target-arm: Only trap SRS from S-EL1 if specified mode is MON

Commit cbc0326b6fb9 caused SRS instructions executed from Secure
EL1 to trap to EL3 even if the specified mode was not monitor mode.

According to the ARMv8 Architecture reference manual [F6.1.203], ALL
of the following conditions need to be met for SRS to trap to EL3:
* It is executed at Secure PL1.
* The specified mode is monitor mode.
* EL3 is using AArch64.

Correct the condition governing the trap to EL3 to check the
specified mode.

Signed-off-by: Ralf-Philipp Weinmann <ralf+devel@comsecuris.com>
Message-id: 20160222224251.GA11654@beta.comsecuris.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked comment text to read 'specified mode'; edited
 commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 25db09e..025c7a5 100644 (file)
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7655,6 +7655,7 @@ static void gen_srs(DisasContext *s,
 
     /* SRS is:
      * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
+     *   and specified mode is monitor mode
      * - UNDEFINED in Hyp mode
      * - UNPREDICTABLE in User or System mode
      * - UNPREDICTABLE if the specified mode is:
@@ -7664,7 +7665,7 @@ static void gen_srs(DisasContext *s,
      * -- Monitor, if we are Non-secure
      * For the UNPREDICTABLE cases we choose to UNDEF.
      */
-    if (s->current_el == 1 && !s->ns) {
+    if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
         gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
         return;
     }