From 7d5625d5f7c1550a41774bed699c0d9b3feeedec Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 6 Mar 2010 18:33:53 +0100
Subject: target-i386: fix lddqu SSE instruction

This instruction load data from memory to register and not the reverse.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit c22549204a6edc431e8e4358e61bd56386ff6957)
---
 target-i386/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'target-i386')

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 511a4eae9..4ab226f43 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -3169,7 +3169,7 @@ static void gen_sse(DisasContext *s, int b, target_ulong pc_start, int rex_r)
             if (mod == 3)
                 goto illegal_op;
             gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
-            gen_sto_env_A0(s->mem_index, offsetof(CPUX86State,xmm_regs[reg]));
+            gen_ldo_env_A0(s->mem_index, offsetof(CPUX86State,xmm_regs[reg]));
             break;
         case 0x22b: /* movntss */
         case 0x32b: /* movntsd */
-- 
cgit v1.2.3-65-gdbad


From c248df6161e7cacaa37f3214323307b8cb29dd28 Mon Sep 17 00:00:00 2001
From: malc <av1474@comtv.ru>
Date: Thu, 4 Mar 2010 15:09:26 +0300
Subject: target-i386: Fix long jumps/calls in long mode with REX.W set

Signed-off-by: malc <av1474@comtv.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 41b1e61f51b05fd6ca060f901b822f83e0beb6b6)
---
 target-i386/translate.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'target-i386')

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 4ab226f43..0f7255d9d 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4591,9 +4591,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
                 /* operand size for jumps is 64 bit */
                 ot = OT_QUAD;
             } else if (op == 3 || op == 5) {
-                /* for call calls, the operand is 16 or 32 bit, even
-                   in long mode */
-                ot = dflag ? OT_LONG : OT_WORD;
+                ot = dflag ? OT_LONG + (rex_w == 1) : OT_WORD;
             } else if (op == 6) {
                 /* default push size is 64 bit */
                 ot = dflag ? OT_QUAD : OT_WORD;
-- 
cgit v1.2.3-65-gdbad


From d2df336c582d74650f4ccc3ef4e84ac86c2868fe Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 6 Mar 2010 18:02:31 +0100
Subject: target-i386: fix SIB decoding with index = 4

A SIB byte with an index of 4 means "no scaled index", even if the scale
value is not 0. In 64-bit mode, if REX.X is used, an index of 4 selects
%r12. This is correctly handled by the computation of the index variable,
which includes the index bits, and also the REX.X prefix:

    index = ((code >> 3) & 7) | REX_X(s);

Thanks to Avi Kivity, Jamie Lokier and Malc for the analysis of the
problem and the initial patch.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit b16f827bdf7444b8cd338b9ecb654b4752f47225)
---
 target-i386/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'target-i386')

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 0f7255d9d..a61db16ec 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -2047,8 +2047,8 @@ static void gen_lea_modrm(DisasContext *s, int modrm, int *reg_ptr, int *offset_
                 gen_op_movl_A0_im(disp);
             }
         }
-        /* XXX: index == 4 is always invalid */
-        if (havesib && (index != 4 || scale != 0)) {
+        /* index == 4 means no index */
+        if (havesib && (index != 4)) {
 #ifdef TARGET_X86_64
             if (s->aflag == 2) {
                 gen_op_addq_A0_reg_sN(scale, index);
-- 
cgit v1.2.3-65-gdbad


From c5f5dc5bad4cec580f10b31fcafd1dd5bd93c88f Mon Sep 17 00:00:00 2001
From: TeLeMan <geleman@gmail.com>
Date: Fri, 12 Mar 2010 19:38:06 +0800
Subject: target-i386: fix commit c22549204a6edc431e8e4358e61bd56386ff6957

The commit c22549204a6edc431e8e4358e61bd56386ff6957 led movntps &
movntdq to be translated incorrectly.

Signed-off-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 2e21e7491ff2af3628a97d4652e7adcc6961c2e9)
---
 target-i386/translate.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'target-i386')

diff --git a/target-i386/translate.c b/target-i386/translate.c
index a61db16ec..3de65bd1d 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -3165,6 +3165,11 @@ static void gen_sse(DisasContext *s, int b, target_ulong pc_start, int rex_r)
         case 0x1e7: /* movntdq */
         case 0x02b: /* movntps */
         case 0x12b: /* movntps */
+            if (mod == 3)
+                goto illegal_op;
+            gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
+            gen_sto_env_A0(s->mem_index, offsetof(CPUX86State,xmm_regs[reg]));
+            break;
         case 0x3f0: /* lddqu */
             if (mod == 3)
                 goto illegal_op;
-- 
cgit v1.2.3-65-gdbad