From 4ec94ccb2de9dac565c2dade08a027ee7be0ad31 Mon Sep 17 00:00:00 2001
From: Laurent Vivier <Laurent.Vivier@bull.net>
Date: Tue, 25 Sep 2007 13:36:40 +0200
Subject: [PATCH] --- yaml --- r: 80639 b: refs/heads/master c:
 b4c6abfef400c0f74d9b86a149a6719706cfdbbc h: refs/heads/master i:   80637:
 38426eb509f7d3549183f54e1df2e839d355d322   80635:
 818632459b0bd68e3d5d9f3cbcedaa706a9634cf   80631:
 f24cb691e861a2b6b9f559df4ebae847675ab2f8   80623:
 ac5f61997eedae3c9340fc30fa9255c0092e425f   80607:
 e7277ed889aaa3b831144d3e023bdcc067e35edb   80575:
 9c68d8b16a6b71762b006751b521c4e301362b29   80511:
 aa8bd81ff5f6279dee10df193b03f68d94ccb9c6   80383:
 e13e23c6e7cdde50b1ecc2e62f8eb5ff2d816170 v: v3

---
 [refs]                          |  2 +-
 trunk/drivers/kvm/x86_emulate.c | 24 +++++++++++++++---------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/[refs] b/[refs]
index 62781b65a092..754efd148da0 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: a22436b7b8ec9b14a0451d9ac0fdc9d370bd7800
+refs/heads/master: b4c6abfef400c0f74d9b86a149a6719706cfdbbc
diff --git a/trunk/drivers/kvm/x86_emulate.c b/trunk/drivers/kvm/x86_emulate.c
index 0afe660aec4b..e294d8409571 100644
--- a/trunk/drivers/kvm/x86_emulate.c
+++ b/trunk/drivers/kvm/x86_emulate.c
@@ -521,7 +521,6 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 {
 	struct decode_cache *c = &ctxt->decode;
 	u8 sib, rex_prefix = 0;
-	unsigned int i;
 	int rc = 0;
 	int mode = ctxt->mode;
 	int index_reg = 0, base_reg = 0, scale, rip_relative = 0;
@@ -551,7 +550,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 	}
 
 	/* Legacy prefixes. */
-	for (i = 0; i < 8; i++) {
+	for (;;) {
 		switch (c->b = insn_fetch(u8, 1, c->eip)) {
 		case 0x66:	/* operand-size override */
 			c->op_bytes ^= 6;	/* switch between 2/4 bytes */
@@ -582,6 +581,11 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 		case 0x36:	/* SS override */
 			c->override_base = &ctxt->ss_base;
 			break;
+		case 0x40 ... 0x4f: /* REX */
+			if (mode != X86EMUL_MODE_PROT64)
+				goto done_prefixes;
+			rex_prefix = c->b;
+			continue;
 		case 0xf0:	/* LOCK */
 			c->lock_prefix = 1;
 			break;
@@ -592,19 +596,21 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
 		default:
 			goto done_prefixes;
 		}
+
+		/* Any legacy prefix after a REX prefix nullifies its effect. */
+
+		rex_prefix = 0;
 	}
 
 done_prefixes:
 
 	/* REX prefix. */
-	if ((mode == X86EMUL_MODE_PROT64) && ((c->b & 0xf0) == 0x40)) {
-		rex_prefix = c->b;
-		if (c->b & 8)
+	if (rex_prefix) {
+		if (rex_prefix & 8)
 			c->op_bytes = 8;	/* REX.W */
-		c->modrm_reg = (c->b & 4) << 1;	/* REX.R */
-		index_reg = (c->b & 2) << 2; /* REX.X */
-		c->modrm_rm = base_reg = (c->b & 1) << 3; /* REG.B */
-		c->b = insn_fetch(u8, 1, c->eip);
+		c->modrm_reg = (rex_prefix & 4) << 1;	/* REX.R */
+		index_reg = (rex_prefix & 2) << 2; /* REX.X */
+		c->modrm_rm = base_reg = (rex_prefix & 1) << 3; /* REG.B */
 	}
 
 	/* Opcode byte(s). */