From nobody Mon Nov 25 04:32:30 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1717836188; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lhecVJ4lJ9XZ2Nfq2Gm/q7GkZdgxfsZjPJvf749zARsLcVXEXP+S4dvy0KcO6KDSKbhO1i8D3eNR6Rgjd3+P77q3v+8YSHrYFPgRgEPhou1Y5qfwRZ/1NcYT5kIM1dkMRgCSuTveNMJw85elTzPH4LeJOIbxHFLC46XQaJwJgGE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1717836188;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc;
	bh=xaC9zXQghkzg308gTiDQiaWk/1nHtPfFkf86Owt8Y1w=;
	b=gXdg7Kn/4txf5ZXR/d1zdTJAwHr/07RTPGOMcdqRzJZeva8rIrT+4f+5QcRga55PE6whTwOzZPMt8yUg5kcQxH3UYu6PgU5jBUay6tAMJQv6sQ/RUH1+G3hADu7yKmZkMp3iK50d/Im6/jLC7snuFuTsLiLUzdp+gnxneH5/9ms=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1717836188464548.4456132157753;
 Sat, 8 Jun 2024 01:43:08 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1sFreO-0003JD-9F; Sat, 08 Jun 2024 04:42:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1sFreN-0003Ap-1G
 for qemu-devel@nongnu.org; Sat, 08 Jun 2024 04:42:11 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1sFreK-0001RN-4x
 for qemu-devel@nongnu.org; Sat, 08 Jun 2024 04:42:10 -0400
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-518-_lNV8iuuOI-uIuRoIvMTTw-1; Sat, 08 Jun 2024 04:42:06 -0400
Received: by mail-ed1-f72.google.com with SMTP id
 4fb4d7f45d1cf-57c5ea606bbso589466a12.2
 for <qemu-devel@nongnu.org>; Sat, 08 Jun 2024 01:42:05 -0700 (PDT)
Received: from avogadro.local ([151.81.115.112])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-57c7156e6c2sm254408a12.9.2024.06.08.01.41.59
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 08 Jun 2024 01:41:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1717836127;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=xaC9zXQghkzg308gTiDQiaWk/1nHtPfFkf86Owt8Y1w=;
 b=EKUN1JWHzdjIXmjgesvN+8y034yNvg3r7rm/aAXdheXZF3NdF8C1bzlrC3wPF4CrnhI1sf
 sfmitR+9EuQH4dsx3IGroz8m0a8Pbc9ZeNSI3KWZIV1Gclzh3LAUZJcIYHL/6+ueIAWKYa
 ocRj0nLIcwx7cRBQkW6RkZGL9eJtBRQ=
X-MC-Unique: _lNV8iuuOI-uIuRoIvMTTw-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1717836123; x=1718440923;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=xaC9zXQghkzg308gTiDQiaWk/1nHtPfFkf86Owt8Y1w=;
 b=bambRSTGBOiUxjyOrrylrlq+ilLJPCUFj85ZR276xn5uwdX48bwGrlJXWzm52w9q2e
 gI0lhJWD23ga2f+QR875USQlWrAeCtwrEUWx7c6Qb0Wf7MpWLZnpmQM8YZoeD0CGDURa
 qfTVavuoQm94rpJfxMEzpBNJ2nGoHVuC6vpHR3+x76EjW+4kXQai7tZRiTUjzCMCGxLf
 ekAOnVk/CIKFhBNytQilq/4BqWilAT9X3nvKi9eKNu43ZuqrYvXd4i8nJDk+CtCcew0L
 W69U1956/m+bbbgzMDl1PY2mJD1BdOt5f0xvWDNhhKm2YkpcJFa5ZCVTjuKnAavCBGY/
 PSSw==
X-Gm-Message-State: AOJu0Yz1OcW8tuG17zywBxEUbFX3RQ2YJsXMIyJx+evDVYpJnmigVMzT
 YpxjxlIfm1loS6rYx38N58IFb8BDmNiiVUT83nkh1bwN0rjnyBJjLoDbmqcTwgAh0sFMnpkypDo
 osx7OHyJ+ltr6SJnBur6VasEwLzXkfwpwaF/bBmJR+wlup3phmckFYEsa0bccXdamDvW6+x5D9Q
 GO/n/zGscIJ8xp8OXiYmi7JFSn5OnJaUbe1y9n
X-Received: by 2002:a50:ab4b:0:b0:579:c8cb:ec3d with SMTP id
 4fb4d7f45d1cf-57c509992b4mr2769355a12.37.1717836123004;
 Sat, 08 Jun 2024 01:42:03 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEzpj4GdYSkVyZaRVRRuEjsSa8mmoXx3GvFovkhKYzY9FRikRYiGDxCYCIVo2orShySTW5w4g==
X-Received: by 2002:a50:ab4b:0:b0:579:c8cb:ec3d with SMTP id
 4fb4d7f45d1cf-57c509992b4mr2769341a12.37.1717836122096;
 Sat, 08 Jun 2024 01:42:02 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PATCH 13/25] target/i386: convert non-grouped,
 helper-based 2-byte opcodes
Date: Sat,  8 Jun 2024 10:41:01 +0200
Message-ID: <20240608084113.2770363-14-pbonzini@redhat.com>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <20240608084113.2770363-1-pbonzini@redhat.com>
References: <20240608084113.2770363-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1717836190261100011
Content-Type: text/plain; charset="utf-8"

These have very simple generators and no need for complex group
decoding.  Apart from LAR/LSL which are simplified to use
gen_op_deposit_reg_v and movcond, the code is generally lifted
from translate.c into the generators.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/decode-new.h     |   7 ++
 target/i386/tcg/seg_helper.c     |  16 ++--
 target/i386/tcg/translate.c      | 148 ------------------------------
 target/i386/tcg/decode-new.c.inc |  48 +++++++---
 target/i386/tcg/emit.c.inc       | 151 +++++++++++++++++++++++++++++++
 5 files changed, 202 insertions(+), 168 deletions(-)

diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index b46a9a0ccb3..c9f958bb0e5 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -170,6 +170,13 @@ typedef enum X86InsnCheck {
     /* Fault outside protected mode, possibly including vm86 mode */
     X86_CHECK_prot_or_vm86 =3D 512,
     X86_CHECK_prot =3D X86_CHECK_prot_or_vm86 | X86_CHECK_no_vm86,
+
+    /* Fault outside SMM */
+    X86_CHECK_smm =3D 1024,
+
+    /* Vendor-specific checks for Intel/AMD differences */
+    X86_CHECK_i64_amd =3D 2048,
+    X86_CHECK_o64_intel =3D 4096,
 } X86InsnCheck;
=20
 typedef enum X86InsnSpecial {
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 715db1f2326..aee3d19f29b 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -2265,11 +2265,11 @@ void helper_sysexit(CPUX86State *env, int dflag)
 target_ulong helper_lsl(CPUX86State *env, target_ulong selector1)
 {
     unsigned int limit;
-    uint32_t e1, e2, eflags, selector;
+    uint32_t e1, e2, selector;
     int rpl, dpl, cpl, type;
=20
     selector =3D selector1 & 0xffff;
-    eflags =3D cpu_cc_compute_all(env);
+    assert(CC_OP =3D=3D CC_OP_EFLAGS);
     if ((selector & 0xfffc) =3D=3D 0) {
         goto fail;
     }
@@ -2301,22 +2301,22 @@ target_ulong helper_lsl(CPUX86State *env, target_ul=
ong selector1)
         }
         if (dpl < cpl || dpl < rpl) {
         fail:
-            CC_SRC =3D eflags & ~CC_Z;
+            CC_SRC &=3D ~CC_Z;
             return 0;
         }
     }
     limit =3D get_seg_limit(e1, e2);
-    CC_SRC =3D eflags | CC_Z;
+    CC_SRC |=3D CC_Z;
     return limit;
 }
=20
 target_ulong helper_lar(CPUX86State *env, target_ulong selector1)
 {
-    uint32_t e1, e2, eflags, selector;
+    uint32_t e1, e2, selector;
     int rpl, dpl, cpl, type;
=20
     selector =3D selector1 & 0xffff;
-    eflags =3D cpu_cc_compute_all(env);
+    assert(CC_OP =3D=3D CC_OP_EFLAGS);
     if ((selector & 0xfffc) =3D=3D 0) {
         goto fail;
     }
@@ -2351,11 +2351,11 @@ target_ulong helper_lar(CPUX86State *env, target_ul=
ong selector1)
         }
         if (dpl < cpl || dpl < rpl) {
         fail:
-            CC_SRC =3D eflags & ~CC_Z;
+            CC_SRC &=3D ~CC_Z;
             return 0;
         }
     }
-    CC_SRC =3D eflags | CC_Z;
+    CC_SRC |=3D CC_Z;
     return e2 & 0x00f0ff00;
 }
=20
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index ebae745ecba..4b2f7488022 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -246,7 +246,6 @@ STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs)
 STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
 STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
 STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
-STUB_HELPER(rdmsr, TCGv_env env)
 STUB_HELPER(stgi, TCGv_env env)
 STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type)
 STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag)
@@ -254,7 +253,6 @@ STUB_HELPER(vmmcall, TCGv_env env)
 STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs)
 STUB_HELPER(vmsave, TCGv_env env, TCGv_i32 aflag)
 STUB_HELPER(write_crN, TCGv_env env, TCGv_i32 reg, TCGv val)
-STUB_HELPER(wrmsr, TCGv_env env)
 #endif
=20
 static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num);
@@ -3470,97 +3468,6 @@ static void disas_insn_old(DisasContext *s, CPUState=
 *cpu, int b)
         }
         gen_op_mov_reg_v(s, ot, reg, s->T0);
         break;
-    case 0x130: /* wrmsr */
-    case 0x132: /* rdmsr */
-        if (check_cpl0(s)) {
-            gen_update_cc_op(s);
-            gen_update_eip_cur(s);
-            if (b & 2) {
-                gen_helper_rdmsr(tcg_env);
-            } else {
-                gen_helper_wrmsr(tcg_env);
-                s->base.is_jmp =3D DISAS_EOB_NEXT;
-            }
-        }
-        break;
-    case 0x131: /* rdtsc */
-        gen_update_cc_op(s);
-        gen_update_eip_cur(s);
-        translator_io_start(&s->base);
-        gen_helper_rdtsc(tcg_env);
-        break;
-    case 0x133: /* rdpmc */
-        gen_update_cc_op(s);
-        gen_update_eip_cur(s);
-        gen_helper_rdpmc(tcg_env);
-        s->base.is_jmp =3D DISAS_NORETURN;
-        break;
-    case 0x134: /* sysenter */
-        /* For AMD SYSENTER is not valid in long mode */
-        if (LMA(s) && env->cpuid_vendor1 !=3D CPUID_VENDOR_INTEL_1) {
-            goto illegal_op;
-        }
-        if (!PE(s)) {
-            gen_exception_gpf(s);
-        } else {
-            gen_helper_sysenter(tcg_env);
-            s->base.is_jmp =3D DISAS_EOB_ONLY;
-        }
-        break;
-    case 0x135: /* sysexit */
-        /* For AMD SYSEXIT is not valid in long mode */
-        if (LMA(s) && env->cpuid_vendor1 !=3D CPUID_VENDOR_INTEL_1) {
-            goto illegal_op;
-        }
-        if (!PE(s) || CPL(s) !=3D 0) {
-            gen_exception_gpf(s);
-        } else {
-            gen_helper_sysexit(tcg_env, tcg_constant_i32(dflag - 1));
-            s->base.is_jmp =3D DISAS_EOB_ONLY;
-        }
-        break;
-    case 0x105: /* syscall */
-        /* For Intel SYSCALL is only valid in long mode */
-        if (!LMA(s) && env->cpuid_vendor1 =3D=3D CPUID_VENDOR_INTEL_1) {
-            goto illegal_op;
-        }
-        gen_update_cc_op(s);
-        gen_update_eip_cur(s);
-        gen_helper_syscall(tcg_env, cur_insn_len_i32(s));
-        /* condition codes are modified only in long mode */
-        if (LMA(s)) {
-            assume_cc_op(s, CC_OP_EFLAGS);
-        }
-        /* TF handling for the syscall insn is different. The TF bit is  c=
hecked
-           after the syscall insn completes. This allows #DB to not be
-           generated after one has entered CPL0 if TF is set in FMASK.  */
-        s->base.is_jmp =3D DISAS_EOB_RECHECK_TF;
-        break;
-    case 0x107: /* sysret */
-        /* For Intel SYSRET is only valid in long mode */
-        if (!LMA(s) && env->cpuid_vendor1 =3D=3D CPUID_VENDOR_INTEL_1) {
-            goto illegal_op;
-        }
-        if (!PE(s) || CPL(s) !=3D 0) {
-            gen_exception_gpf(s);
-        } else {
-            gen_helper_sysret(tcg_env, tcg_constant_i32(dflag - 1));
-            /* condition codes are modified only in long mode */
-            if (LMA(s)) {
-                assume_cc_op(s, CC_OP_EFLAGS);
-            }
-            /* TF handling for the sysret insn is different. The TF bit is
-               checked after the sysret insn completes. This allows #DB to=
 be
-               generated "as if" the syscall insn in userspace has just
-               completed.  */
-            s->base.is_jmp =3D DISAS_EOB_RECHECK_TF;
-        }
-        break;
-    case 0x1a2: /* cpuid */
-        gen_update_cc_op(s);
-        gen_update_eip_cur(s);
-        gen_helper_cpuid(tcg_env);
-        break;
     case 0x100:
         modrm =3D x86_ldub_code(env, s);
         mod =3D (modrm >> 6) & 3;
@@ -3964,39 +3871,6 @@ static void disas_insn_old(DisasContext *s, CPUState=
 *cpu, int b)
         }
         break;
=20
-    case 0x108: /* invd */
-    case 0x109: /* wbinvd; wbnoinvd with REPZ prefix */
-        if (check_cpl0(s)) {
-            gen_svm_check_intercept(s, (b & 1) ? SVM_EXIT_WBINVD : SVM_EXI=
T_INVD);
-            /* nothing to do */
-        }
-        break;
-    case 0x102: /* lar */
-    case 0x103: /* lsl */
-        {
-            TCGLabel *label1;
-            TCGv t0;
-            if (!PE(s) || VM86(s))
-                goto illegal_op;
-            ot =3D dflag !=3D MO_16 ? MO_32 : MO_16;
-            modrm =3D x86_ldub_code(env, s);
-            reg =3D ((modrm >> 3) & 7) | REX_R(s);
-            gen_ld_modrm(env, s, modrm, MO_16);
-            t0 =3D tcg_temp_new();
-            gen_update_cc_op(s);
-            if (b =3D=3D 0x102) {
-                gen_helper_lar(t0, tcg_env, s->T0);
-            } else {
-                gen_helper_lsl(t0, tcg_env, s->T0);
-            }
-            tcg_gen_andi_tl(s->tmp0, cpu_cc_src, CC_Z);
-            label1 =3D gen_new_label();
-            tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1);
-            gen_op_mov_reg_v(s, ot, reg, t0);
-            gen_set_label(label1);
-            set_cc_op(s, CC_OP_EFLAGS);
-        }
-        break;
     case 0x11a:
         modrm =3D x86_ldub_code(env, s);
         if (s->flags & HF_MPX_EN_MASK) {
@@ -4188,28 +4062,6 @@ static void disas_insn_old(DisasContext *s, CPUState=
 *cpu, int b)
         }
         gen_nop_modrm(env, s, modrm);
         break;
-
-    case 0x106: /* clts */
-        if (check_cpl0(s)) {
-            gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0);
-            gen_helper_clts(tcg_env);
-            /* abort block because static cpu state changed */
-            s->base.is_jmp =3D DISAS_EOB_NEXT;
-        }
-        break;
-    case 0x1aa: /* rsm */
-        gen_svm_check_intercept(s, SVM_EXIT_RSM);
-        if (!(s->flags & HF_SMM_MASK))
-            goto illegal_op;
-#ifdef CONFIG_USER_ONLY
-        /* we should not be in SMM mode */
-        g_assert_not_reached();
-#else
-        gen_helper_rsm(tcg_env);
-        assume_cc_op(s, CC_OP_EFLAGS);
-#endif /* CONFIG_USER_ONLY */
-        s->base.is_jmp =3D DISAS_EOB_ONLY;
-        break;
     case 0x1b8: /* SSE4.2 popcnt */
         if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=3D
              PREFIX_REPZ)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.=
c.inc
index f02f7c62647..1db9d1e2bc3 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -223,6 +223,8 @@
 #define vex13 .vex_class =3D 13,
=20
 #define chk(a) .check =3D X86_CHECK_##a,
+#define chk2(a, b) .check =3D X86_CHECK_##a | X86_CHECK_##b,
+#define chk3(a, b, c) .check =3D X86_CHECK_##a | X86_CHECK_##b | X86_CHECK=
_##c,
 #define svm(a) .intercept =3D SVM_EXIT_##a, .has_intercept =3D true,
=20
 #define avx2_256 .vex_special =3D X86_VEX_AVX2_256,
@@ -1027,6 +1029,12 @@ static void decode_MOV_CR_DR(DisasContext *s, CPUX86=
State *env, X86OpEntry *entr
 }
=20
 static const X86OpEntry opcodes_0F[256] =3D {
+    [0x02] =3D X86_OP_ENTRYwr(LAR,        G,v, E,w,             chk(prot)),
+    [0x03] =3D X86_OP_ENTRYwr(LSL,        G,v, E,w,             chk(prot)),
+    [0x05] =3D X86_OP_ENTRY0(SYSCALL,                           chk(o64_in=
tel)),
+    [0x06] =3D X86_OP_ENTRY0(CLTS,                              chk(cpl0) =
svm(WRITE_CR0)),
+    [0x07] =3D X86_OP_ENTRY0(SYSRET,                            chk3(o64_i=
ntel, prot, cpl0)),
+
     [0x10] =3D X86_OP_GROUP0(0F10),
     [0x11] =3D X86_OP_GROUP0(0F11),
     [0x12] =3D X86_OP_GROUP0(0F12),
@@ -1042,6 +1050,13 @@ static const X86OpEntry opcodes_0F[256] =3D {
     [0x22] =3D X86_OP_GROUPwr(MOV_CR_DR,   C,y, R,y, zextT0 chk(cpl0) svm(=
WRITE_CR0)),
     [0x23] =3D X86_OP_GROUPwr(MOV_CR_DR,   D,y, R,y, zextT0 chk(cpl0) svm(=
WRITE_DR0)),
=20
+    [0x30] =3D X86_OP_ENTRY0(WRMSR,                             chk(cpl0)),
+    [0x31] =3D X86_OP_ENTRY0(RDTSC),
+    [0x32] =3D X86_OP_ENTRY0(RDMSR,                             chk(cpl0)),
+    [0x33] =3D X86_OP_ENTRY0(RDPMC),
+    [0x34] =3D X86_OP_ENTRY0(SYSENTER,                          chk2(i64_a=
md, prot_or_vm86)),
+    [0x35] =3D X86_OP_ENTRY0(SYSEXIT,                           chk3(i64_a=
md, prot, cpl0)),
+
     [0x40] =3D X86_OP_ENTRY2(CMOVcc,     G,v, E,v, cpuid(CMOV)),
     [0x41] =3D X86_OP_ENTRY2(CMOVcc,     G,v, E,v, cpuid(CMOV)),
     [0x42] =3D X86_OP_ENTRY2(CMOVcc,     G,v, E,v, cpuid(CMOV)),
@@ -1098,6 +1113,7 @@ static const X86OpEntry opcodes_0F[256] =3D {
=20
     [0xa0] =3D X86_OP_ENTRYr(PUSH, FS, w),
     [0xa1] =3D X86_OP_ENTRYw(POP, FS, w),
+    [0xa2] =3D X86_OP_ENTRY0(CPUID),
=20
     [0xb2] =3D X86_OP_ENTRY3(LSS,    G,v, EM,p, None, None),
     [0xb4] =3D X86_OP_ENTRY3(LFS,    G,v, EM,p, None, None),
@@ -1138,6 +1154,8 @@ static const X86OpEntry opcodes_0F[256] =3D {
     [0xf6] =3D X86_OP_ENTRY3(PSADBW,   V,x, H,x, W,x,         vex4 mmx avx=
2_256 p_00_66),
     [0xf7] =3D X86_OP_ENTRY3(MASKMOV,  None,None, V,dq, U,dq, vex4_unal av=
x2_256 mmx p_00_66),
=20
+    [0x08] =3D X86_OP_ENTRY0(NOP,           svm(INVD)),
+    [0x09] =3D X86_OP_ENTRY0(NOP,           svm(WBINVD)),
     [0x0b] =3D X86_OP_ENTRY0(UD),           /* UD2 */
     [0x0d] =3D X86_OP_ENTRY1(NOP,  M,v),    /* 3DNow! prefetch */
     [0x0e] =3D X86_OP_ENTRY0(EMMS,                              cpuid(3DNO=
W)), /* femms */
@@ -1221,6 +1239,7 @@ static const X86OpEntry opcodes_0F[256] =3D {
=20
     [0xa8] =3D X86_OP_ENTRYr(PUSH,   GS, w),
     [0xa9] =3D X86_OP_ENTRYw(POP,    GS, w),
+    [0xaa] =3D X86_OP_ENTRY0(RSM,             chk(smm) svm(RSM)),
     [0xae] =3D X86_OP_GROUP0(group15),
     /*
      * It's slightly more efficient to put Ev operand in T0 and allow gen_=
IMUL3
@@ -2511,12 +2530,10 @@ static void disas_insn(DisasContext *s, CPUState *c=
pu)
         if (b =3D=3D 0x0f) {
             b =3D x86_ldub_code(env, s);
             switch (b) {
-            case 0x00 ... 0x03: /* mostly privileged instructions */
-            case 0x05 ... 0x09:
+            case 0x00 ... 0x01: /* mostly privileged instructions */
             case 0x1a ... 0x1b: /* MPX */
-            case 0x30 ... 0x35: /* more privileged instructions */
-            case 0xa2 ... 0xa5: /* CPUID, BT, SHLD */
-            case 0xaa ... 0xad: /* RSM, SHRD */
+            case 0xa3 ... 0xa5: /* BT, SHLD */
+            case 0xab ... 0xad: /* BTS, SHRD */
             case 0xb0 ... 0xb1: /* cmpxchg */
             case 0xb3:          /* btr */
             case 0xb8:          /* integer ops */
@@ -2548,13 +2565,18 @@ static void disas_insn(DisasContext *s, CPUState *c=
pu)
=20
     /* Checks that result in #UD come first.  */
     if (decode.e.check) {
-        if (decode.e.check & X86_CHECK_i64) {
-            if (CODE64(s)) {
+        if (CODE64(s)) {
+            if (decode.e.check & X86_CHECK_i64) {
                 goto illegal_op;
             }
-        }
-        if (decode.e.check & X86_CHECK_o64) {
-            if (!CODE64(s)) {
+            if ((decode.e.check & X86_CHECK_i64_amd) && env->cpuid_vendor1=
 !=3D CPUID_VENDOR_INTEL_1) {
+                goto illegal_op;
+            }
+        } else {
+            if (decode.e.check & X86_CHECK_o64) {
+                goto illegal_op;
+            }
+            if ((decode.e.check & X86_CHECK_o64_intel) && env->cpuid_vendo=
r1 =3D=3D CPUID_VENDOR_INTEL_1) {
                 goto illegal_op;
             }
         }
@@ -2638,8 +2660,7 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
      * exceptions if there is no memory operand).  Exceptions are
      * vm86 checks (INTn, IRET, PUSHF/POPF), RSM and XSETBV (!).
      *
-     * RSM and XSETBV will be handled in the gen_* functions
-     * instead of using chk().
+     * XSETBV will check for CPL0 in the gen_* function instead of using c=
hk().
      */
     if (decode.e.check & X86_CHECK_cpl0) {
         if (CPL(s) !=3D 0) {
@@ -2651,6 +2672,9 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
                                        tcg_constant_i32(decode.e.intercept=
));
     }
     if (decode.e.check) {
+        if ((decode.e.check & X86_CHECK_smm) && !(s->flags & HF_SMM_MASK))=
 {
+            goto illegal_op;
+        }
         if ((decode.e.check & X86_CHECK_vm86_iopl) && VM86(s)) {
             if (IOPL(s) < 3) {
                 goto gp_fault;
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 709ef7b0cb2..f788e1fa4c8 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1410,6 +1410,13 @@ static void gen_CLI(DisasContext *s, X86DecodedInsn =
*decode)
     gen_reset_eflags(s, IF_MASK);
 }
=20
+static void gen_CLTS(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_helper_clts(tcg_env);
+    /* abort block because static cpu state changed */
+    s->base.is_jmp =3D DISAS_EOB_NEXT;
+}
+
 static void gen_CMC(DisasContext *s, X86DecodedInsn *decode)
 {
     gen_compute_eflags(s);
@@ -1534,6 +1541,13 @@ static void gen_CMPS(DisasContext *s, X86DecodedInsn=
 *decode)
     }
 }
=20
+static void gen_CPUID(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    gen_helper_cpuid(tcg_env);
+}
+
 static void gen_CRC32(DisasContext *s, X86DecodedInsn *decode)
 {
     MemOp ot =3D decode->op[2].ot;
@@ -1977,6 +1991,23 @@ static void gen_LAHF(DisasContext *s, X86DecodedInsn=
 *decode)
     tcg_gen_deposit_tl(cpu_regs[R_EAX], cpu_regs[R_EAX], s->T0, 8, 8);
 }
=20
+static void gen_LAR(DisasContext *s, X86DecodedInsn *decode)
+{
+    MemOp ot =3D decode->op[0].ot;
+    TCGv result =3D tcg_temp_new();
+    TCGv dest;
+
+    gen_compute_eflags(s);
+    gen_update_cc_op(s);
+    gen_helper_lar(result, tcg_env, s->T0);
+
+    /* Perform writeback here to skip it if ZF=3D0.  */
+    decode->op[0].unit =3D X86_OP_SKIP;
+    dest =3D gen_op_deposit_reg_v(s, ot, decode->op[0].n, result, result);
+    tcg_gen_movcond_tl(TCG_COND_TSTNE, dest, cpu_cc_src, tcg_constant_tl(C=
C_Z),
+                       result, dest);
+}
+
 static void gen_LDMXCSR(DisasContext *s, X86DecodedInsn *decode)
 {
     tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
@@ -2075,6 +2106,23 @@ static void gen_LOOPNE(DisasContext *s, X86DecodedIn=
sn *decode)
     gen_conditional_jump_labels(s, decode->immediate, not_taken, taken);
 }
=20
+static void gen_LSL(DisasContext *s, X86DecodedInsn *decode)
+{
+    MemOp ot =3D decode->op[0].ot;
+    TCGv result =3D tcg_temp_new();
+    TCGv dest;
+
+    gen_compute_eflags(s);
+    gen_update_cc_op(s);
+    gen_helper_lsl(result, tcg_env, s->T0);
+
+    /* Perform writeback here to skip it if ZF=3D0.  */
+    decode->op[0].unit =3D X86_OP_SKIP;
+    dest =3D gen_op_deposit_reg_v(s, ot, decode->op[0].n, result, result);
+    tcg_gen_movcond_tl(TCG_COND_TSTNE, dest, cpu_cc_src, tcg_constant_tl(C=
C_Z),
+                       result, dest);
+}
+
 static void gen_LSS(DisasContext *s, X86DecodedInsn *decode)
 {
     gen_lxx_seg(s, decode, R_SS);
@@ -3118,6 +3166,41 @@ static void gen_RCR(DisasContext *s, X86DecodedInsn =
*decode)
     }
 }
=20
+#ifdef CONFIG_USER_ONLY
+static void gen_unreachable(DisasContext *s, X86DecodedInsn *decode)
+{
+    g_assert_not_reached();
+}
+#endif
+
+#ifndef CONFIG_USER_ONLY
+static void gen_RDMSR(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    gen_helper_rdmsr(tcg_env);
+}
+#else
+#define gen_RDMSR gen_unreachable
+#endif
+
+static void gen_RDPMC(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    translator_io_start(&s->base);
+    gen_helper_rdpmc(tcg_env);
+    s->base.is_jmp =3D DISAS_NORETURN;
+}
+
+static void gen_RDTSC(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    translator_io_start(&s->base);
+    gen_helper_rdtsc(tcg_env);
+}
+
 static void gen_RDxxBASE(DisasContext *s, X86DecodedInsn *decode)
 {
     TCGv base =3D cpu_seg_base[s->modrm & 8 ? R_GS : R_FS];
@@ -3290,6 +3373,17 @@ static void gen_RORX(DisasContext *s, X86DecodedInsn=
 *decode)
     }
 }
=20
+#ifndef CONFIG_USER_ONLY
+static void gen_RSM(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_helper_rsm(tcg_env);
+    assume_cc_op(s, CC_OP_EFLAGS);
+    s->base.is_jmp =3D DISAS_EOB_ONLY;
+}
+#else
+#define gen_RSM gen_UD
+#endif
+
 static void gen_SAHF(DisasContext *s, X86DecodedInsn *decode)
 {
     if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) {
@@ -3586,6 +3680,51 @@ static void gen_SUB(DisasContext *s, X86DecodedInsn =
*decode)
     prepare_update2_cc(decode, s, CC_OP_SUBB + ot);
 }
=20
+static void gen_SYSCALL(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    gen_helper_syscall(tcg_env, cur_insn_len_i32(s));
+    if (LMA(s)) {
+        assume_cc_op(s, CC_OP_EFLAGS);
+    }
+
+    /*
+     * TF handling for the syscall insn is different. The TF bit is checked
+     * after the syscall insn completes. This allows #DB to not be
+     * generated after one has entered CPL0 if TF is set in FMASK.
+     */
+    s->base.is_jmp =3D DISAS_EOB_RECHECK_TF;
+}
+
+static void gen_SYSENTER(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_helper_sysenter(tcg_env);
+    s->base.is_jmp =3D DISAS_EOB_ONLY;
+}
+
+static void gen_SYSEXIT(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_helper_sysexit(tcg_env, tcg_constant_i32(s->dflag - 1));
+    s->base.is_jmp =3D DISAS_EOB_ONLY;
+}
+
+static void gen_SYSRET(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_helper_sysret(tcg_env, tcg_constant_i32(s->dflag - 1));
+    if (LMA(s)) {
+        assume_cc_op(s, CC_OP_EFLAGS);
+    }
+
+    /*
+     * TF handling for the sysret insn is different. The TF bit is checked
+     * after the sysret insn completes. This allows #DB to be
+     * generated "as if" the syscall insn in userspace has just
+     * completed.
+     */
+    s->base.is_jmp =3D DISAS_EOB_RECHECK_TF;
+}
+
 static void gen_UD(DisasContext *s, X86DecodedInsn *decode)
 {
     gen_illegal_opcode(s);
@@ -4082,6 +4221,18 @@ static void gen_WAIT(DisasContext *s, X86DecodedInsn=
 *decode)
     }
 }
=20
+#ifndef CONFIG_USER_ONLY
+static void gen_WRMSR(DisasContext *s, X86DecodedInsn *decode)
+{
+    gen_update_cc_op(s);
+    gen_update_eip_cur(s);
+    gen_helper_wrmsr(tcg_env);
+    s->base.is_jmp =3D DISAS_EOB_NEXT;
+}
+#else
+#define gen_WRMSR gen_unreachable
+#endif
+
 static void gen_WRxxBASE(DisasContext *s, X86DecodedInsn *decode)
 {
     TCGv base =3D cpu_seg_base[s->modrm & 8 ? R_GS : R_FS];
--=20
2.45.1