Indirect branches to addresses taken from registers go through address
generation, e.g., for BRANCH ON CONDITION Principles of Operation says:
In the RR format, the contents of general register R2 are used to
generate the branch address
QEMU uses r2_nz handler for the respective register operands. Currently
it does not zero out extra bits in 24- and 31-bit addressing modes as
required by address generation. The very frequently used
s390x_tr_init_disas_context() function has a workaround for this,
but the code for saving an old PSW during an interrupt does not.
Add the missing masking to r2_nz. Enforce PSW validity by replacing the
workaround with an assertion.
Reported-by: Thomas Weißschuh <linux@weissschuh.net>
Reported-by: Heiko Carstens <hca@linux.ibm.com>
Link: https://lore.kernel.org/lkml/ab3131a2-c42a-47ff-bf03-e9f68ac053c0@t-8ch.de/
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Tested-by: Thomas Weißschuh <linux@weissschuh.net>
Message-ID: <20251016175954.41153-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
fc976a67de