From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:54779)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mmogilvi_qemu@miniinfo.net>) id 1T4QrA-0004f3-3i
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 02:25:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mmogilvi_qemu@miniinfo.net>) id 1T4Qr8-00042H-BK
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 02:25:27 -0400
Received: from qmta10.emeryville.ca.mail.comcast.net ([76.96.30.17]:36202)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mmogilvi_qemu@miniinfo.net>) id 1T4Qr8-000410-2o
	for qemu-devel@nongnu.org; Thu, 23 Aug 2012 02:25:26 -0400
From: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Date: Thu, 23 Aug 2012 00:24:39 -0600
Message-Id: <1345703083-25322-3-git-send-email-mmogilvi_qemu@miniinfo.net>
In-Reply-To: <1345703083-25322-1-git-send-email-mmogilvi_qemu@miniinfo.net>
References: <1345703083-25322-1-git-send-email-mmogilvi_qemu@miniinfo.net>
Subject: [Qemu-devel] [PATCH v2 2/6] target-i386/translate.c: mov to/from
	crN/drN: ignore mod bits
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>

>>From AMD's documentation (multiple versions of 24594.pdf):
> This instruction is always treated as a register-to-register (MOD = 11)
> instruction, regardless of the encoding of the MOD field in the MODR/M
> byte.

Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on
real Intel 386 and 486 CPU's (at least), but does not run in qemu without
this patch.

Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
---

This version of the patch tweaks some of the comments to refer to
AMD's documentation, based on "malc <av1474@comtv.ru>"'s response to
version 1.  It is functionally identical.

====================

 target-i386/translate.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 7ab2ccb..eb0cabc 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7551,8 +7551,11 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
             gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
         } else {
             modrm = cpu_ldub_code(cpu_single_env, s->pc++);
-            if ((modrm & 0xc0) != 0xc0)
-                goto illegal_op;
+            /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
+             * AMD documentation (24594.pdf) and testing of
+             * intel 386 and 486 processors all show that the mod bits
+             * are assumed to be 1's, regardless of actual values.
+             */
             rm = (modrm & 7) | REX_B(s);
             reg = ((modrm >> 3) & 7) | rex_r;
             if (CODE64(s))
@@ -7594,8 +7597,11 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
             gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
         } else {
             modrm = cpu_ldub_code(cpu_single_env, s->pc++);
-            if ((modrm & 0xc0) != 0xc0)
-                goto illegal_op;
+            /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
+             * AMD documentation (24594.pdf) and testing of
+             * intel 386 and 486 processors all show that the mod bits
+             * are assumed to be 1's, regardless of actual values.
+             */
             rm = (modrm & 7) | REX_B(s);
             reg = ((modrm >> 3) & 7) | rex_r;
             if (CODE64(s))
-- 
1.7.10.2.484.gcd07cc5