From 2b46872ee980cc32f6594fca830b24217b8ccca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20Jos=C3=A9=20G=C3=B3mez=20Hern=C3=A1ndez?=
 <eduardojose.gomez@um.es>
Date: Tue, 7 Sep 2021 15:46:12 +0200
Subject: [PATCH] arch-x86: Fixed M5InternalError when decoding certain bytes

0F 38 is the two bytes prefixes to decode a three-byte opcode.
To prevent errors, the two_bytes_opcode decoder will complain
if it tries to decode 38 as the opcode, because it is a prefix.
The decoder, will treat 38 as a prefix, preventing it to
end in the two_byte_opcode decoder.

However, using the VEX prefix is possible to reach this
forbidden state.

The set of bytes C4 01 01 38 00 will trigger the mentioned
M5InternalError.

The previous instruction is not valid, but it could be
decoded from an speculative path. In its place, a UD2
instructtion should be emitted if the VEX prefix is
present.

Change-Id: I6b7c4b3593dd8e6e8ac99aaf306b8feeb7784b56
Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/49990
Reviewed-by: Gabe Black <gabe.black@gmail.com>
Maintainer: Gabe Black <gabe.black@gmail.com>
Tested-by: kokoro <noreply+kokoro@google.com>
---
 src/arch/x86/isa/bitfields.isa                |  1 +
 src/arch/x86/isa/decoder/two_byte_opcodes.isa | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/arch/x86/isa/bitfields.isa b/src/arch/x86/isa/bitfields.isa
index 9522a8d5bc..0404afc374 100644
--- a/src/arch/x86/isa/bitfields.isa
+++ b/src/arch/x86/isa/bitfields.isa
@@ -86,5 +86,6 @@ def bitfield MODE mode;
 def bitfield MODE_MODE mode.mode;
 def bitfield MODE_SUBMODE mode.submode;
 
+def bitfield VEX_PRESENT vex.present;
 def bitfield VEX_V vex.v;
 def bitfield VEX_L vex.l;
diff --git a/src/arch/x86/isa/decoder/two_byte_opcodes.isa b/src/arch/x86/isa/decoder/two_byte_opcodes.isa
index 48f46d425f..549db4751b 100644
--- a/src/arch/x86/isa/decoder/two_byte_opcodes.isa
+++ b/src/arch/x86/isa/decoder/two_byte_opcodes.isa
@@ -354,14 +354,17 @@
             0x6: Inst::UD2();
             0x7: getsec();
         }
-        0x07: decode OPCODE_OP_BOTTOM3 {
-            0x0: M5InternalError::error(
-                {{"Three byte opcode shouldn't be handled by "
-                  "two_byte_opcodes.isa!"}});
-            0x2: M5InternalError::error(
-                {{"Three byte opcode shouldn't be handled by "
-                  "two_byte_opcodes.isa!"}});
-            default: UD2();
+        0x07: decode VEX_PRESENT {
+            0x0: decode OPCODE_OP_BOTTOM3 {
+                0x0: M5InternalError::error(
+                    {{"Three byte opcode shouldn't be handled by "
+                      "two_byte_opcodes.isa!"}});
+                0x2: M5InternalError::error(
+                    {{"Three byte opcode shouldn't be handled by "
+                      "two_byte_opcodes.isa!"}});
+                default: UD2();
+            }
+            0x1: UD2();
         }
         format Inst {
             0x08: decode OPCODE_OP_BOTTOM3 {