From 523f529d407933c5ba81cd1c0abe9a95d7137885 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Tue, 4 Jul 2023 10:12:29 +0200 Subject: [PATCH] target/s390x: Fix LRA overwriting the top 32 bits on DAT error When a DAT error occurs, LRA is supposed to write the error information to the bottom 32 bits of R1, and leave the top 32 bits of R1 alone. Fix by passing the original value of R1 into helper and copying the top 32 bits to the return value. Fixes: d8fe4a9c284f ("target-s390: Convert LRA") Signed-off-by: Ilya Leoshkevich Reviewed-by: David Hildenbrand Cc: qemu-stable@nongnu.org Message-Id: <20230704081506.276055-6-iii@linux.ibm.com> Signed-off-by: Thomas Huth (cherry picked from commit 6da311a60d58dba27f5f790217d5ebba944e34ab) Signed-off-by: Michael Tokarev --- target/s390x/helper.h | 2 +- target/s390x/tcg/mem_helper.c | 4 ++-- target/s390x/tcg/translate.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index f629f0fbcf..5038cfe851 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -359,7 +359,7 @@ DEF_HELPER_FLAGS_4(idte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) -DEF_HELPER_2(lra, i64, env, i64) +DEF_HELPER_3(lra, i64, env, i64, i64) DEF_HELPER_1(per_check_exception, void, env) DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_RWG, void, env, i64, i64) DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64) diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c index 7141d0ad88..51894f17f5 100644 --- a/target/s390x/tcg/mem_helper.c +++ b/target/s390x/tcg/mem_helper.c @@ -2374,7 +2374,7 @@ void HELPER(purge)(CPUS390XState *env) } /* load real address */ -uint64_t HELPER(lra)(CPUS390XState *env, uint64_t addr) +uint64_t HELPER(lra)(CPUS390XState *env, uint64_t r1, uint64_t addr) { uint64_t asc = env->psw.mask & PSW_MASK_ASC; uint64_t ret, tec; @@ -2388,7 +2388,7 @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t addr) exc = mmu_translate(env, addr, MMU_S390_LRA, asc, &ret, &flags, &tec); if (exc) { cc = 3; - ret = exc | 0x80000000; + ret = (r1 & 0xFFFFFFFF00000000ULL) | exc | 0x80000000; } else { cc = 0; ret |= addr & ~TARGET_PAGE_MASK; diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 0c22d2f17f..c7498ff3f2 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -2941,7 +2941,7 @@ static DisasJumpType op_lctlg(DisasContext *s, DisasOps *o) static DisasJumpType op_lra(DisasContext *s, DisasOps *o) { - gen_helper_lra(o->out, cpu_env, o->in2); + gen_helper_lra(o->out, cpu_env, o->out, o->in2); set_cc_static(s); return DISAS_NEXT; } -- 2.39.5