x86: CET v2.0: Update NOTRACK prefix

Update NOTRACK prefix handling to support memory indirect branch for
CET v2.0:

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

gas/

	* config/tc-i386.c (md_assemble): Update NOTRACK prefix check.
	* testsuite/gas/i386/notrack-intel.d: Updated.
	* testsuite/gas/i386/notrack.d: Likewise.
	* testsuite/gas/i386/notrackbad.l: Likewise.
	* testsuite/gas/i386/x86-64-notrack-intel.d: Likewise.
	* testsuite/gas/i386/x86-64-notrack.d: Likewise.
	* testsuite/gas/i386/x86-64-notrackbad.l: Likewise.
	* testsuite/gas/i386/notrack.s: Add NOTRACK prefix tests with
	memory indirect branch.
	* testsuite/gas/i386/x86-64-notrack.s: Likewise.
	* testsuite/gas/i386/notrackbad.s: Remove memory indirect branch
	with NOTRACK prefix.
	* testsuite/gas/i386/x86-64-notrackbad.s: Likewise.

opcodes/

	* i386-dis.c (reg_table): Swap indirEv with NOTRACK on "call{&|}"
	and "jmp{&|}".
	(NOTRACK_Fixup): Support memory indirect branch with NOTRACK
	prefix.

14 files changed, 234 insertions, 89 deletions

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 8c629928b5..ed35a2139b 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,19 @@
+2017-06-21  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/tc-i386.c (md_assemble): Update NOTRACK prefix check.
+	* testsuite/gas/i386/notrack-intel.d: Updated.
+	* testsuite/gas/i386/notrack.d: Likewise.
+	* testsuite/gas/i386/notrackbad.l: Likewise.
+	* testsuite/gas/i386/x86-64-notrack-intel.d: Likewise.
+	* testsuite/gas/i386/x86-64-notrack.d: Likewise.
+	* testsuite/gas/i386/x86-64-notrackbad.l: Likewise.
+	* testsuite/gas/i386/notrack.s: Add NOTRACK prefix tests with
+	memory indirect branch.
+	* testsuite/gas/i386/x86-64-notrack.s: Likewise.
+	* testsuite/gas/i386/notrackbad.s: Remove memory indirect branch
+	with NOTRACK prefix.
+	* testsuite/gas/i386/x86-64-notrackbad.s: Likewise.
+
 2017-06-20  Thomas Preud'homme  <thomas.preudhomme@arm.com>
 
 	* config/tc-arm.c (arm_extensions): New duplicate idiv entry to enable
diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c
index 6c1091e4eb..456be9e07c 100644
--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@@ -3713,13 +3713,8 @@ md_assemble (char *line)
     as_bad (_("expecting valid branch instruction after `bnd'"));
 
   /* Check NOTRACK prefix.  */
-  if (i.notrack_prefix
-      && (!i.tm.opcode_modifier.notrackprefixok
-	  || i.reg_operands != 1
-	  || i.disp_operands != 0
-	  || i.mem_operands != 0
-	  || i.imm_operands != 0))
-    as_bad (_("expecting register indirect branch instruction after `notrack'"));
+  if (i.notrack_prefix && !i.tm.opcode_modifier.notrackprefixok)
+    as_bad (_("expecting indirect branch instruction after `notrack'"));
 
   if (i.tm.cpu_flags.bitfield.cpumpx)
     {
diff --git a/gas/testsuite/gas/i386/notrack-intel.d b/gas/testsuite/gas/i386/notrack-intel.d
index b99e194b4a..2ab6a8a7f8 100644
--- a/gas/testsuite/gas/i386/notrack-intel.d
+++ b/gas/testsuite/gas/i386/notrack-intel.d
@@ -12,18 +12,34 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	66 3e ff d0          	notrack call ax
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp eax
 [ 	]*[a-f0-9]+:	66 3e ff e0          	notrack jmp ax
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 3e ff 10          	notrack call WORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 3e ff 20          	notrack jmp WORD PTR \[eax\]
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff d0       	bnd notrack call ax
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff e0       	bnd notrack jmp ax
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 f2 3e ff 10       	bnd notrack call WORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 f2 3e ff 20       	bnd notrack jmp WORD PTR \[eax\]
 [ 	]*[a-f0-9]+:	3e ff d0             	notrack call eax
 [ 	]*[a-f0-9]+:	66 3e ff d0          	notrack call ax
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp eax
 [ 	]*[a-f0-9]+:	66 3e ff e0          	notrack jmp ax
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 3e ff 10          	notrack call WORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 3e ff 20          	notrack jmp WORD PTR \[eax\]
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff d0       	bnd notrack call ax
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff e0       	bnd notrack jmp ax
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 f2 3e ff 10       	bnd notrack call WORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp DWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	66 f2 3e ff 20       	bnd notrack jmp WORD PTR \[eax\]
 [ 	]*[a-f0-9]+:	3e f2 ff d0          	ds bnd call eax
 [ 	]*[a-f0-9]+:	3e 66 ff d0          	ds call ax
 #pass
diff --git a/gas/testsuite/gas/i386/notrack.d b/gas/testsuite/gas/i386/notrack.d
index eda09ebb8f..11d0ce9e15 100644
--- a/gas/testsuite/gas/i386/notrack.d
+++ b/gas/testsuite/gas/i386/notrack.d
@@ -11,18 +11,34 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	66 3e ff d0          	notrack callw \*%ax
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp \*%eax
 [ 	]*[a-f0-9]+:	66 3e ff e0          	notrack jmpw \*%ax
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 3e ff 10          	notrack callw \*\(%eax\)
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 3e ff 20          	notrack jmpw \*\(%eax\)
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call \*%eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff d0       	bnd notrack callw \*%ax
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp \*%eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff e0       	bnd notrack jmpw \*%ax
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 f2 3e ff 10       	bnd notrack callw \*\(%eax\)
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 f2 3e ff 20       	bnd notrack jmpw \*\(%eax\)
 [ 	]*[a-f0-9]+:	3e ff d0             	notrack call \*%eax
 [ 	]*[a-f0-9]+:	66 3e ff d0          	notrack callw \*%ax
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp \*%eax
 [ 	]*[a-f0-9]+:	66 3e ff e0          	notrack jmpw \*%ax
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 3e ff 10          	notrack callw \*\(%eax\)
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 3e ff 20          	notrack jmpw \*\(%eax\)
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call \*%eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff d0       	bnd notrack callw \*%ax
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp \*%eax
 [ 	]*[a-f0-9]+:	66 f2 3e ff e0       	bnd notrack jmpw \*%ax
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 f2 3e ff 10       	bnd notrack callw \*\(%eax\)
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp \*\(%eax\)
+[ 	]*[a-f0-9]+:	66 f2 3e ff 20       	bnd notrack jmpw \*\(%eax\)
 [ 	]*[a-f0-9]+:	3e f2 ff d0          	ds bnd call \*%eax
 [ 	]*[a-f0-9]+:	3e 66 ff d0          	ds callw \*%ax
 #pass
diff --git a/gas/testsuite/gas/i386/notrack.s b/gas/testsuite/gas/i386/notrack.s
index 3b8b210aa3..8383645b01 100644
--- a/gas/testsuite/gas/i386/notrack.s
+++ b/gas/testsuite/gas/i386/notrack.s
@@ -8,27 +8,49 @@ _start:
 	notrack jmp *%eax
 	notrack jmp *%ax
 
+	notrack call *(%eax)
+	notrack callw *(%eax)
+	notrack jmp *(%eax)
+	notrack jmpw *(%eax)
+
 	bnd notrack call *%eax
 	bnd notrack call *%ax
 	bnd notrack jmp *%eax
 	bnd notrack jmp *%ax
 
+	bnd notrack call *(%eax)
+	bnd notrack callw *(%eax)
+	bnd notrack jmp *(%eax)
+	bnd notrack jmpw *(%eax)
+
 	.intel_syntax noprefix
 	notrack call eax
 	notrack call ax
 	notrack jmp eax
 	notrack jmp ax
 
+	notrack call DWORD PTR [eax]
+	notrack call WORD PTR [eax]
+	notrack jmp DWORD PTR [eax]
+	notrack jmp WORD PTR [eax]
+
 	bnd notrack call eax
 	bnd notrack call ax
 	bnd notrack jmp eax
 	bnd notrack jmp ax
 
+	bnd notrack call DWORD PTR [eax]
+	bnd notrack call WORD PTR [eax]
+	bnd notrack jmp DWORD PTR [eax]
+	bnd notrack jmp WORD PTR [eax]
+
+	# ds bnd call *%eax
 	.byte 0x3e
 	.byte 0xf2
 	.byte 0xff
 	.byte 0xd0
 
+	# ds callw *%ax
 	.byte 0x3e
 	.byte 0x66
 	.byte 0xff
diff --git a/gas/testsuite/gas/i386/notrackbad.l b/gas/testsuite/gas/i386/notrackbad.l
index 0f8cf7d96b..48ee69f96a 100644
--- a/gas/testsuite/gas/i386/notrackbad.l
+++ b/gas/testsuite/gas/i386/notrackbad.l
@@ -1,20 +1,16 @@
 .*: Assembler messages:
-.*:6: Error: expecting register indirect branch instruction after `notrack'
+.*:6: Error: expecting indirect branch instruction after `notrack'
 .*:6: Warning: skipping prefixes on this instruction
-.*:7: Error: expecting register indirect branch instruction after `notrack'
+.*:7: Error: expecting indirect branch instruction after `notrack'
 .*:7: Warning: skipping prefixes on this instruction
-.*:9: Error: expecting register indirect branch instruction after `notrack'
-.*:10: Error: expecting register indirect branch instruction after `notrack'
-.*:11: Error: same type of prefix used twice
+.*:9: Error: same type of prefix used twice
+.*:10: Error: expecting no other prefixes after `notrack'
+.*:11: Error: expecting no other prefixes after `notrack'
 .*:12: Error: expecting no other prefixes after `notrack'
-.*:13: Error: expecting no other prefixes after `notrack'
-.*:14: Error: expecting no other prefixes after `notrack'
-.*:17: Error: expecting register indirect branch instruction after `notrack'
-.*:18: Error: expecting register indirect branch instruction after `notrack'
-.*:19: Error: same type of prefix used twice
-.*:20: Error: expecting no other prefixes after `notrack'
-.*:21: Error: expecting no other prefixes after `notrack'
-.*:22: Error: expecting no other prefixes after `notrack'
+.*:15: Error: same type of prefix used twice
+.*:16: Error: expecting no other prefixes after `notrack'
+.*:17: Error: expecting no other prefixes after `notrack'
+.*:18: Error: expecting no other prefixes after `notrack'
 GAS LISTING .*
 
 
@@ -24,30 +20,22 @@ GAS LISTING .*
 [ 	]*4[ 	]+\.text
 [ 	]*5[ 	]+_start:
 [ 	]*6[ 	]+\?\?\?\? [0-9A-F]* 		notrack call foo
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
+\*\*\*\*  Error: expecting indirect branch instruction after `notrack'
 \*\*\*\*  Warning: skipping prefixes on this instruction
 [ 	]*6[ 	]+[0-9A-F]*
 [ 	]*7[ 	]+\?\?\?\? [0-9A-F]* 		notrack jmp foo
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
+\*\*\*\*  Error: expecting indirect branch instruction after `notrack'
 \*\*\*\*  Warning: skipping prefixes on this instruction
 [ 	]*7[ 	]+[0-9A-F]*
 [ 	]*8[ 	]+
-[ 	]*9[ 	]+\?\?\?\? 3EFF10   		notrack call \*\(%eax\)
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*10[ 	]+\?\?\?\? 3EFF20   		notrack jmp \*\(%eax\)
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*11[ 	]+fs notrack call \*%eax
-[ 	]*12[ 	]+notrack fs call \*%eax
-[ 	]*13[ 	]+notrack bnd call \*%eax
-[ 	]*14[ 	]+notrack data16 call \*%eax
-[ 	]*15[ 	]+
-[ 	]*16[ 	]+\.intel_syntax noprefix
-[ 	]*17[ 	]+\?\?\?\? 3EFF10   		notrack call \[eax\]
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*18[ 	]+\?\?\?\? 3EFF20   		notrack jmp \[eax\]
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*19[ 	]+fs notrack call eax
-[ 	]*20[ 	]+notrack fs call eax
-[ 	]*21[ 	]+notrack bnd call eax
-[ 	]*22.*[ 	]+notrack data16 call eax
+[ 	]*9[ 	]+fs notrack call \*%eax
+[ 	]*10[ 	]+notrack fs call \*%eax
+[ 	]*11[ 	]+notrack bnd call \*%eax
+[ 	]*12[ 	]+notrack data16 call \*%eax
+[ 	]*13[ 	]+
+[ 	]*14[ 	]+\.intel_syntax noprefix
+[ 	]*15[ 	]+fs notrack call eax
+[ 	]*16[ 	]+notrack fs call eax
+[ 	]*17[ 	]+notrack bnd call eax
+[ 	]*18[ 	]+[\? 0-9A-F]*[ 	]+notrack data16 call eax
 #pass
diff --git a/gas/testsuite/gas/i386/notrackbad.s b/gas/testsuite/gas/i386/notrackbad.s
index c7eae506ed..3f57ef0fb5 100644
--- a/gas/testsuite/gas/i386/notrackbad.s
+++ b/gas/testsuite/gas/i386/notrackbad.s
@@ -6,16 +6,12 @@ _start:
 	notrack call foo
 	notrack jmp foo
 
-	notrack call *(%eax)
-	notrack jmp *(%eax)
 	fs notrack call *%eax
 	notrack fs call *%eax
 	notrack bnd call *%eax
 	notrack data16 call *%eax
 
 	.intel_syntax noprefix
-	notrack call [eax]
-	notrack jmp [eax]
 	fs notrack call eax
 	notrack fs call eax
 	notrack bnd call eax
diff --git a/gas/testsuite/gas/i386/x86-64-notrack-intel.d b/gas/testsuite/gas/i386/x86-64-notrack-intel.d
index 6e0cfdb729..0170a82dbe 100644
--- a/gas/testsuite/gas/i386/x86-64-notrack-intel.d
+++ b/gas/testsuite/gas/i386/x86-64-notrack-intel.d
@@ -12,18 +12,50 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	3e 41 ff d0          	notrack call r8
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp rax
 [ 	]*[a-f0-9]+:	3e 41 ff e0          	notrack jmp r8
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	3e 41 ff 10          	notrack call QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	3e 41 ff 20          	notrack jmp QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	67 3e ff 10          	notrack call QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 3e 41 ff 10       	notrack call QWORD PTR \[r8d\]
+[ 	]*[a-f0-9]+:	67 3e ff 20          	notrack jmp QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 3e 41 ff 20       	notrack jmp QWORD PTR \[r8d\]
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff d0       	bnd notrack call r8
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff e0       	bnd notrack jmp r8
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 10       	bnd notrack call QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 20       	bnd notrack jmp QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	67 f2 3e ff 10       	bnd notrack call QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 10    	bnd notrack call QWORD PTR \[r8d\]
+[ 	]*[a-f0-9]+:	67 f2 3e ff 20       	bnd notrack jmp QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 20    	bnd notrack jmp QWORD PTR \[r8d\]
 [ 	]*[a-f0-9]+:	3e ff d0             	notrack call rax
 [ 	]*[a-f0-9]+:	3e 41 ff d0          	notrack call r8
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmp rax
 [ 	]*[a-f0-9]+:	3e 41 ff e0          	notrack jmp r8
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack call QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	3e 41 ff 10          	notrack call QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmp QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	3e 41 ff 20          	notrack jmp QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	67 3e ff 10          	notrack call QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 3e 41 ff 10       	notrack call QWORD PTR \[r8d\]
+[ 	]*[a-f0-9]+:	67 3e ff 20          	notrack jmp QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 3e 41 ff 20       	notrack jmp QWORD PTR \[r8d\]
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack call rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff d0       	bnd notrack call r8
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmp rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff e0       	bnd notrack jmp r8
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack call QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 10       	bnd notrack call QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmp QWORD PTR \[rax\]
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 20       	bnd notrack jmp QWORD PTR \[r8\]
+[ 	]*[a-f0-9]+:	67 f2 3e ff 10       	bnd notrack call QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 10    	bnd notrack call QWORD PTR \[r8d\]
+[ 	]*[a-f0-9]+:	67 f2 3e ff 20       	bnd notrack jmp QWORD PTR \[eax\]
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 20    	bnd notrack jmp QWORD PTR \[r8d\]
 [ 	]*[a-f0-9]+:	3e f2 ff d0          	ds bnd call rax
 [ 	]*[a-f0-9]+:	3e 66 ff d0          	ds call ax
 [ 	]*[a-f0-9]+:	66 3e ff d0          	ds call ax
diff --git a/gas/testsuite/gas/i386/x86-64-notrack.d b/gas/testsuite/gas/i386/x86-64-notrack.d
index 0f63f12c49..cf725d4578 100644
--- a/gas/testsuite/gas/i386/x86-64-notrack.d
+++ b/gas/testsuite/gas/i386/x86-64-notrack.d
@@ -11,18 +11,50 @@ Disassembly of section .text:
 [ 	]*[a-f0-9]+:	3e 41 ff d0          	notrack callq \*%r8
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmpq \*%rax
 [ 	]*[a-f0-9]+:	3e 41 ff e0          	notrack jmpq \*%r8
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack callq \*\(%rax\)
+[ 	]*[a-f0-9]+:	3e 41 ff 10          	notrack callq \*\(%r8\)
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmpq \*\(%rax\)
+[ 	]*[a-f0-9]+:	3e 41 ff 20          	notrack jmpq \*\(%r8\)
+[ 	]*[a-f0-9]+:	67 3e ff 10          	notrack callq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 3e 41 ff 10       	notrack callq \*\(%r8d\)
+[ 	]*[a-f0-9]+:	67 3e ff 20          	notrack jmpq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 3e 41 ff 20       	notrack jmpq \*\(%r8d\)
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack callq \*%rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff d0       	bnd notrack callq \*%r8
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmpq \*%rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff e0       	bnd notrack jmpq \*%r8
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack callq \*\(%rax\)
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 10       	bnd notrack callq \*\(%r8\)
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmpq \*\(%rax\)
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 20       	bnd notrack jmpq \*\(%r8\)
+[ 	]*[a-f0-9]+:	67 f2 3e ff 10       	bnd notrack callq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 10    	bnd notrack callq \*\(%r8d\)
+[ 	]*[a-f0-9]+:	67 f2 3e ff 20       	bnd notrack jmpq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 20    	bnd notrack jmpq \*\(%r8d\)
 [ 	]*[a-f0-9]+:	3e ff d0             	notrack callq \*%rax
 [ 	]*[a-f0-9]+:	3e 41 ff d0          	notrack callq \*%r8
 [ 	]*[a-f0-9]+:	3e ff e0             	notrack jmpq \*%rax
 [ 	]*[a-f0-9]+:	3e 41 ff e0          	notrack jmpq \*%r8
+[ 	]*[a-f0-9]+:	3e ff 10             	notrack callq \*\(%rax\)
+[ 	]*[a-f0-9]+:	3e 41 ff 10          	notrack callq \*\(%r8\)
+[ 	]*[a-f0-9]+:	3e ff 20             	notrack jmpq \*\(%rax\)
+[ 	]*[a-f0-9]+:	3e 41 ff 20          	notrack jmpq \*\(%r8\)
+[ 	]*[a-f0-9]+:	67 3e ff 10          	notrack callq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 3e 41 ff 10       	notrack callq \*\(%r8d\)
+[ 	]*[a-f0-9]+:	67 3e ff 20          	notrack jmpq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 3e 41 ff 20       	notrack jmpq \*\(%r8d\)
 [ 	]*[a-f0-9]+:	f2 3e ff d0          	bnd notrack callq \*%rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff d0       	bnd notrack callq \*%r8
 [ 	]*[a-f0-9]+:	f2 3e ff e0          	bnd notrack jmpq \*%rax
 [ 	]*[a-f0-9]+:	f2 3e 41 ff e0       	bnd notrack jmpq \*%r8
+[ 	]*[a-f0-9]+:	f2 3e ff 10          	bnd notrack callq \*\(%rax\)
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 10       	bnd notrack callq \*\(%r8\)
+[ 	]*[a-f0-9]+:	f2 3e ff 20          	bnd notrack jmpq \*\(%rax\)
+[ 	]*[a-f0-9]+:	f2 3e 41 ff 20       	bnd notrack jmpq \*\(%r8\)
+[ 	]*[a-f0-9]+:	67 f2 3e ff 10       	bnd notrack callq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 10    	bnd notrack callq \*\(%r8d\)
+[ 	]*[a-f0-9]+:	67 f2 3e ff 20       	bnd notrack jmpq \*\(%eax\)
+[ 	]*[a-f0-9]+:	67 f2 3e 41 ff 20    	bnd notrack jmpq \*\(%r8d\)
 [ 	]*[a-f0-9]+:	3e f2 ff d0          	ds bnd callq \*%rax
 [ 	]*[a-f0-9]+:	3e 66 ff d0          	ds callw \*%ax
 [ 	]*[a-f0-9]+:	66 3e ff d0          	ds callw \*%ax
diff --git a/gas/testsuite/gas/i386/x86-64-notrack.s b/gas/testsuite/gas/i386/x86-64-notrack.s
index f90a870a65..7db0812024 100644
--- a/gas/testsuite/gas/i386/x86-64-notrack.s
+++ b/gas/testsuite/gas/i386/x86-64-notrack.s
@@ -8,32 +8,75 @@ _start:
 	notrack jmp *%rax
 	notrack jmp *%r8
 
+	notrack call *(%rax)
+	notrack call *(%r8)
+	notrack jmp *(%rax)
+	notrack jmp *(%r8)
+
+	notrack call *(%eax)
+	notrack call *(%r8d)
+	notrack jmp *(%eax)
+	notrack jmp *(%r8d)
+
 	bnd notrack call *%rax
 	bnd notrack call *%r8
 	bnd notrack jmp *%rax
 	bnd notrack jmp *%r8
 
+	bnd notrack call *(%rax)
+	bnd notrack call *(%r8)
+	bnd notrack jmp *(%rax)
+	bnd notrack jmp *(%r8)
+
+	bnd notrack call *(%eax)
+	bnd notrack call *(%r8d)
+	bnd notrack jmp *(%eax)
+	bnd notrack jmp *(%r8d)
+
 	.intel_syntax noprefix
 	notrack call rax
 	notrack call r8
 	notrack jmp rax
 	notrack jmp r8
 
+	notrack call QWORD PTR [rax]
+	notrack call QWORD PTR [r8]
+	notrack jmp QWORD PTR [rax]
+	notrack jmp QWORD PTR [r8]
+
+	notrack call QWORD PTR [eax]
+	notrack call QWORD PTR [r8d]
+	notrack jmp QWORD PTR [eax]
+	notrack jmp QWORD PTR [r8d]
+
 	bnd notrack call rax
 	bnd notrack call r8
 	bnd notrack jmp rax
 	bnd notrack jmp r8
 
+	bnd notrack call QWORD PTR [rax]
+	bnd notrack call QWORD PTR [r8]
+	bnd notrack jmp QWORD PTR [rax]
+	bnd notrack jmp QWORD PTR [r8]
+
+	bnd notrack call QWORD PTR [eax]
+	bnd notrack call QWORD PTR [r8d]
+	bnd notrack jmp QWORD PTR [eax]
+	bnd notrack jmp QWORD PTR [r8d]
+
+	# ds bnd callq *%rax
 	.byte 0x3e
 	.byte 0xf2
 	.byte 0xff
 	.byte 0xd0
 
+	# ds callw *%ax
 	.byte 0x3e
 	.byte 0x66
 	.byte 0xff
 	.byte 0xd0
 
+	# ds callw *%ax
 	.byte 0x66
 	.byte 0x3e
 	.byte 0xff
diff --git a/gas/testsuite/gas/i386/x86-64-notrackbad.l b/gas/testsuite/gas/i386/x86-64-notrackbad.l
index f76c7e5b9e..cd516826b8 100644
--- a/gas/testsuite/gas/i386/x86-64-notrackbad.l
+++ b/gas/testsuite/gas/i386/x86-64-notrackbad.l
@@ -1,20 +1,16 @@
 .*: Assembler messages:
-.*:6: Error: expecting register indirect branch instruction after `notrack'
+.*:6: Error: expecting indirect branch instruction after `notrack'
 .*:6: Warning: skipping prefixes on this instruction
-.*:7: Error: expecting register indirect branch instruction after `notrack'
+.*:7: Error: expecting indirect branch instruction after `notrack'
 .*:7: Warning: skipping prefixes on this instruction
-.*:9: Error: expecting register indirect branch instruction after `notrack'
-.*:10: Error: expecting register indirect branch instruction after `notrack'
-.*:11: Error: same type of prefix used twice
+.*:9: Error: same type of prefix used twice
+.*:10: Error: expecting no other prefixes after `notrack'
+.*:11: Error: expecting no other prefixes after `notrack'
 .*:12: Error: expecting no other prefixes after `notrack'
-.*:13: Error: expecting no other prefixes after `notrack'
-.*:14: Error: expecting no other prefixes after `notrack'
-.*:17: Error: expecting register indirect branch instruction after `notrack'
-.*:18: Error: expecting register indirect branch instruction after `notrack'
-.*:19: Error: same type of prefix used twice
-.*:20: Error: expecting no other prefixes after `notrack'
-.*:21: Error: expecting no other prefixes after `notrack'
-.*:22: Error: expecting no other prefixes after `notrack'
+.*:15: Error: same type of prefix used twice
+.*:16: Error: expecting no other prefixes after `notrack'
+.*:17: Error: expecting no other prefixes after `notrack'
+.*:18: Error: expecting no other prefixes after `notrack'
 GAS LISTING .*
 
 
@@ -24,30 +20,22 @@ GAS LISTING .*
 [ 	]*4[ 	]+\.text
 [ 	]*5[ 	]+_start:
 [ 	]*6[ 	]+\?\?\?\? [0-9A-F]* 		notrack call foo
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
+\*\*\*\*  Error: expecting indirect branch instruction after `notrack'
 \*\*\*\*  Warning: skipping prefixes on this instruction
 [ 	]*6[ 	]+[0-9A-F]*
 [ 	]*7[ 	]+\?\?\?\? [0-9A-F]* 		notrack jmp foo
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
+\*\*\*\*  Error: expecting indirect branch instruction after `notrack'
 \*\*\*\*  Warning: skipping prefixes on this instruction
 [ 	]*7[ 	]+[0-9A-F]*
 [ 	]*8[ 	]+
-[ 	]*9[ 	]+\?\?\?\? 3EFF10   		notrack call \*\(%rax\)
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*10[ 	]+\?\?\?\? 3EFF20   		notrack jmp \*\(%rax\)
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*11[ 	]+fs notrack call \*%rax
-[ 	]*12[ 	]+notrack fs call \*%rax
-[ 	]*13[ 	]+notrack bnd call \*%rax
-[ 	]*14[ 	]+notrack data16 call \*%rax
-[ 	]*15[ 	]+
-[ 	]*16[ 	]+\.intel_syntax noprefix
-[ 	]*17[ 	]+\?\?\?\? 3EFF10   		notrack call \[rax\]
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*18[ 	]+\?\?\?\? 3EFF20   		notrack jmp \[rax\]
-\*\*\*\*  Error: expecting register indirect branch instruction after `notrack'
-[ 	]*19[ 	]+fs notrack call rax
-[ 	]*20[ 	]+notrack fs call rax
-[ 	]*21[ 	]+notrack bnd call rax
-[ 	]*22.*[ 	]+notrack data16 call rax
+[ 	]*9[ 	]+fs notrack call \*%rax
+[ 	]*10[ 	]+notrack fs call \*%rax
+[ 	]*11[ 	]+notrack bnd call \*%rax
+[ 	]*12[ 	]+notrack data16 call \*%rax
+[ 	]*13[ 	]+
+[ 	]*14[ 	]+\.intel_syntax noprefix
+[ 	]*15[ 	]+fs notrack call rax
+[ 	]*16[ 	]+notrack fs call rax
+[ 	]*17[ 	]+notrack bnd call rax
+[ 	]*18[ 	]+[\? 0-9A-F]*[ 	]+notrack data16 call rax
 #pass
diff --git a/gas/testsuite/gas/i386/x86-64-notrackbad.s b/gas/testsuite/gas/i386/x86-64-notrackbad.s
index 59d62485e7..f859a9fb05 100644
--- a/gas/testsuite/gas/i386/x86-64-notrackbad.s
+++ b/gas/testsuite/gas/i386/x86-64-notrackbad.s
@@ -6,16 +6,12 @@ _start:
 	notrack call foo
 	notrack jmp foo
 
-	notrack call *(%rax)
-	notrack jmp *(%rax)
 	fs notrack call *%rax
 	notrack fs call *%rax
 	notrack bnd call *%rax
 	notrack data16 call *%rax
 
 	.intel_syntax noprefix
-	notrack call [rax]
-	notrack jmp [rax]
 	fs notrack call rax
 	notrack fs call rax
 	notrack bnd call rax
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index b484e5be6a..671837fa09 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-21  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* i386-dis.c (reg_table): Swap indirEv with NOTRACK on "call{&|}"
+	and "jmp{&|}".
+	(NOTRACK_Fixup): Support memory indirect branch with NOTRACK
+	prefix.
+
 2017-06-19  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21614
diff --git a/opcodes/i386-dis.c b/opcodes/i386-dis.c
index d461d08594..2e35e38e2b 100644
--- a/opcodes/i386-dis.c
+++ b/opcodes/i386-dis.c
@@ -3552,9 +3552,9 @@ static const struct dis386 reg_table[][8] = {
   {
     { "incQ",	{ Evh1 }, 0 },
     { "decQ",	{ Evh1 }, 0 },
-    { "call{&|}", { indirEv, NOTRACK, BND }, 0 },
+    { "call{&|}", { NOTRACK, indirEv, BND }, 0 },
     { MOD_TABLE (MOD_FF_REG_3) },
-    { "jmp{&|}", { indirEv, NOTRACK, BND }, 0 },
+    { "jmp{&|}", { NOTRACK, indirEv, BND }, 0 },
     { MOD_TABLE (MOD_FF_REG_5) },
     { "pushU",	{ stackEv }, 0 },
     { Bad_Opcode },
@@ -16816,14 +16816,12 @@ static void
 NOTRACK_Fixup (int bytemode ATTRIBUTE_UNUSED,
 	       int sizeflag ATTRIBUTE_UNUSED)
 {
-  if (modrm.mod == 3
-      && active_seg_prefix == PREFIX_DS
+  if (active_seg_prefix == PREFIX_DS
       && (address_mode != mode_64bit || last_data_prefix < 0))
     {
-      /* NOTRACK prefix is only valid on register indirect branch
-	 instructions and it must be the last prefix before REX
-	 prefix and opcode.  NB: DATA prefix is unsupported for
-	 Intel64.  */
+      /* NOTRACK prefix is only valid on indirect branch instructions
+         and it must be the last prefix before REX prefix and opcode.
+	 NB: DATA prefix is unsupported for Intel64.  */
       if (last_active_prefix >= 0)
 	{
 	  int notrack_prefix = last_active_prefix;