target-arm: Implement remaining illegal return event checks

We already implement almost all the checks for the illegal return events from AArch64 state described in the ARM ARM section D1.11.2. Add the two missing ones: * return to EL2 when EL3 is implemented and SCR_EL3.NS is 0 * return to Non-secure EL1 when EL2 is implemented and HCR_EL2.TGE is 1 (We don't implement external debug, so the case of "debug state exit from EL0 using AArch64 state to EL0 using AArch32 state" doesn't apply for QEMU.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
qemu · Jan 21, 2016 · e393f33 · e393f33
1 parent 3809951
commit e393f33
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
@@ -719,6 +719,16 @@ void HELPER(exception_return)(CPUARMState *env)
         goto illegal_return;
     }
 
+    if (new_el == 2 && arm_is_secure_below_el3(env)) {
+        /* Return to the non-existent secure-EL2 */
+        goto illegal_return;
+    }
+
+    if (new_el == 1 && (env->cp15.hcr_el2 & HCR_TGE)
+        && !arm_is_secure_below_el3(env)) {
+        goto illegal_return;
+    }
+
     if (!return_to_aa64) {
         env->aarch64 = 0;
         env->uncached_cpsr = spsr & CPSR_M;