[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.7 20/62] target/i386: fix operand size of unary SSE operatio
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-7.2.7 20/62] target/i386: fix operand size of unary SSE operations |
|
Date: |
Thu, 9 Nov 2023 16:58:48 +0300 |
From: Paolo Bonzini <pbonzini@redhat.com>
VRCPSS, VRSQRTSS and VCVTSx2Sx have a 32-bit or 64-bit memory operand,
which is represented in the decoding tables by X86_VEX_REPScalar. Add it
to the tables, and make validate_vex() handle the case of an instruction
that is in exception type 4 without the REP prefix and exception type 5
with it; this is the cas of VRCP and VRSQRT.
Reported-by: yongwoo <https://gitlab.com/yongwoo36>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1377
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3d304620ec6c95f31db17acc132f42f243369299)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index ee4f4a899f..1c8a3aae4f 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -105,6 +105,7 @@
#define vex3 .vex_class = 3,
#define vex4 .vex_class = 4,
#define vex4_unal .vex_class = 4, .vex_special = X86_VEX_SSEUnaligned,
+#define vex4_rep5 .vex_class = 4, .vex_special = X86_VEX_REPScalar,
#define vex5 .vex_class = 5,
#define vex6 .vex_class = 6,
#define vex7 .vex_class = 7,
@@ -850,8 +851,8 @@ static const X86OpEntry opcodes_0F[256] = {
[0x50] = X86_OP_ENTRY3(MOVMSK, G,y, None,None, U,x, vex7 p_00_66),
[0x51] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
- [0x52] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex5 p_00_f3),
- [0x53] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex5 p_00_f3),
+ [0x52] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex4_rep5 p_00_f3),
+ [0x53] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex4_rep5 p_00_f3),
[0x54] = X86_OP_ENTRY3(PAND, V,x, H,x, W,x, vex4 p_00_66), /* vand
*/
[0x55] = X86_OP_ENTRY3(PANDN, V,x, H,x, W,x, vex4 p_00_66), /* vandn
*/
[0x56] = X86_OP_ENTRY3(POR, V,x, H,x, W,x, vex4 p_00_66), /* vor */
@@ -889,7 +890,7 @@ static const X86OpEntry opcodes_0F[256] = {
[0x58] = X86_OP_ENTRY3(VADD, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
[0x59] = X86_OP_ENTRY3(VMUL, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
- [0x5a] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex3 p_00_66_f3_f2),
+ [0x5a] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
[0x5b] = X86_OP_GROUP0(0F5B),
[0x5c] = X86_OP_ENTRY3(VSUB, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
[0x5d] = X86_OP_ENTRY3(VMIN, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
@@ -1458,9 +1459,9 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn
*decode)
* Instructions which differ between 00/66 and F2/F3 in the
* exception classification and the size of the memory operand.
*/
- assert(e->vex_class == 1 || e->vex_class == 2);
+ assert(e->vex_class == 1 || e->vex_class == 2 || e->vex_class == 4);
if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
- e->vex_class = 3;
+ e->vex_class = e->vex_class < 4 ? 3 : 5;
if (s->vex_l) {
goto illegal;
}
--
2.39.2
- [Stable-7.2.7 06/62] target/ppc: Decrementer fix BookE semantics, (continued)
- [Stable-7.2.7 06/62] target/ppc: Decrementer fix BookE semantics, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 10/62] hw/cxl: Fix CFMW config memory leak, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 15/62] ui/vnc: fix handling of VNC_FEATURE_XVP, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 11/62] target/arm: Don't skip MTE checks for LDRT/STRT at EL0, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 12/62] accel/tcg: mttcg remove false-negative halted assertion, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 14/62] ui/vnc: fix debug output for invalid audio message, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 16/62] optionrom: Remove build-id section, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 21/62] tests/tcg/i386: correct mask for VPERM2F128/VPERM2I128, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 19/62] scsi-disk: ensure that FORMAT UNIT commands are terminated, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 18/62] esp: restrict non-DMA transfer length to that of available data, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 20/62] target/i386: fix operand size of unary SSE operations,
Michael Tokarev <=
- [Stable-7.2.7 24/62] target/i386: Fix exception classes for MOVNTPS/MOVNTPD., Michael Tokarev, 2023/11/09
- [Stable-7.2.7 23/62] target/i386: Fix exception classes for SSE/AVX instructions., Michael Tokarev, 2023/11/09
- [Stable-7.2.7 26/62] target/i386: fix memory operand size for CVTPS2PD, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 17/62] esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux(), Michael Tokarev, 2023/11/09
- [Stable-7.2.7 27/62] hw/display/ramfb: plug slight guest-triggerable leak on mode setting, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 25/62] target/i386: generalize operand size "ph" for use in CVTPS2PD, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 28/62] chardev/char-pty: Avoid losing bytes when the other side just (re-)connected, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 30/62] amd_iommu: Fix APIC address check, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 29/62] linux-user/hppa: Fix struct target_sigcontext layout, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 31/62] migration/qmp: Fix crash on setting tls-authz with null, Michael Tokarev, 2023/11/09