From patchwork Wed Dec 20 17:14:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 10126105
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E9D6360245 for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 20 Dec 2017 17:31:38 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D114A2858B
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 20 Dec 2017 17:31:38 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C534A29824; Wed, 20 Dec 2017 17:31:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3D4412858B
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 20 Dec 2017 17:31:38 +0000 (UTC)
Received: from localhost ([::1]:60422 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1eRiDR-0001cS-Dd for patchwork-qemu-devel@patchwork.kernel.org;
	Wed, 20 Dec 2017 12:31:37 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56324)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1eRhyG-0004Yo-AZ
	for qemu-devel@nongnu.org; Wed, 20 Dec 2017 12:15:57 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1eRhyD-0007Ba-Tv
	for qemu-devel@nongnu.org; Wed, 20 Dec 2017 12:15:56 -0500
Received: from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]:36798)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <paolo.bonzini@gmail.com>)
	id 1eRhyD-0007BF-Ne; Wed, 20 Dec 2017 12:15:53 -0500
Received: by mail-wm0-x241.google.com with SMTP id b76so11198092wmg.1;
	Wed, 20 Dec 2017 09:15:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Q2ljUrnQOlWDwuU77kMm8UNSZrNNor9Co0MLtkR3Lt0=;
	b=NvSUI+a6XhBo8dTlw4ql7L+4llEVJlmhDpOQunoGG7zb3KNbGLZz67zAYqQdSZezwF
	ZP3+3btcvW1JNKvRe0sYrf2rgjs1cXpS+g6AFByrUkadws1A8XcbMgQ1v+JSxU7KPWfn
	BlX+UNrUj2Tzlq7s79WVvcQE9IWfYeYKnyzXbNQqI6ewWf8qGeS65CX9XgHuymsyjBqT
	aco/fxh9MKvp8TpCAMFrDs8vck3StmOZkKB7+Z/HV8KFfXEc3yVZ9OqpQnIE4KZeJxqW
	51pVXSzAqBykkukvsqsjn+lW7EQTBvMZkpLt46JJBH+f1gShXZ7IH7WXEeL6mTQHBKVD
	FKRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=Q2ljUrnQOlWDwuU77kMm8UNSZrNNor9Co0MLtkR3Lt0=;
	b=JpzKNZTQgmy+DpBW9km7usGH8f7Rl3PooNMTObBbjMvthqbFaWbByL7DjeER58EeiI
	FbkZ2LSCI+vvrKIc9lG5RAsLit0TYs/TqU8V+ST4+jPgfR5d1nLARqzCXC8GvmamAkuJ
	eFn3RuVMwIkFqSsKWQLBw9TDstkYejyaNZKaVxzmDOxpQekwIA2sC37TtdQVX1jWNDOu
	g5rN3pfeve7a1oIMBj+FXDc4ICzgfpoVy+XGFeD4sofSMv1QHuU0DAoTDsx91/ZU+4PT
	XsR5R3pNoNrxCOL/4QnMbNn6HMAttDv27tIWlaWCSNZ9hWP3PAQYNoszsCBL5X/SOoj7
	Jg1A==
X-Gm-Message-State: AKGB3mK8tm3w+GZVZtAyQ0dUBkF7lR4W+FyMg++prA/gye0HnHKZj+ej
	BXWOqchDUiY3iI4olPgjBWSvXiS2
X-Google-Smtp-Source: 
 ACJfBosKx1X7+8itzY/wgZevi/uYuiTAtbS7cl++OeUVGRMx2ejLU7PkJafUqzIaHsC4TdzN98z4eg==
X-Received: by 10.28.69.197 with SMTP id l66mr7386108wmi.67.1513790152286;
	Wed, 20 Dec 2017 09:15:52 -0800 (PST)
Received: from 640k.lan (dynamic-adsl-78-12-251-125.clienti.tiscali.it.
	[78.12.251.125]) by smtp.gmail.com with ESMTPSA id
	f125sm2751101wme.45.2017.12.20.09.15.51
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Dec 2017 09:15:51 -0800 (PST)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed, 20 Dec 2017 18:14:29 +0100
Message-Id: <1513790098-9815-18-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1513790098-9815-1-git-send-email-pbonzini@redhat.com>
References: <1513790098-9815-1-git-send-email-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c09::241
Subject: [Qemu-devel] [PULL 17/46] target/i386: Fix handling of VEX prefixes
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-stable@nongnu.org
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Peter Maydell <peter.maydell@linaro.org>

In commit e3af7c788b73a6495eb9d94992ef11f6ad6f3c56 we
replaced direct calls to to cpu_ld*_code() with calls
to the x86_ld*_code() wrappers which incorporate an
advance of s->pc. Unfortunately we didn't notice that
in one place the old code was deliberately not incrementing
s->pc:

@@ -4501,7 +4528,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
             static const int pp_prefix[4] = {
                 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
             };
-            int vex3, vex2 = cpu_ldub_code(env, s->pc);
+            int vex3, vex2 = x86_ldub_code(env, s);

             if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
                 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,

This meant we were mishandling this set of instructions.
Remove the manual advance of s->pc for the "is VEX" case
(which is now done by x86_ldub_code()) and instead rewind
PC in the case where we decide that this isn't really VEX.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Reported-by: Alexandro Sanchez Bach <alexandro@phi.nz>
Message-Id: <1513163959-17545-1-git-send-email-peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/translate.c b/target/i386/translate.c
index f410938..23d7eec 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -4548,9 +4548,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
             if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
                 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
                    otherwise the instruction is LES or LDS.  */
+                s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
                 break;
             }
-            s->pc++;
 
             /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
             if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ