Commit 13dbcfcc81 for qemu.org

commit 13dbcfcc816f20e5b14d40b28ae4971e257329b6
Author: Richard Henderson <richard.henderson@linaro.org>
Date:   Fri May 22 15:02:15 2026 -0700

    target/arm: Trap direct acceses to FPMR

    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    Message-id: 20260522220306.235200-14-richard.henderson@linaro.org
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index d1a581acfd..41dd013784 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -2899,6 +2899,10 @@ static void handle_sys(DisasContext *s, bool isread,
     }

     if (!skip_fp_access_checks) {
+        if ((ri->type & ARM_CP_FPMR) && s->fpmr_el != 0) {
+            gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, s->fpmr_el);
+            return;
+        }
         if ((ri->type & ARM_CP_FPU) && !fp_access_check_only(s)) {
             return;
         } else if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {