diff options
author | Ilya Leoshkevich <iii@linux.ibm.com> | 2023-07-04 10:12:28 +0200 |
---|---|---|
committer | Thomas Huth <thuth@redhat.com> | 2023-07-10 15:34:24 +0200 |
commit | 92a57534619a4058544ce8f9c0beae3e054f342b (patch) | |
tree | e104a82f23e53340525ad2e5890aa2c582f96a5d /target/s390x/tcg | |
parent | fed9a4fe0ce0ec917a6b3a2da0a7ecd3cb9eba56 (diff) | |
download | qemu-92a57534619a4058544ce8f9c0beae3e054f342b.zip qemu-92a57534619a4058544ce8f9c0beae3e054f342b.tar.gz qemu-92a57534619a4058544ce8f9c0beae3e054f342b.tar.bz2 |
target/s390x: Fix MVCRL with a large value in R0
Using a large R0 causes an assertion error:
qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 4096' failed.
Even though PoP explicitly advises against using more than 8 bits for the
size, an emulator crash is never a good thing.
Fix by truncating the size to 8 bits.
Fixes: ea0a1053e276 ("s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Diffstat (limited to 'target/s390x/tcg')
-rw-r--r-- | target/s390x/tcg/mem_helper.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c index d02ec86..84ad852 100644 --- a/target/s390x/tcg/mem_helper.c +++ b/target/s390x/tcg/mem_helper.c @@ -514,6 +514,7 @@ void HELPER(mvcrl)(CPUS390XState *env, uint64_t l, uint64_t dest, uint64_t src) int32_t i; /* MVCRL always copies one more byte than specified - maximum is 256 */ + l &= 0xff; l++; access_prepare(&srca, env, src, l, MMU_DATA_LOAD, mmu_idx, ra); |