According to Table A-6 in Volume 3 of AMD64 Architecture Programmer's Manual,
opcodes F6 and F7 (opcode extensions group 3) with ModRM's reg field values
of 0 and 1 can be used to encode a TEST instruction.
Although Intel 64 and IA-32 Architectures Software Developer's Manual leaves
the cell 1 of opcode extensions group 3 blank in the opcode table
(Table A-6, Volume 2D), the instruction in a group 3 with reg field of ModRM
byte set to 1 actually behaves like TEST instruction on Intel CPUs.
Currently, QEMU decodes group 3 instruction as TEST only if reg field of ModRM
byte is 0. When the reg field is 1, QEMU raises a #UD exception.
This behavior does not match real Intel and AMD hardware.
This patch fixes this issue by duplicating the existing [0x00] and [0x08]
X86_OP_ENTRYrr(AND, ...) entries into slots [0x01] and [0x09] in the
opcodes_grp3 table.
Fixes: d7c41a60d0c5 ("target/i386: move C0-FF opcodes to new decoder (except
for x87)")
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3580
Signed-off-by: Andrey Polivoda <[email protected]>
Cc: [email protected]
Cc: Paolo Bonzini <[email protected]>
Cc: Richard Henderson <[email protected]>
---
Note: checkpatch.pl reports style errors regarding spaces after commas.
These are false positives, as the patch intentionally matches the formatting
of the surrounding macro table.
target/i386/tcg/decode-new.c.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index ac181308ca..a0bc6d1901 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -1614,6 +1614,7 @@ static void decode_group3(DisasContext *s, CPUX86State
*env, X86OpEntry *entry,
static const X86OpEntry opcodes_grp3[16] = {
/* 0xf6 */
[0x00] = X86_OP_ENTRYrr(AND, E,b, I,b),
+ [0x01] = X86_OP_ENTRYrr(AND, E,b, I,b),
[0x02] = X86_OP_ENTRY1(NOT, E,b, lock),
[0x03] = X86_OP_ENTRY1(NEG, E,b, lock),
[0x04] = X86_OP_ENTRYrr(MUL, E,b, 0,b, zextT0),
@@ -1623,6 +1624,7 @@ static void decode_group3(DisasContext *s, CPUX86State
*env, X86OpEntry *entry,
/* 0xf7 */
[0x08] = X86_OP_ENTRYrr(AND, E,v, I,z),
+ [0x09] = X86_OP_ENTRYrr(AND, E,v, I,z),
[0x0a] = X86_OP_ENTRY1(NOT, E,v, lock),
[0x0b] = X86_OP_ENTRY1(NEG, E,v, lock),
[0x0c] = X86_OP_ENTRYrr(MUL, E,v, 0,v, zextT0),
--
2.53.0