On the real hardware, RTAS is called in real mode and therefore ignores top 4 bits of the address passed in the call.
This fixes QEMU to use softmmu which can chop top 4 bits if MSR DR is not set. Signed-off-by: Alexey Kardashevskiy <a...@ozlabs.ru> --- Changes: v2: * masking from replaced with the use of cpu_ldl_data which can handle realmode case properly --- hw/ppc/spapr_hcall.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 063bd36..30f90bf 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -4,6 +4,7 @@ #include "hw/ppc/spapr.h" #include "mmu-hash64.h" #include "cpu-models.h" +#include "exec/softmmu_exec.h" #include <libfdt.h> @@ -523,10 +524,11 @@ static target_ulong h_cede(PowerPCCPU *cpu, sPAPREnvironment *spapr, static target_ulong h_rtas(PowerPCCPU *cpu, sPAPREnvironment *spapr, target_ulong opcode, target_ulong *args) { + CPUPPCState *env = &cpu->env; target_ulong rtas_r3 = args[0]; - uint32_t token = ldl_be_phys(rtas_r3); - uint32_t nargs = ldl_be_phys(rtas_r3 + 4); - uint32_t nret = ldl_be_phys(rtas_r3 + 8); + uint32_t token = cpu_ldl_data(env, rtas_r3); + uint32_t nargs = cpu_ldl_data(env, rtas_r3 + 4); + uint32_t nret = cpu_ldl_data(env, rtas_r3 + 8); return spapr_rtas_call(cpu, spapr, token, nargs, rtas_r3 + 12, nret, rtas_r3 + 12 + 4*nargs); -- 1.8.4.rc4