From: Julio Guerra <julio@farjump.io>
Date: Wed, 14 Oct 2015 17:43:19 +0000 (+0200)
Subject: taget-ppc: Fix read access to IBAT registers higher than IBAT3
X-Git-Tag: v2.5.0-rc0~25^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ede8f699645f4ca7cdbc40d8139e5a0275b4805;p=thirdparty%2Fqemu.git

taget-ppc: Fix read access to IBAT registers higher than IBAT3

Fix the index used to read the IBAT's vector which results in IBAT0..3 instead
of IBAT4..N.

The bug appeared by saving/restoring contexts including IBATs values.

Signed-off-by: Julio Guerra <julio@farjump.io>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 4934c80b8f0..e88dc7fc7aa 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -305,7 +305,7 @@ static void spr_read_ibat (DisasContext *ctx, int gprn, int sprn)
 
 static void spr_read_ibat_h (DisasContext *ctx, int gprn, int sprn)
 {
-    tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, IBAT[sprn & 1][(sprn - SPR_IBAT4U) / 2]));
+    tcg_gen_ld_tl(cpu_gpr[gprn], cpu_env, offsetof(CPUPPCState, IBAT[sprn & 1][((sprn - SPR_IBAT4U) / 2) + 4]));
 }
 
 static void spr_write_ibatu (DisasContext *ctx, int sprn, int gprn)