i386: hvf: Fix register refs if REX is present

According to Intel(R)64 and IA-32 Architectures Software Developer's Manual, the following one-byte registers should be fetched when REX prefix is present (sorted by reg encoding index): AL, CL, DL, BL, SPL, BPL, SIL, DIL, R8L - R15L The first 8 are fetched if REX.R is zero, the last 8 if non-zero. The following registers should be fetched for instructions without REX prefix (also sorted by reg encoding index): AL, CL, DL, BL, AH, CH, DH, BH Current emulation code doesn't handle accesses to SPL, BPL, SIL, DIL when REX is present, thefore an instruction 40883e "mov %dil,(%rsi)" is decoded as "mov %bh,(%rsi)". That caused an infinite loop in vp_reset: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03293.html Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-Id: <20181018134401.44471-1-r.bolshakov@yadro.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-08-09 02:24:58 -06:00 · 2018-10-18 16:44:01 +03:00 · 2018-10-18 16:44:01 +03:00 · b4e1af8961
commit b4e1af8961
parent 6b7a98303b
2 changed files with 42 additions and 31 deletions
--- a/target/i386/hvf/x86_decode.h
+++ b/target/i386/hvf/x86_decode.h
@ -303,8 +303,10 @@ uint64_t sign(uint64_t val, int size);

 uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode);

-target_ulong get_reg_ref(CPUX86State *env, int reg, int is_extended, int size);
-target_ulong get_reg_val(CPUX86State *env, int reg, int is_extended, int size);
+target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
+                         int size);
+target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
+                         int size);
 void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
                        struct x86_decode_op *op);
 target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,