target/s390x: Fix MVCRL with a large value in R0

Using a large R0 causes an assertion error: qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 4096' failed. Even though PoP explicitly advises against using more than 8 bits for the size, an emulator crash is never a good thing. Fix by truncating the size to 8 bits. Fixes: ea0a1053e276 ("s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Cc: qemu-stable@nongnu.org Message-Id: <20230704081506.276055-5-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit 92a57534619a4058544ce8f9c0beae3e054f342b) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
author: Ilya Leoshkevich <iii@linux.ibm.com> 2023-07-04 10:12:28 +0200
committer: Michael Tokarev <mjt@tls.msk.ru> 2023-07-31 08:52:38 +0300
commit: eefa524832a1795674a9c37b4a93610bcb152b23 (patch)
tree: 393f7ad3ec901d828d5856e2c439dcd0dee629eb /target/s390x/tcg
parent: aa308958e6246ccc71bf1ef65f0566cea116fe37 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index 8b58b8d88d..7141d0ad88 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -514,6 +514,7 @@ void HELPER(mvcrl)(CPUS390XState *env, uint64_t l, uint64_t dest, uint64_t src)
     int32_t i;
 
     /* MVCRL always copies one more byte than specified - maximum is 256 */
+    l &= 0xff;
     l++;
 
     access_prepare(&srca, env, src, l, MMU_DATA_LOAD, mmu_idx, ra);
author	Ilya Leoshkevich <iii@linux.ibm.com>	2023-07-04 10:12:28 +0200
committer	Michael Tokarev <mjt@tls.msk.ru>	2023-07-31 08:52:38 +0300
commit	eefa524832a1795674a9c37b4a93610bcb152b23 (patch)
tree	393f7ad3ec901d828d5856e2c439dcd0dee629eb /target/s390x/tcg
parent	aa308958e6246ccc71bf1ef65f0566cea116fe37 (diff)