hypervisor mode as discussed here: https://github.com/zephyrproject-rtos/zephyr/issues/47330
Signed-off-by: Tobias Röhmel <quic_troh...@quicinc.com> --- target/arm/op_helper.c | 8 ++++++++ target/arm/translate.c | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index c5bde1cfcc..aa019bc39d 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -522,6 +522,11 @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode, return; } + if (curmode == ARM_CPU_MODE_HYP && tgtmode == ARM_CPU_MODE_HYP + && arm_feature(env, ARM_FEATURE_V8_R)) { + return; + } + if (curmode == tgtmode) { goto undef; } @@ -570,6 +575,9 @@ void HELPER(msr_banked)(CPUARMState *env, uint32_t value, uint32_t tgtmode, switch (regno) { case 16: /* SPSRs */ env->banked_spsr[bank_number(tgtmode)] = value; + if (arm_feature(env, ARM_FEATURE_V8_R)) { + env->spsr = value; + } break; case 17: /* ELR_Hyp */ env->elr_el[2] = value; diff --git a/target/arm/translate.c b/target/arm/translate.c index 6617de775f..c097f7e417 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -2881,8 +2881,9 @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn, * can be accessed also from Hyp mode, so forbid accesses from * EL0 or EL1. */ - if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 || - (s->current_el < 3 && *regno != 17)) { + if (!arm_dc_feature(s, ARM_FEATURE_V8_R) + && (!arm_dc_feature(s, ARM_FEATURE_EL2) + || s->current_el < 2 || (s->current_el < 3 && *regno != 17))) { goto undef; } break; -- 2.25.1