target/s390x: Fix MVCRL with a large value in R0

Using a large R0 causes an assertion error: qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 4096' failed. Even though PoP explicitly advises against using more than 8 bits for the size, an emulator crash is never a good thing. Fix by truncating the size to 8 bits. Fixes: ea0a105 ("s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Cc: qemu-stable@nongnu.org Message-Id: <20230704081506.276055-5-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit 92a5753) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
qemu · Jul 31, 2023 · eefa524 · eefa524
1 parent aa30895
commit eefa524
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
@@ -514,6 +514,7 @@ void HELPER(mvcrl)(CPUS390XState *env, uint64_t l, uint64_t dest, uint64_t src)
     int32_t i;
 
     /* MVCRL always copies one more byte than specified - maximum is 256 */
+    l &= 0xff;
     l++;
 
     access_prepare(&srca, env, src, l, MMU_DATA_LOAD, mmu_idx, ra);