target/i386: fix operand order for PDEP and PEXT

For PDEP and PEXT, the mask is provided in the memory (mod+r/m) operand, and therefore is loaded in s->T0 by gen_ldst_modrm. The source is provided in the second source operand (VEX.vvvv) and therefore is loaded in s->T1. Fix the order in which they are passed to the helpers. Reported-by: Lenard Szolnoki <blog@lenardszolnoki.com> Analyzed-by: Lenard Szolnoki <blog@lenardszolnoki.com> Fixes: https://bugs.launchpad.net/qemu/+bug/1605123 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2020-11-23 07:17:47 -0500
committer: Paolo Bonzini <pbonzini@redhat.com> 2020-12-10 12:14:49 -0500
commit: 75b208c28316095c4685e8596ceb9e3f656592e2 (patch)
tree: b5ecca206a49e734a405ac1b5da1bcf963016552 /target
parent: 379e9eaed497a2e09b5985e1e15967d7bfea8296 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 4c57307e42..e8f5f5803a 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -3936,14 +3936,14 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b,
                 }
                 ot = mo_64_32(s->dflag);
                 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
-                /* Note that by zero-extending the mask operand, we
+                /* Note that by zero-extending the source operand, we
                    automatically handle zero-extending the result.  */
                 if (ot == MO_64) {
                     tcg_gen_mov_tl(s->T1, cpu_regs[s->vex_v]);
                 } else {
                     tcg_gen_ext32u_tl(s->T1, cpu_regs[s->vex_v]);
                 }
-                gen_helper_pdep(cpu_regs[reg], s->T0, s->T1);
+                gen_helper_pdep(cpu_regs[reg], s->T1, s->T0);
                 break;
 
             case 0x2f5: /* pext Gy, By, Ey */
@@ -3954,14 +3954,14 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b,
                 }
                 ot = mo_64_32(s->dflag);
                 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
-                /* Note that by zero-extending the mask operand, we
+                /* Note that by zero-extending the source operand, we
                    automatically handle zero-extending the result.  */
                 if (ot == MO_64) {
                     tcg_gen_mov_tl(s->T1, cpu_regs[s->vex_v]);
                 } else {
                     tcg_gen_ext32u_tl(s->T1, cpu_regs[s->vex_v]);
                 }
-                gen_helper_pext(cpu_regs[reg], s->T0, s->T1);
+                gen_helper_pext(cpu_regs[reg], s->T1, s->T0);
                 break;
 
             case 0x1f6: /* adcx Gy, Ey */
author	Paolo Bonzini <pbonzini@redhat.com>	2020-11-23 07:17:47 -0500
committer	Paolo Bonzini <pbonzini@redhat.com>	2020-12-10 12:14:49 -0500
commit	75b208c28316095c4685e8596ceb9e3f656592e2 (patch)
tree	b5ecca206a49e734a405ac1b5da1bcf963016552 /target
parent	379e9eaed497a2e09b5985e1e15967d7bfea8296 (diff)