target/s390x: Fix translator_fake_ld length

The ilen value extracted from ex_value is the length of the
EXECUTE instruction itself, and so is the increment to the pc.
However, the length of the synthetic insn is located in the
opcode like all other instructions.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 2eb787e4013df74d37911ecba328eba65526a3b0..95d4d6ebc35c0b7e79b79f81027528b6c61c9bc7 100644 (file)
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -6200,11 +6200,11 @@ static const DisasInsn *extract_insn(CPUS390XState *env, DisasContext *s)
         /* Extract the values saved by EXECUTE.  */
         insn = s->ex_value & 0xffffffffffff0000ull;
         ilen = s->ex_value & 0xf;
+        op = insn >> 56;
 
         /* Register insn bytes with translator so plugins work. */
         be_insn = cpu_to_be64(insn);
-        translator_fake_ld(&s->base, &be_insn, ilen);
-        op = insn >> 56;
+        translator_fake_ld(&s->base, &be_insn, get_ilen(op));
     } else {
         insn = ld_code2(env, s, pc);
         op = (insn >> 8) & 0xff;