zydis icon indicating copy to clipboard operation
zydis copied to clipboard

Published 20 hours ago verified publisher icon zyantific

JKZD/JKNZD with VEX.L=1

Open tremalrik opened this issue 3 years ago • 2 comments

According to the KNC instruction set reference manual ( https://community.intel.com/legacyfs/online/drupal_files/forum/278102/327364001en.pdf , sections 3.4 and 6.1 ), the VEX prefix for the KNC-specific instructions is required to have the L-bit (bit 2 of the last byte of the VEX prefix, in both the 2-byte and 3-byte forms) set to 0. However, both XED and Zydis accept encodings of the JKZD and JKNZD instructions that have this bit set to 1, e.g:

  • C4 E0 6C 75 01 (with VEX.L=1) is recognized as jknzd k2,+0x06
  • C5 EC 85 66 66 66 66 (with VEX.L=1) is recognized as jknzd k2,+0x6666666Dby Zydis - and a rather baffling jknzd k2,0x3 by XED.

Given that this is a case where official documentation disagrees with XED, it raises a bit of a dilemma about which one should be followed with respect to whether these instruction encodings should be considered valid. (Running a test case on an actual KNC chip would probably be the best way to resolve this dilemma, but I do not have one available.)

tremalrik avatar Dec 17 '21 22:12 tremalrik

In cases like this, it's typically best to also report this against XED and let the Intel folks figure out what is right.

athre0z avatar Dec 18 '21 16:12 athre0z

We just got the confirmation that VEX.L really needs to be 0.

flobernd avatar Jan 25 '22 13:01 flobernd

As of Zydis commit https://github.com/zyantific/zydis/commit/8948d9a8f493330d27a0e7bbebf40f0391e45f1b, both XED (at least the last version that supports KNC) and Zydis are in my testing now correctly enforcing the VEX.L=0 constraint for these two instructions.

tremalrik avatar Dec 17 '22 20:12 tremalrik