From 87180dd231520c206756e8581d5fad25e9dc13f2 Mon Sep 17 00:00:00 2001
From: Eugene Minibaev <mail@kitsu.me>
Date: Tue, 10 Apr 2018 08:49:07 -0400
Subject: [PATCH] Add missing bit for SSE instr in VEX decoding

The 2-byte VEX prefix imples a leading 0Fh opcode byte.

Backports commit e0014d4b3a955cfd8d517674703bfa87f340290a from qemu
---
 qemu/target/i386/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/qemu/target/i386/translate.c b/qemu/target/i386/translate.c
index 135f639c..e23317f2 100644
--- a/qemu/target/i386/translate.c
+++ b/qemu/target/i386/translate.c
@@ -5202,9 +5202,11 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
 #endif
             rex_r = (~vex2 >> 4) & 8;
             if (b == 0xc5) {
+                /* 2-byte VEX prefix: RVVVVlpp, implied 0f leading opcode byte */
                 vex3 = vex2;
-                b = x86_ldub_code(env, s);
+                b = x86_ldub_code(env, s) | 0x100;
             } else {
+                /* 3-byte VEX prefix: RXBmmmmm wVVVVlpp */
 #ifdef TARGET_X86_64
                 s->rex_x = (~vex2 >> 3) & 8;
                 s->rex_b = (~vex2 >> 2) & 8;