On 05.08.2018 20:28, Pavel Zbitskiy wrote: > Suppose psw.mask=0x0000000080000000, cc=2, r1=0 and we do "ipm 1". > This command must touch only bits 32-39, so the expected output > is r1=0x20000000. However, currently qemu yields r1=0x20008000, > because irrelevant parts of PSW leak into r1 during program mask > transfer. > > Signed-off-by: Pavel Zbitskiy <pavel.zbits...@gmail.com> > --- > target/s390x/translate.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/target/s390x/translate.c b/target/s390x/translate.c > index f318fb6e4e..05442dff36 100644 > --- a/target/s390x/translate.c > +++ b/target/s390x/translate.c > @@ -2442,8 +2442,8 @@ static DisasJumpType op_ipm(DisasContext *s, DisasOps > *o) > tcg_gen_andi_i64(o->out, o->out, ~0xff000000ull); > > t1 = tcg_temp_new_i64(); > - tcg_gen_shli_i64(t1, psw_mask, 20); > - tcg_gen_shri_i64(t1, t1, 36); > + tcg_gen_andi_i64(t1, psw_mask, 0x00000f0000000000);
ull? > + tcg_gen_shri_i64(t1, t1, 16); > tcg_gen_or_i64(o->out, o->out, t1); > > tcg_gen_extu_i32_i64(t1, cc_op); > -- Thanks, David / dhildenb
