[PULL 17/36] target/i386: Fix decoding of certain BMI instructions

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: David Greenaway <dgreenaway@google.com>
Subject: [PULL 17/36] target/i386: Fix decoding of certain BMI instructions
Date: Fri, 29 Jan 2021 12:17:55 +0100	[thread overview]
Message-ID: <20210129111814.566629-18-pbonzini@redhat.com> (raw)
In-Reply-To: <20210129111814.566629-1-pbonzini@redhat.com>

From: David Greenaway <dgreenaway@google.com>

This patch fixes a translation bug for a subset of x86 BMI instructions
such as the following:

   c4 e2 f9 f7 c0                shlxq   %rax, %rax, %rax

Currently, these incorrectly generate an undefined instruction exception
when SSE is disabled via CR4, while instructions like "shrxq" work fine.

The problem appears to be related to BMI instructions encoded using VEX
and with a mandatory prefix of "0x66" (data). Instructions with this
data prefix (such as shlxq) are currently rejected. Instructions with
other mandatory prefixes (such as shrxq) translate as expected.

This patch removes the incorrect check in "gen_sse" that causes the
exception to be generated. For the non-BMI cases, the check is
redundant: prefixes are already checked at line 3696.

Buglink: https://bugs.launchpad.net/qemu/+bug/1748296

Signed-off-by: David Greenaway <dgreenaway@google.com>
Message-Id: <20210114063958.1508050-1-dgreenaway@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 6a4c31f933..af1faf9342 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -3075,7 +3075,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b,
     }
     if (is_xmm
         && !(s->flags & HF_OSFXSR_MASK)
-        && ((b != 0x38 && b != 0x3a) || (s->prefix & PREFIX_DATA))) {
+        && (b != 0x38 && b != 0x3a)) {
         goto unknown_op;
     }
     if (b == 0x0e) {
-- 
2.29.2

next prev parent reply	other threads:[~2021-01-29 12:03 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-29 11:17 [PULL 00/36] Misc patches (buildsys, i386, fuzzing) for 2021-01-29 Paolo Bonzini
2021-01-29 11:17 ` [PULL 01/36] fuzz: ignore address_space_map is_write flag Paolo Bonzini
2021-01-29 11:17 ` [PULL 02/36] fuzz: refine the ide/ahci fuzzer configs Paolo Bonzini
2021-01-29 11:17 ` [PULL 03/36] docs/fuzz: fix pre-meson path Paolo Bonzini
2021-01-29 11:17 ` [PULL 04/36] fuzz: log the arguments used to initialize QEMU Paolo Bonzini
2021-01-29 11:17 ` [PULL 05/36] fuzz: enable dynamic args for generic-fuzz configs Paolo Bonzini
2021-01-29 11:17 ` [PULL 06/36] docs/fuzz: add some information about OSS-Fuzz Paolo Bonzini
2021-01-29 11:17 ` [PULL 07/36] fuzz: add virtio-9p configurations for fuzzing Paolo Bonzini
2021-01-29 11:17 ` [PULL 08/36] target/i386: do not set LM for 32-bit emulation "-cpu host/max" Paolo Bonzini
2021-01-29 11:17 ` [PULL 09/36] machine: add missing doc for memory-backend option Paolo Bonzini
2021-01-29 11:17 ` [PULL 10/36] meson: accept either shared or static libraries if --disable-static Paolo Bonzini
2021-01-29 11:17 ` [PULL 11/36] meson: honor --enable-rbd if cc.links test fails Paolo Bonzini
2021-01-29 11:17 ` [PULL 12/36] x86/cpu: Populate SVM CPUID feature bits Paolo Bonzini
2021-01-29 11:17 ` [PULL 13/36] fuzz: fix wrong index in clear_bits Paolo Bonzini
2021-01-29 11:17 ` [PULL 14/36] docs: don't install corresponding man page if guest agent is disabled Paolo Bonzini
2021-01-29 11:17 ` [PULL 15/36] virtio-scsi: don't uninitialize queues that we didn't initialize Paolo Bonzini
2021-01-29 11:17 ` [PULL 16/36] event_notifier: handle initialization failure better Paolo Bonzini
2021-01-29 11:17 ` Paolo Bonzini [this message]
2021-01-29 11:17 ` [PULL 18/36] target/i86: implement PKS Paolo Bonzini
2021-01-29 11:17 ` [PULL 19/36] configure: Fix --enable-tcg-interpreter Paolo Bonzini
2021-01-29 11:17 ` [PULL 20/36] configure: Improve TCI feature description Paolo Bonzini
2021-01-29 11:17 ` [PULL 21/36] meson: Explicit TCG backend used Paolo Bonzini
2021-01-29 11:18 ` [PULL 22/36] meson: Warn when TCI is selected but TCG backend is available Paolo Bonzini
2021-01-29 11:18 ` [PULL 23/36] slirp: update to git master Paolo Bonzini
2021-01-29 11:18 ` [PULL 24/36] build-sys: make libslirp a meson subproject Paolo Bonzini
2021-01-29 11:18 ` [PULL 25/36] tests/meson: Only build softfloat objects if TCG is selected Paolo Bonzini
2021-01-29 11:18 ` [PULL 26/36] pc-bios/meson: Only install EDK2 blob firmwares with system emulation Paolo Bonzini
2021-01-29 11:18 ` [PULL 27/36] meson: Restrict block subsystem processing Paolo Bonzini
2021-01-29 11:18 ` [PULL 28/36] meson: Merge trace_events_subdirs array Paolo Bonzini
2021-01-29 11:18 ` [PULL 29/36] meson: Restrict some trace event directories to user/system emulation Paolo Bonzini
2021-01-29 11:18 ` [PULL 30/36] meson: Restrict emulation code Paolo Bonzini
2021-01-29 11:18 ` [PULL 31/36] qapi/meson: Restrict qdev code to system-mode emulation Paolo Bonzini
2021-01-29 11:18 ` [PULL 32/36] qapi/meson: Remove QMP from user-mode emulation Paolo Bonzini
2021-01-29 11:18 ` [PULL 33/36] qapi/meson: Restrict system-mode specific modules Paolo Bonzini
2021-01-29 11:18 ` [PULL 34/36] qapi/meson: Restrict UI module to system emulation and tools Paolo Bonzini
2021-01-29 11:18 ` [PULL 35/36] hvf: Fetch cr4 before evaluating CPUID(1) Paolo Bonzini
2021-01-29 11:18 ` [PULL 36/36] accel/kvm/kvm-all: Fix wrong return code handling in dirty log code Paolo Bonzini
2021-01-29 19:49 ` [PULL 00/36] Misc patches (buildsys, i386, fuzzing) for 2021-01-29 Peter Maydell
2021-01-29 19:54   ` Paolo Bonzini
2021-01-30 10:11     ` Marc-André Lureau
2021-01-30 11:14       ` Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6a4c31f93 dfblob:af1faf934 )
 OR (
bs:"[PULL 17/36] target/i386: Fix decoding of certain BMI instructions" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210129111814.566629-18-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=dgreenaway@google.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).