diff -ur qemu.git/target-arm/helper-a64.c qemu-2.1.0-rc1/target-arm/helper-a64.c
--- qemu.git/target-arm/helper-a64.c	2014-07-27 23:53:02.000000000 -0700
+++ qemu-2.1.0-rc1/target-arm/helper-a64.c	2014-07-27 23:26:22.000000000 -0700
@@ -444,9 +444,10 @@
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
     target_ulong addr = env->cp15.vbar_el[1];
+    int cur_el = arm_current_pl(env);
     int i;
 
-    if (arm_current_pl(env) == 0) {
+    if (cur_el == 0) {
         if (env->aarch64) {
             addr += 0x400;
         } else {
@@ -457,7 +458,7 @@
     }
 
     arm_log_exception(cs->exception_index);
-    qemu_log_mask(CPU_LOG_INT, "...from EL%d\n", arm_current_pl(env));
+    qemu_log_mask(CPU_LOG_INT, "...from EL%d\n", cur_el);
     if (qemu_loglevel_mask(CPU_LOG_INT)
         && !excp_is_internal(cs->exception_index)) {
         qemu_log_mask(CPU_LOG_INT, "...with ESR 0x%" PRIx32 "\n",
@@ -489,7 +490,7 @@
 
     if (is_a64(env)) {
         env->banked_spsr[aarch64_banked_spsr_index(1)] = pstate_read(env);
-        env->sp_el[arm_current_pl(env)] = env->xregs[31];
+        env->sp_el[pstate_read(env) & PSTATE_SP ? cur_el : 0] = env->xregs[31];
         env->xregs[31] = env->sp_el[1];
         env->elr_el[1] = env->pc;
     } else {
diff -ur qemu.git/target-arm/op_helper.c qemu-2.1.0-rc1/target-arm/op_helper.c
--- qemu.git/target-arm/op_helper.c	2014-07-27 23:53:02.000000000 -0700
+++ qemu-2.1.0-rc1/target-arm/op_helper.c	2014-07-27 04:57:43.000000000 -0700
@@ -414,7 +414,7 @@
         }
         env->aarch64 = 1;
         pstate_write(env, spsr);
-        env->xregs[31] = env->sp_el[new_el];
+        env->xregs[31] = (env->pstate & PSTATE_SP) ? env->sp_el[new_el] : env->sp_el[0];
         env->pc = env->elr_el[cur_el];
     }