From cea169f5e7d382f520ebdab07c0779d66e795c22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20Jos=C3=A9=20G=C3=B3mez=20Hern=C3=A1ndez?=
 <git@edujgh.net>
Date: Thu, 23 Nov 2023 09:52:41 +0100
Subject: [PATCH] arch-x86: Fix segment registers in instructions 8C and 8E

MOV instructions 8C and 8E can be prefixed with a REX prefix to extend
the source/destination register. However, the R bit in REX will be
applied to the segment register.  The decoder file checks for valid
segment registers, checking the MODRM_REG only, however, later this
will be extended with the REX_R when adding the register to the
sources/destinations of the instruction.  This will trigger an assert.

This patch checks that the REX_R is not set, otherwise, UD2 will be
generated.

Change-Id: I78a93c35116232fe37e5ec50025e721b8c633c5f
---
 src/arch/x86/isa/decoder/one_byte_opcodes.isa | 38 +++++++++++--------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/arch/x86/isa/decoder/one_byte_opcodes.isa b/src/arch/x86/isa/decoder/one_byte_opcodes.isa
index ef596dfd71..13b05e62ff 100644
--- a/src/arch/x86/isa/decoder/one_byte_opcodes.isa
+++ b/src/arch/x86/isa/decoder/one_byte_opcodes.isa
@@ -287,25 +287,31 @@
             0x1: MOV(Ev,Gv);
             0x2: MOV(Gb,Eb);
             0x3: MOV(Gv,Ev);
-            0x4: decode MODRM_REG {
-                0x0, 0x1, 0x2,
-                0x3, 0x4, 0x5: MOV(Ev,Sv);
+            0x4: decode REX_R {
+                0x0: decode MODRM_REG {
+                    0x0, 0x1, 0x2,
+                    0x3, 0x4, 0x5: MOV(Ev,Sv);
+                    }
+                default: UD2();
             }
             0x5: LEA(Gv,M);
-            0x6: decode MODE_SUBMODE {
-                0x3, 0x4: decode MODRM_REG {
-                    // Moving to the CS selector (0x1) is illegal, and 0x6 and
-                    // 0x7 are reserved.
-                    0x1, 0x6, 0x7: UD2();
-                    default: MOV_REAL(Sv,Ev);
-                }
-                default: decode MODRM_REG {
-                    // Moving to the CS selector (0x1) is illegal, and 0x6 and
-                    // 0x7 are reserved.
-                    0x1, 0x6, 0x7: UD2();
-                    0x2: MOVSS(Sv,Ev);
-                    default: MOV(Sv,Ev);
+            0x6: decode REX_R {
+                0x0: decode MODE_SUBMODE {
+                    0x3, 0x4: decode MODRM_REG {
+                        // Moving to the CS selector (0x1) is illegal, and 0x6 and
+                        // 0x7 are reserved.
+                        0x1, 0x6, 0x7: UD2();
+                        default: MOV_REAL(Sv,Ev);
+                    }
+                    default: decode MODRM_REG {
+                        // Moving to the CS selector (0x1) is illegal, and 0x6 and
+                        // 0x7 are reserved.
+                        0x1, 0x6, 0x7: UD2();
+                        0x2: MOVSS(Sv,Ev);
+                        default: MOV(Sv,Ev);
+                    }
                 }
+                default: UD2();
             }
             //0x7: group10_Ev();
             0x7: decode MODRM_REG {