Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86: Use longMode context bit instead of bit64 in more places #6522

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

x86: Use longMode context bit instead of bit64 in more places #6522

wants to merge 1 commit into from

Conversation

Sleigh-InSPECtor
Copy link
Contributor

Commit 25801da introduced the longMode context bit to better handle decoding differences in long mode (64-bit mode).

Before the introduction of the longMode context bits, many of the constructors used the constraint bit64=0 or bit64=1 to handle difference between the different processor modes. However, the value of bit64 is based on the current address size which can be overridden using an 0x67 prefix, causing invalid instructions to be incorrectly treated as valid.

This commit replaces most uses of the bit64 constraint with $(LONGMODE_OFF) instead. The following instruction encodings after this PR correctly match the behaviour of the hardware (on both an AMD and Intel CPU) for x86:LE:64:default:

  • 6737 "AAA" -> (invalid instruction)
  • 67d500 "AAD" -> (invalid instruction)
  • 67d400 "AAM -> (invalid instruction)
  • 6735 "AAS" -> (invalid instruction)
  • 6727 "DAA" -> (invalid instruction)
  • 672f "DAS" -> (invalid instruction)
  • 67ce "INTO" -> (invalid instruction)
  • 67d6 "SALC" -> (invalid instruction)
  • 67620000 "BOUND EAX, qword ptr [EAX]" -> (invalid instruction).
  • 67ec "INTO" -> (invalid instruction)

These instructions did not have a bit64=0 constraint, but are also not allowed in long mode (based on "2.5.10 Invalid Instructions" in the AMD64 Manual Vol 2, and verified with hardware):

  • ea000000000000 "JMPF 0x0:0x0" -> (invalid instruction)
  • 66ea00000000 "JMPF 0x0" -> (invalid instruction)
  • 679a000000000000 "CALLF 0x0:0x0" -> (invalid instruction)
  • 66679a00000000 "CALLF 0x0" -> (invalid instruction)

This PR contains also a couple of closely related fixes, I can split this into multiple PRs if desired:

  • 16-bit MOVSXD is allowed: e.g. 6663c1 MOVSXD AX,CX with CX=0x10

    • Hardware Reference (AMD CPU & Intel CPU): { RAX=0x10 }
    • x86:LE:64:default (Existing): Invalid Instruction
    • x86:LE:64:default (This patch): "MOVSXD AX,CX " { RAX=0x10 }

  • Allow RDTSCP to be decoded in 32-bit mode: e.g. 0f01f9 RDTSCP.

    • Hardware Reference (AMD CPU): { EAX=0x1a5850, EDX=0, ECX=0 }
    • x86:LE:32:default (Existing): Invalid Instruction
    • x86:LE:32:default (This patch): "RDTSCP"

@ryanmkurtz ryanmkurtz added Feature: Processor/x86 Status: Triage Information is being gathered labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ghidracadabra ghidracadabra

Labels
Feature: Processor/x86 Status: Triage Information is being gathered
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Sleigh-InSPECtor @ryanmkurtz @ghidracadabra