From: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Date: Mon, 2 Nov 2020 16:52:15 +0000 (+0000)
Subject: target/arm: fix handling of HCR.FB
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=373e7ffde9bae90a20fb5db21b053f23091689f4;p=qemu.git

target/arm: fix handling of HCR.FB

HCR should be applied when NS is set, not when it is cleared.

Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 97bb6b8c01..dc51175bf0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -731,13 +731,12 @@ static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
 
 /*
  * Non-IS variants of TLB operations are upgraded to
- * IS versions if we are at NS EL1 and HCR_EL2.FB is set to
+ * IS versions if we are at EL1 and HCR_EL2.FB is effectively set to
  * force broadcast of these operations.
  */
 static bool tlb_force_broadcast(CPUARMState *env)
 {
-    return (env->cp15.hcr_el2 & HCR_FB) &&
-        arm_current_el(env) == 1 && arm_is_secure_below_el3(env);
+    return arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_FB);
 }
 
 static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,