The following patch corrects two invalid instructions on the X86 subsystem that are incorrectly translated. These byte sequences should generate exceptions.
First, the lock prefix (F0) should only be prepended once before each instruction. Otherwise, (if two F0 bytes are present), the cpu raises an "Invalid Lock Sequence" exception. This behaviour was reproduced on a 32 bit Windows XP SP-3 installation and a i386-softmmu qemu machine. While the real machine generates the exception, the emulated one accepts it as a valid sequence. This problem is corrected by this patch. Nevertheless, the lock prefix should be restricted to a fixed set of instructions according to the the Intel Manual. This aspect appears to be only partially implemented for the nop instruction (0x90).The following comment in target-i386/translate.c: "/* XXX: correct lock test for all insn */", invites to correct it for the rest of instructions. Unfortunately, this correction requires to significantly modify the translation loop. Second, the C7 mov instruction requires the Reg/Opcode field of the Mod/RM byte to be 0. Otherwise, it should generate and invalid instruction exception. This problem is corrected with this patch, and was tested on a 32 bit Windows XP SP-3 installation and a i386-softmmu qemu machine. For further details, please refer to the Intel 64 and IA-32 Architectures Software Developer's Manual Volume 2A: Instruction Set Reference, A-M. Order Number: 253666-049US February 2014. See “LOCK—Assert LOCK# Signal Prefix” in Chapter 3, and "MOV—Move" in Chapter 3. Signed-off-by: Xabier Ugarte-Pedrero <xabier.uga...@deusto.es> Xabier Ugarte-Pedrero (3): X86: Invalid lock prefix (F0) X86: Invalid mov instruction (C7) X86: The xor_zero case should also update the parity flag target-i386/cc_helper.c | 2 +- target-i386/translate.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) -- 1.7.9.5
