target-arm: correctly UNDEF writes to FPINST/FPINST2 from EL0

The ARM ARM requires that the FPINST and FPINST2 VFP control
registers are not accessible to code at EL0. We were already
correctly implementing this for reads of these registers; add
the missing check for the write code path.

Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 1412967447-20931-1-git-send-email-peter.maydell@linaro.org

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 4e764d3..656b09e 100644 (file)
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -3232,6 +3232,9 @@ static int disas_vfp_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
                             break;
                         case ARM_VFP_FPINST:
                         case ARM_VFP_FPINST2:
+                            if (IS_USER(s)) {
+                                return 1;
+                            }
                             tmp = load_reg(s, rd);
                             store_cpu_field(tmp, vfp.xregs[rn]);
                             break;