On the real hardware, RTAS is called in real mode and therefore ignores top 4 bits of the address passed in the call.
This fixes QEMU to do the same thing. Signed-off-by: Alexey Kardashevskiy <a...@ozlabs.ru> --- hw/ppc/spapr_rtas.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c index eb542f2..ab03d67 100644 --- a/hw/ppc/spapr_rtas.c +++ b/hw/ppc/spapr_rtas.c @@ -240,7 +240,8 @@ target_ulong spapr_rtas_call(PowerPCCPU *cpu, sPAPREnvironment *spapr, struct rtas_call *call = rtas_table + (token - TOKEN_BASE); if (call->fn) { - call->fn(cpu, spapr, token, nargs, args, nret, rets); + call->fn(cpu, spapr, token, nargs, args & 0x0FFFFFFFFFFFFFFFUL, + nret, rets); return H_SUCCESS; } } -- 1.8.4.rc4