target-arm: A64: Handle blr lr

For linked branches, updates to the link register happen
conceptually after the read of the branch target register.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Cc: qemu-stable@nongnu.org
Message-id: 1398926097-28097-3-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 1b505f93bcf605e7c4144fef83bd039b0d4f2576)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a78036661a..e041f11812 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1432,8 +1432,10 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
     switch (opc) {
     case 0: /* BR */
     case 2: /* RET */
+        tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn));
         break;
     case 1: /* BLR */
+        tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn));
         tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
         break;
     case 4: /* ERET */
@@ -1449,7 +1451,6 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         return;
     }
 
-    tcg_gen_mov_i64(cpu_pc, cpu_reg(s, rn));
     s->is_jmp = DISAS_JUMP;
 }