From c6bb8d483d660985d19a0d61fb5829427980f7e5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 30 Apr 2019 10:15:22 -0400 Subject: [PATCH] target/arm: Disable most VFP sysregs for M-profile The only "system register" that M-profile floating point exposes via the VMRS/VMRS instructions is FPSCR, and it does not have the odd special case for rd==15. Add a check to ensure we only expose FPSCR. Backports commit ef9aae2522c22c05df17dd898099dd5c3f20d688 from qemu --- qemu/target/arm/translate.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/qemu/target/arm/translate.c b/qemu/target/arm/translate.c index bc739dfd..9ca1386d 100644 --- a/qemu/target/arm/translate.c +++ b/qemu/target/arm/translate.c @@ -3620,12 +3620,27 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) } } } else { /* !dp */ + bool is_sysreg; + if ((insn & 0x6f) != 0x00) return 1; rn = VFP_SREG_N(insn); + + is_sysreg = extract32(insn, 21, 1); + + if (arm_dc_feature(s, ARM_FEATURE_M)) { + /* + * The only M-profile VFP vmrs/vmsr sysreg is FPSCR. + * Writes to R15 are UNPREDICTABLE; we choose to undef. + */ + if (is_sysreg && (rd == 15 || (rn >> 1) != ARM_VFP_FPSCR)) { + return 1; + } + } + if (insn & ARM_CP_RW_BIT) { /* vfp->arm */ - if (insn & (1 << 21)) { + if (is_sysreg) { /* system register */ rn >>= 1; @@ -3692,7 +3707,7 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) } } else { /* arm->vfp */ - if (insn & (1 << 21)) { + if (is_sysreg) { rn >>= 1; /* system register */ switch (rn) {