In v7m_exception_taken(), for v8M we set the EXC_RETURN.ES bit if either the exception targets Secure or if the CPU doesn't implement the Security Extension. This is incorrect: the v8M Arm ARM specifies that the ES bit should be RES0 if the Security Extension is not implemented, and the pseudocode agrees.
Remove the incorrect condition, so that we leave the ES bit 0 if the Security Extension isn't implemented. This doesn't have any guest-visible effects for our current set of emulated CPUs, because all our v8M CPUs implement the Security Extension; but it's worth fixing in case we add a v8M CPU without the extension in future. Reported-by: Igor Kotrasinski <[email protected]> Signed-off-by: Peter Maydell <[email protected]> --- target/arm/m_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c index 355cd4d60a7..2b55e90ea9d 100644 --- a/target/arm/m_helper.c +++ b/target/arm/m_helper.c @@ -895,7 +895,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain, } lr &= ~R_V7M_EXCRET_ES_MASK; - if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) { + if (targets_secure) { lr |= R_V7M_EXCRET_ES_MASK; } lr &= ~R_V7M_EXCRET_SPSEL_MASK; -- 2.25.1
