From: Rémi Denis-Courmont <[email protected]> The VTTBR write callback so far assumes that the underlying VM lies in non-secure state. This handles the secure state scenario.
Signed-off-by: Rémi Denis-Courmont <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]> --- target/arm/helper.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 9a0b8c9aa0a..f8c18ab6c05 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -4018,10 +4018,15 @@ static void vttbr_write(CPUARMState *env, const ARMCPRegInfo *ri, * the combined stage 1&2 tlbs (EL10_1 and EL10_0). */ if (raw_read(env, ri) != value) { - tlb_flush_by_mmuidx(cs, - ARMMMUIdxBit_E10_1 | - ARMMMUIdxBit_E10_1_PAN | - ARMMMUIdxBit_E10_0); + uint16_t mask = ARMMMUIdxBit_E10_1 | + ARMMMUIdxBit_E10_1_PAN | + ARMMMUIdxBit_E10_0; + + if (arm_is_secure_below_el3(env)) { + mask >>= ARM_MMU_IDX_A_NS; + } + + tlb_flush_by_mmuidx(cs, mask); raw_write(env, ri, value); } } -- 2.20.1
