Changeset 47382 in vbox for trunk/src/VBox/VMM/VMMAll

Timestamp:

Jul 24, 2013 10:31:09 PM (12 years ago)

Author:

vboxsync

Message:

IEM: MOVD XM,GREG (sse2,mmx); REX prefix decoding fixes (must be last prefix). VEX preps, correcting LDS and LES to not be available in 64-bit mode.

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAll.cpp (modified) (3 diffs)
• IEMAllInstructions.cpp.h (modified) (41 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -6674 +6674 @@
             return iemRaiseMathFault(pIemCpu); \
     } while (0)
+#define IEM_MC_MAYBE_RAISE_SSE2_RELATED_XCPT() \
+    do { \
+        if (   (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
+            || !(pIemCpu->CTX_SUFF(pCtx)->cr4 & X86_CR4_OSFSXR) \
+            || !IEM_IS_INTEL_CPUID_FEATURE_PRESENT_EDX(X86_CPUID_FEATURE_EDX_SSE2) ) \
+            return iemRaiseUndefinedOpcode(pIemCpu); \
+        if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
+            return iemRaiseDeviceNotAvailable(pIemCpu); \
+    } while (0)
+#define IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT() \
+    do { \
+        if (   ((pIemCpu)->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
+            || !IEM_IS_INTEL_CPUID_FEATURE_PRESENT_EDX(X86_CPUID_FEATURE_EDX_MMX) ) \
+            return iemRaiseUndefinedOpcode(pIemCpu); \
+        if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
+            return iemRaiseDeviceNotAvailable(pIemCpu); \
+    } while (0)
 #define IEM_MC_RAISE_GP0_IF_CPL_NOT_ZERO() \
     do { \
@@ -6834 +6851 @@
 
 #define IEM_MC_CLEAR_FSW_EX()   do { (pIemCpu)->CTX_SUFF(pCtx)->fpu.FSW &= X86_FSW_C_MASK | X86_FSW_TOP_MASK; } while (0)
+
+
+#define IEM_MC_STORE_MREG_U64(a_iMReg, a_u64Value) \
+    do { pIemCpu->CTX_SUFF(pCtx)->fpu.aRegs[(a_iMReg)].mmx = (a_u64Value); } while (0)
+#define IEM_MC_STORE_MREG_U32_ZX_U64(a_iMReg, a_u32Value) \
+    do { pIemCpu->CTX_SUFF(pCtx)->fpu.aRegs[(a_iMReg)].mmx = (uint32_t)(a_u32Value); } while (0)
+
+#define IEM_MC_STORE_XREG_U64_ZX_U128(a_iXReg, a_u64Value) \
+    do { pIemCpu->CTX_SUFF(pCtx)->fpu.aXMM[(a_iXReg)].au64[0] = (a_u64Value); \
+         pIemCpu->CTX_SUFF(pCtx)->fpu.aXMM[(a_iXReg)].au64[1] = 0; \
+    } while (0)
+#define IEM_MC_STORE_XREG_U32_ZX_U128(a_iXReg, a_u32Value) \
+    do { pIemCpu->CTX_SUFF(pCtx)->fpu.aXMM[(a_iXReg)].au64[0] = (uint32_t)(a_u32Value); \
+         pIemCpu->CTX_SUFF(pCtx)->fpu.aXMM[(a_iXReg)].au64[1] = 0; \
+    } while (0)
 
 
@@ -7429 +7461 @@
         if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
             pIemCpu->enmEffOpSize = pIemCpu->enmDefOpSize = IEMMODE_64BIT; \
+    } while (0)
+
+/** Only a REX prefix immediately preceeding the first opcode byte takes
+ * effect. This macro helps ensuring this as well as logging bad guest code.  */
+#define IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE(a_szPrf) \
+    do \
+    { \
+        if (RT_UNLIKELY(pIemCpu->fPrefixes & IEM_OP_PRF_REX)) \
+        { \
+            Log5((a_szPrf ## ": Overriding REX prefix at %RX16! fPrefixes=%#x\n", \
+                  pIemCpu->CTX_SUFF(pCtx)->rip, pIemCpu->fPrefixes)); \
+            pIemCpu->fPrefixes &= ~IEM_OP_PRF_REX_MASK; \
+            pIemCpu->uRexB     = 0; \
+            pIemCpu->uRexIndex = 0; \
+            pIemCpu->uRexReg   = 0; \
+            iemRecalEffOpSize(pIemCpu); \
+        } \
     } while (0)
 

trunk/src/VBox/VMM/VMMAll/IEMAllInstructions.cpp.h

@@ -1822 +1822 @@
 FNIEMOP_STUB(iemOp_maxps_Vps_Wps__maxpd_Vpd_Wpd__maxss_Vss_Wss__maxsd_Vsd_Wsd);
 /** Opcode 0x0f 0x60. */
-FNIEMOP_STUB(iemOp_punpcklbw_Pq_Qd__punpcklbw_Vdq_Wdq);
+FNIEMOP_STUB(iemOp_punpcklbw_Pq_Qd__punpcklbw_Vdq_Wdq); // NEXT
 /** Opcode 0x0f 0x61. */
 FNIEMOP_STUB(iemOp_punpcklwd_Pq_Qd__punpcklwd_Vdq_Wdq);
@@ -1849 +1849 @@
 /** Opcode 0x0f 0x6d. */
 FNIEMOP_STUB(iemOp_punpckhqdq_Vdq_Wdq);
+
+
 /** Opcode 0x0f 0x6e. */
-FNIEMOP_STUB(iemOp_movd_q_Pd_Ey__movd_q_Vy_Ey);
+FNIEMOP_DEF(iemOp_movd_q_Pd_Ey__movd_q_Vy_Ey)
+{
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+    {
+        IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+        IEM_MC_BEGIN(0, 1);
+        if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP)
+        {
+            /* XMM, greg*/
+            IEM_MC_MAYBE_RAISE_SSE2_RELATED_XCPT();
+            if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_REX_W)
+            {
+                IEM_MC_LOCAL(uint64_t, u64Tmp);
+                IEM_MC_FETCH_GREG_U64(u64Tmp, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+                IEM_MC_STORE_XREG_U64_ZX_U128(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u64Tmp);
+            }
+            else
+            {
+                IEM_MC_LOCAL(uint32_t, u32Tmp);
+                IEM_MC_FETCH_GREG_U32(u32Tmp, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+                IEM_MC_STORE_XREG_U32_ZX_U128(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u32Tmp);
+            }
+        }
+        else
+        {
+            /* MMX, greg */
+            IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT();
+            IEM_MC_LOCAL(uint64_t, u64Tmp);
+            if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_REX_W)
+                IEM_MC_FETCH_GREG_U64(u64Tmp, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+            else
+                IEM_MC_FETCH_GREG_U32_ZX_U64(u64Tmp, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+            IEM_MC_STORE_MREG_U64(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u64Tmp);
+        }
+        IEM_MC_ADVANCE_RIP();
+        IEM_MC_END();
+    }
+    else
+    {
+        /* memory source operand. */
+        IEM_MC_BEGIN(0, 2);
+        IEM_MC_LOCAL(RTGCPTR, GCPtrEffSrc);
+        if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP)
+        {
+            /* XMM, [mem] */
+            IEM_MC_MAYBE_RAISE_SSE2_RELATED_XCPT();
+            IEM_MC_CALC_RM_EFF_ADDR(GCPtrEffSrc, bRm, 1);
+            IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+            if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_REX_W)
+            {
+                IEM_MC_LOCAL(uint64_t, u64Tmp);
+                IEM_MC_FETCH_MEM_U64(u64Tmp, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_STORE_XREG_U64_ZX_U128(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u64Tmp);
+            }
+            else
+            {
+                IEM_MC_LOCAL(uint32_t, u32Tmp);
+                IEM_MC_FETCH_MEM_U32(u32Tmp, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_STORE_XREG_U32_ZX_U128(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u32Tmp);
+            }
+        }
+        else
+        {
+            /* MMX, [mem] */
+            IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT();
+            IEM_MC_CALC_RM_EFF_ADDR(GCPtrEffSrc, bRm, 1);
+            IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+            if (pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_REX_W)
+            {
+                IEM_MC_LOCAL(uint64_t, u64Tmp);
+                IEM_MC_FETCH_MEM_U64(u64Tmp, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_STORE_MREG_U64(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u64Tmp);
+            }
+            else
+            {
+                IEM_MC_LOCAL(uint32_t, u32Tmp);
+                IEM_MC_FETCH_MEM_U32(u32Tmp, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_STORE_MREG_U32_ZX_U64(((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg, u32Tmp);
+            }
+        }
+        IEM_MC_ADVANCE_RIP();
+        IEM_MC_END();
+    }
+
+    return VINF_SUCCESS;
+}
+
 /** Opcode 0x0f 0x6f. */
-FNIEMOP_STUB(iemOp_movq_Pq_Qq__movdqa_Vdq_Wdq__movdqu_Vdq_Wdq);
+FNIEMOP_STUB(iemOp_movq_Pq_Qq__movdqa_Vdq_Wdq__movdqu_Vdq_Wdq); // NEXT
 /** Opcode 0x0f 0x70. */
-FNIEMOP_STUB(iemOp_pshufw_Pq_Qq_Ib__pshufd_Vdq_Wdq_Ib__pshufhw_Vdq_Wdq_Ib__pshuflq_Vdq_Wdq_Ib);
+FNIEMOP_STUB(iemOp_pshufw_Pq_Qq_Ib__pshufd_Vdq_Wdq_Ib__pshufhw_Vdq_Wdq_Ib__pshuflq_Vdq_Wdq_Ib); // NEXT
 
 /** Opcode 0x0f 0x71 11/2. */
@@ -2027 +2116 @@
 
 /** Opcode 0x0f 0x74. */
-FNIEMOP_STUB(iemOp_pcmpeqb_Pq_Qq__pcmpeqb_Vdq_Wdq);
+FNIEMOP_STUB(iemOp_pcmpeqb_Pq_Qq__pcmpeqb_Vdq_Wdq); // NEXT
 /** Opcode 0x0f 0x75. */
 FNIEMOP_STUB(iemOp_pcmpeqw_Pq_Qq__pcmpeqw_Vdq_Wdq);
@@ -4305 +4394 @@
 
 
-FNIEMOP_DEF_1(iemOpCommonLoadSRegAndGreg, uint8_t, iSegReg)
-{
-    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
-    IEMOP_HLP_NO_LOCK_PREFIX(); /** @todo should probably not be raised until we've fetched all the opcode bytes? */
-
-    /* The source cannot be a register. */
-    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
-        return IEMOP_RAISE_INVALID_OPCODE();
+FNIEMOP_DEF_2(iemOpCommonLoadSRegAndGreg, uint8_t, iSegReg, uint8_t, bRm)
+{
+    Assert((bRm & X86_MODRM_MOD_MASK) != (3 << X86_MODRM_MOD_SHIFT)); /* Caller checks this */
     uint8_t const iGReg = ((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg;
 
@@ -4326 +4410 @@
             IEM_MC_LOCAL(RTGCPTR,       GCPtrEff);
             IEM_MC_CALC_RM_EFF_ADDR(GCPtrEff, bRm, 0);
+            IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
             IEM_MC_FETCH_MEM_U16(offSeg, pIemCpu->iEffSeg, GCPtrEff);
             IEM_MC_FETCH_MEM_U16_DISP(uSel, pIemCpu->iEffSeg, GCPtrEff, 2);
@@ -4341 +4426 @@
             IEM_MC_LOCAL(RTGCPTR,       GCPtrEff);
             IEM_MC_CALC_RM_EFF_ADDR(GCPtrEff, bRm, 0);
+            IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
             IEM_MC_FETCH_MEM_U32(offSeg, pIemCpu->iEffSeg, GCPtrEff);
             IEM_MC_FETCH_MEM_U16_DISP(uSel, pIemCpu->iEffSeg, GCPtrEff, 4);
@@ -4356 +4442 @@
             IEM_MC_LOCAL(RTGCPTR,       GCPtrEff);
             IEM_MC_CALC_RM_EFF_ADDR(GCPtrEff, bRm, 0);
-            IEM_MC_FETCH_MEM_U64(offSeg, pIemCpu->iEffSeg, GCPtrEff);
+            IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+            if (IEM_IS_GUEST_CPU_AMD(pIemCpu)) /** @todo testcase: rev 3.15 of the amd manuals claims it only loads a 32-bit greg. */
+                IEM_MC_FETCH_MEM_U32_SX_U64(offSeg, pIemCpu->iEffSeg, GCPtrEff);
+            else
+                IEM_MC_FETCH_MEM_U64(offSeg, pIemCpu->iEffSeg, GCPtrEff);
             IEM_MC_FETCH_MEM_U16_DISP(uSel, pIemCpu->iEffSeg, GCPtrEff, 8);
             IEM_MC_CALL_CIMPL_5(iemCImpl_load_SReg_Greg, uSel, offSeg, iSegRegArg, iGRegArg, enmEffOpSize);
@@ -4371 +4461 @@
 {
     IEMOP_MNEMONIC("lss Gv,Mp");
-    return FNIEMOP_CALL_1(iemOpCommonLoadSRegAndGreg, X86_SREG_SS);
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+        return IEMOP_RAISE_INVALID_OPCODE();
+    return FNIEMOP_CALL_2(iemOpCommonLoadSRegAndGreg, X86_SREG_SS, bRm);
 }
 
@@ -4387 +4480 @@
 {
     IEMOP_MNEMONIC("lfs Gv,Mp");
-    return FNIEMOP_CALL_1(iemOpCommonLoadSRegAndGreg, X86_SREG_FS);
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+        return IEMOP_RAISE_INVALID_OPCODE();
+    return FNIEMOP_CALL_2(iemOpCommonLoadSRegAndGreg, X86_SREG_FS, bRm);
 }
 
@@ -4395 +4491 @@
 {
     IEMOP_MNEMONIC("lgs Gv,Mp");
-    return FNIEMOP_CALL_1(iemOpCommonLoadSRegAndGreg, X86_SREG_GS);
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+        return IEMOP_RAISE_INVALID_OPCODE();
+    return FNIEMOP_CALL_2(iemOpCommonLoadSRegAndGreg, X86_SREG_GS, bRm);
 }
 
@@ -5377 +5476 @@
 FNIEMOP_STUB(iemOp_movq_Wq_Vq__movq2dq_Vdq_Nq__movdq2q_Pq_Uq);
 /** Opcode 0x0f 0xd7. */
-FNIEMOP_STUB(iemOp_pmovmskb_Gd_Nq__pmovmskb_Gd_Udq);
+FNIEMOP_STUB(iemOp_pmovmskb_Gd_Nq__pmovmskb_Gd_Udq); //NEXT
 /** Opcode 0x0f 0xd8. */
 FNIEMOP_STUB(iemOp_psubusb_Pq_Qq__psubusb_Vdq_Wdq);
@@ -5425 +5524 @@
 FNIEMOP_STUB(iemOp_pmaxsw_Pq_Qq__pmaxsw_Vdq_Wdq);
 /** Opcode 0x0f 0xef. */
-FNIEMOP_STUB(iemOp_pxor_Pq_Qq__pxor_Vdq_Wdq);
+FNIEMOP_STUB(iemOp_pxor_Pq_Qq__pxor_Vdq_Wdq); // NEXT
 /** Opcode 0x0f 0xf0. */
 FNIEMOP_STUB(iemOp_lddqu_Vdq_Mdq);
@@ -6050 +6149 @@
 FNIEMOP_DEF(iemOp_seg_ES)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg es");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_ES;
     pIemCpu->iEffSeg    = X86_SREG_ES;
@@ -6113 +6213 @@
 FNIEMOP_DEF(iemOp_seg_CS)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg cs");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_CS;
     pIemCpu->iEffSeg    = X86_SREG_CS;
@@ -6182 +6283 @@
 FNIEMOP_DEF(iemOp_seg_SS)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg ss");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_SS;
     pIemCpu->iEffSeg    = X86_SREG_SS;
@@ -6247 +6349 @@
 FNIEMOP_DEF(iemOp_seg_DS)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg ds");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_DS;
     pIemCpu->iEffSeg    = X86_SREG_DS;
@@ -6312 +6415 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX;
 
@@ -6331 +6435 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.b");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_B;
         pIemCpu->uRexB     = 1 << 3;
@@ -6351 +6456 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.x");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_X;
         pIemCpu->uRexIndex = 1 << 3;
@@ -6372 +6478 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.bx");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_B | IEM_OP_PRF_REX_X;
         pIemCpu->uRexB     = 1 << 3;
@@ -6393 +6500 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.r");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6413 +6521 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rb");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_B;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6434 +6543 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rx");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_X;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6455 +6565 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rbx");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_B | IEM_OP_PRF_REX_X;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6477 +6588 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.w");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_SIZE_REX_W;
         iemRecalEffOpSize(pIemCpu);
@@ -6497 +6609 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.bw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_B | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexB     = 1 << 3;
@@ -6518 +6631 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.xw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_X | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexIndex = 1 << 3;
@@ -6539 +6653 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.bxw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_B | IEM_OP_PRF_REX_X | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexB     = 1 << 3;
@@ -6561 +6676 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6582 +6698 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rbw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_B | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6604 +6721 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rxw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_X | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6626 +6744 @@
     if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
     {
+        IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("rex.rbxw");
         pIemCpu->fPrefixes |= IEM_OP_PRF_REX | IEM_OP_PRF_REX_R | IEM_OP_PRF_REX_B | IEM_OP_PRF_REX_X | IEM_OP_PRF_SIZE_REX_W;
         pIemCpu->uRexReg   = 1 << 3;
@@ -6945 +7064 @@
 FNIEMOP_DEF(iemOp_seg_FS)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg fs");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_FS;
     pIemCpu->iEffSeg    = X86_SREG_FS;
@@ -6956 +7076 @@
 FNIEMOP_DEF(iemOp_seg_GS)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("seg gs");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SEG_GS;
     pIemCpu->iEffSeg    = X86_SREG_GS;
@@ -6967 +7088 @@
 FNIEMOP_DEF(iemOp_op_size)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("op size");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SIZE_OP;
     iemRecalEffOpSize(pIemCpu);
@@ -6978 +7100 @@
 FNIEMOP_DEF(iemOp_addr_size)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("addr size");
     pIemCpu->fPrefixes |= IEM_OP_PRF_SIZE_ADDR;
     switch (pIemCpu->enmDefAddrMode)
@@ -10718 +10841 @@
 FNIEMOP_DEF(iemOp_les_Gv_Mp)
 {
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if (   pIemCpu->enmCpuMode == IEMMODE_64BIT
+        || (bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+    {
+        IEMOP_MNEMONIC("2-byte-vex");
+        /* The LES instruction is invalid 64-bit mode. In legacy and
+           compatability mode it is invalid with MOD=3.
+           The use as a VEX prefix is made possible by assigning the inverted
+           REX.R to the top MOD bit, and the top bit in the inverted register
+           specifier to the bottom MOD bit, thereby effectively limiting 32-bit
+           to accessing registers 0..7 in this VEX form. */
+        /** @todo VEX: Just use new tables for it. */
+        return IEMOP_RAISE_INVALID_OPCODE();
+    }
     IEMOP_MNEMONIC("les Gv,Mp");
-    return FNIEMOP_CALL_1(iemOpCommonLoadSRegAndGreg, X86_SREG_ES);
+    return FNIEMOP_CALL_2(iemOpCommonLoadSRegAndGreg, X86_SREG_ES, bRm);
 }
 
@@ -10726 +10863 @@
 FNIEMOP_DEF(iemOp_lds_Gv_Mp)
 {
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+    if (   pIemCpu->enmCpuMode == IEMMODE_64BIT
+        || (bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+    {
+        IEMOP_MNEMONIC("3-byte-vex");
+        /* The LDS instruction is invalid 64-bit mode. In legacy and
+           compatability mode it is invalid with MOD=3.
+           The use as a VEX prefix is made possible by assigning the inverted
+           REX.R and REX.X to the two MOD bits, since the REX bits are ignored
+           outside of 64-bit mode. */
+        /** @todo VEX: Just use new tables for it. */
+        return IEMOP_RAISE_INVALID_OPCODE();
+    }
     IEMOP_MNEMONIC("lds Gv,Mp");
-    return FNIEMOP_CALL_1(iemOpCommonLoadSRegAndGreg, X86_SREG_DS);
+    return FNIEMOP_CALL_2(iemOpCommonLoadSRegAndGreg, X86_SREG_DS, bRm);
 }
 
@@ -14767 +14917 @@
 FNIEMOP_DEF(iemOp_lock)
 {
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("lock");
     pIemCpu->fPrefixes |= IEM_OP_PRF_LOCK;
 
@@ -14779 +14930 @@
     /* This overrides any previous REPE prefix. */
     pIemCpu->fPrefixes &= ~IEM_OP_PRF_REPZ;
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("repne");
     pIemCpu->fPrefixes |= IEM_OP_PRF_REPNZ;
 
@@ -14791 +14943 @@
     /* This overrides any previous REPNE prefix. */
     pIemCpu->fPrefixes &= ~IEM_OP_PRF_REPNZ;
+    IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE("repe");
     pIemCpu->fPrefixes |= IEM_OP_PRF_REPZ;