From 75bdfd85a724fa65c9d6f4b6bde6028adb93a28e Mon Sep 17 00:00:00 2001
From: Todd Eisenberger <teisenbe@google.com>
Date: Mon, 5 Mar 2018 02:05:19 -0500
Subject: [PATCH] x86: Correct translation of some rdgsbase and wrgsbase
 encodings

It looks like there was a transcription error when writing this code
initially. The code previously only decoded src or dst of rax. This
resolves
https://bugs.launchpad.net/qemu/+bug/1719984.

Backports commit e0dd5fd41a1a38766009f442967fab700d2d0550 from qemu
---
 qemu/target/i386/translate.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/qemu/target/i386/translate.c b/qemu/target/i386/translate.c
index 7bdc6da6..3b3450ab 100644
--- a/qemu/target/i386/translate.c
+++ b/qemu/target/i386/translate.c
@@ -8861,7 +8861,14 @@ case 0x101:
         case 0xc5:
         case 0xc6:
         case 0xc7: /* rdfsbase (f3 0f ae /0) */
-        case 0xc8: /* rdgsbase (f3 0f ae /1) */
+        case 0xc8:
+        case 0xc9:
+        case 0xca:
+        case 0xcb:
+        case 0xcc:
+        case 0xcd:
+        case 0xce:
+        case 0xcf: /* rdgsbase (f3 0f ae /1) */
         case 0xd0:
         case 0xd1:
         case 0xd2:
@@ -8870,7 +8877,14 @@ case 0x101:
         case 0xd5:
         case 0xd6:
         case 0xd7: /* wrfsbase (f3 0f ae /2) */
-        case 0xd8: /* wrgsbase (f3 0f ae /3) */
+        case 0xd8:
+        case 0xd9:
+        case 0xda:
+        case 0xdb:
+        case 0xdc:
+        case 0xdd:
+        case 0xde:
+        case 0xdf: /* wrgsbase (f3 0f ae /3) */
             if (CODE64(s)
                 && (prefixes & PREFIX_REPZ)
                 && !(prefixes & PREFIX_LOCK)