From nobody Mon Feb 9 06:26:50 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770403146; cv=none; d=zohomail.com; s=zohoarc; b=GSCIdvT60K9xYCntfcHrgcloRkhLsouM3R8UONFTQaqvyR21TySIKEzN+rlgm02ptiVgTb6MIL7ugXcmEinliBZddRZE8+PTPqwFxGQ5Ko5V7AJcqTEbRhe7ua1Y5MJA3udmao0yozCfAoj21xOGSEic2v6iQ5LzdwgClEcb5J0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770403146; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=i2JHn+EgmNjdP4REanm9c3H86iyltIkYUZFkiRNficU=; b=dq5mw2fpRB5mvl88j55cl1XV8aPlPadE8BzjOCBXkMyPX4jgjuOWnxO8UnlbJJsYSJuzXdALwUXBRwY5EcMj0OPX7kbqrJGvqnPUXo20EmugidE6UGgpCMyqtzuyH9EnVMppPe4yPmizn6p1tTrj0ze+HtjHfDeuN/Ks2WY0sXU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770403146970873.4594214165875; Fri, 6 Feb 2026 10:39:06 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1voQiv-0001A3-LV; Fri, 06 Feb 2026 13:38:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQio-00018g-AV for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:27 -0500 Received: from mx0a-0031df01.pphosted.com ([205.220.168.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQik-0008Cq-QZ for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:26 -0500 Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 616Glx9h2313831 for ; Fri, 6 Feb 2026 18:38:19 GMT Received: from mail-dy1-f197.google.com (mail-dy1-f197.google.com [74.125.82.197]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c52mrkx3p-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 06 Feb 2026 18:38:18 +0000 (GMT) Received: by mail-dy1-f197.google.com with SMTP id 5a478bee46e88-2b7eddde359so1339450eec.0 for ; Fri, 06 Feb 2026 10:38:18 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b855c3c846sm2270605eec.16.2026.02.06.10.38.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 10:38:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= i2JHn+EgmNjdP4REanm9c3H86iyltIkYUZFkiRNficU=; b=H9gI++f1XDDVIw9d NpB8tHL6F6KgCxG3nKt3WqkHMKt9svFAtvaBrHJOE6XdIidRr/IBLLdKw94ra+KQ Ni+WbrFdnlZRInV9rHvCsbQgdoU5241aebWwbVcZYGH7FYmTTr6q/+CvGv3R7ek7 hBBXno9QerOa7Oh3dG/4r5ZMUQS0T9hijfSdvDaBoF0c0raupMjQULhT3ki8Fq8n Uh0VC06j2rifcndvluhqXa+xZ6I0aMDkey7yJ1ouiXFgCG1Mo5Exmf7aobhv35uV prp8BlN3jYSvXosPJe5tbg1AEq/3LNC+t5z8BxxElDi68j595l9q+sZOiDffgpP1 QdP9UA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770403098; x=1771007898; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=i2JHn+EgmNjdP4REanm9c3H86iyltIkYUZFkiRNficU=; b=XsZML12U/xsVAu22dr3OKmpShuzV8rURkoD8b0F3VvO5G4v48rDXiGO9Q3ocA0gAr6 x61KvHGlver4ubSqm8nzrvdmLimsw/rL2KWs1x37t7AhSECzrvnFrfC5NniZhKm79wYE soQbgv4ISshNBhqOqwuVXkD5KJE2Dukc+BhUkQ8rvJjuWP6SZdwPqzdostqBq2ku1vie Ibcg2DVWCnkqc67beC8fDdQgkiIwefcGsIz8BU+E3NgSMck9SEHAjrVYF5xmc0+r05cY cDph2nV7sFmhlslSpp69pH60h3k3zQkDI1JFffPc1CD2W8Oit/x+GaqZmkvJRYnGVCvu 2/nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770403098; x=1771007898; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=i2JHn+EgmNjdP4REanm9c3H86iyltIkYUZFkiRNficU=; b=ff77znmEX7sMCJQg3ucJARtUqnCBmLnCwFilKsK99U7Vm6J2XZvDK61FDa8YMwIDa/ LBWKs5QGyxjqBHdvLWqdLAwQ7t9UfYGiYeiYnkUwWZkCbMnt0a9o5Ey+7XbnXd8ISq2I sTejNDP+58G9v7+Xe/mZc0+WcWvQfdubYL8H2R2EjE/SJDi0+YVhdfQFtlo1M4caaZt+ zrSWYLZZiFdLH2OMMM/yG8HMGELZkzpsss6A/mE+yS851/JN/eDuhe2R/+nZvdpzkgEU 4g614dIJ+V8jyaA39+BJUjZkq03OT0qwiIJ0jNqkPhGCUU4cbWiFccqlklpinrkk4XKl jYtg== X-Gm-Message-State: AOJu0YweyrrJzI/4tKo2tHMElNwbxxNvnyu2A7z60FIcehwsxVRxBW0i q8Eg0bNRxqaQNctmntTprUYxRgFZbKnYGYOfyGTt0Yu6+5xoBdtsgVkb7HUgyJiGW3s7zmgmU4g E6Hbmk+fcdM1ndoIC9znlj6L0mpakQIgl1sLSD6rkOJZy++98FD3i9rf2ItpyvPb+OQ== X-Gm-Gg: AZuq6aJB35Lh38Z4mu34TUq+yyyPF6oiTHj1tF+8f7Lt/MNXopQ0hWstV4ZC8pXDzGB nnxJA6uW2mATp9dkBprIv4rW2lznqKiKxIMLlbFj2TMzMjuSPBgSYfb60xaqS9q6x413xBFgsER 5rxCq9iX4FAdPZQYS5mI8OWKk39OWT1E4rcx0oMFzNEdVycjnW6VdF+WzIROKKlzPNFjPozGKUb 5Ri5C2uAoC26aSHbdJKspI4qPmU+X6FPYi1Rg4zsq+O5L641uCfC84/Xev9F2QtLcCzVVkGCog7 8mcWRqOsldzAjuR5GNiMBIIuVKuyRRvYF+GtNISgllh+o2V0yIxOtWA+I5+eyBVNoLObo+nfXjG JC826SyEHwG7rPy12JKTSIoUdpf81JYd5q14hpnZQOaAMRpaYvvUwu8VqNQ== X-Received: by 2002:a05:7300:641f:b0:2b7:2bbd:95c0 with SMTP id 5a478bee46e88-2b85683463amr1454039eec.35.1770403097817; Fri, 06 Feb 2026 10:38:17 -0800 (PST) X-Received: by 2002:a05:7300:641f:b0:2b7:2bbd:95c0 with SMTP id 5a478bee46e88-2b85683463amr1454023eec.35.1770403097143; Fri, 06 Feb 2026 10:38:17 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Brian Cain , Laurent Vivier , Pierrick Bouvier Subject: [PATCH 1/3] target/hexagon: Fix invalid duplex decoding Date: Fri, 6 Feb 2026 10:38:11 -0800 Message-Id: <20260206183813.2573541-2-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> References: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjA2MDEzNyBTYWx0ZWRfX+Yy119dDYbcF yahO2bnvT9Agrv9SsQoXgdDvR1alTwGW4A2tDfYLxmuXRu0lwmTQHlhOeM8Cqnb9qrB2yqQzm0Q mYcvj3maL7GX42yk/A2oT3x7yE0VY06C+YXdKHTyf4Rgn5dJU3zgYxkoVM0NvrM9Xm/M/xLRVaI QDpWaGG1ZwvuVT9eADZURDfLtjQF3dUSnTHJ+rdaCZVsg8wPdCeer8YjX07XxdLeDSxYGMey/Wz ma6X39J+edqvX8BNLoULrKCKNuwg3aZQW91AvEGiMcwAMU9Ur+nvxtLdKxg51whWS37oinbOgCY iatJGJlaZcfkIjUe6LO58U5hOnd+/8fXKifRoL26K6dA9tcBZT1Aj3aRPGBYYwQwrrf6SjLNuYG HItBrDNiZ77FCgFNd0UIrotS+gOkDlwf1viWLIQ1/YMVnh1rc2dVaiaqXh/arwcT5xhOjmzUin4 ttu/cdV9tFTjEbHiPag== X-Proofpoint-GUID: 3k38DMx9oue2r_Z_6aDchk1T4BMKtYqL X-Authority-Analysis: v=2.4 cv=e4kLiKp/ c=1 sm=1 tr=0 ts=6986351a cx=c_pps a=Uww141gWH0fZj/3QKPojxA==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=p0WdMEafAAAA:8 a=COk6AnOGAAAA:8 a=OCWrEZw6VeUBrM89gJgA:9 a=QEXdDO2ut3YA:10 a=PxkB5W3o20Ba91AHUih5:22 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-ORIG-GUID: 3k38DMx9oue2r_Z_6aDchk1T4BMKtYqL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-06_05,2026-02-05_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 clxscore=1015 adultscore=0 malwarescore=0 bulkscore=0 spamscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602060137 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.168.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770403149189154100 When decoding a duplex instruction, if the slot0 sub-instruction fails to decode after slot1 succeeds, QEMU was leaving the packet in a partially-decoded state. This allowed invalid duplex encodings (where one sub-instruction doesn't match any valid pattern) to be executed incorrectly. Fix by resetting the decoder state when slot0 fails, returning an empty instruction that triggers an exception. Add gen_exception_decode_fail() for raising exceptions when decode fails before ctx->next_PC is initialized. This keeps gen_exception_end_tb() semantics unchanged (it continues to use ctx->next_PC for the exception PC after successful decode). Update the invalid-slots test to expect SIGILL (exit code 132) instead of the old exit(1) behavior now that the exception is properly handled. Add invalid-duplex test for the specific case of invalid duplex encoding after immext. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3291 Signed-off-by: Brian Cain Reviewed-by: Pierrick Bouvier --- linux-user/hexagon/cpu_loop.c | 4 ++++ target/hexagon/decode.c | 13 +++++++++++-- target/hexagon/translate.c | 18 ++++++++++++++++-- tests/tcg/hexagon/invalid-duplex.c | 28 ++++++++++++++++++++++++++++ tests/tcg/hexagon/Makefile.target | 11 ++++++++++- 5 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 tests/tcg/hexagon/invalid-duplex.c diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c index 1941f4c9c1..c0e1098e3f 100644 --- a/linux-user/hexagon/cpu_loop.c +++ b/linux-user/hexagon/cpu_loop.c @@ -64,6 +64,10 @@ void cpu_loop(CPUHexagonState *env) force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN, env->gpr[HEX_REG_R31]); break; + case HEX_CAUSE_INVALID_PACKET: + force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, + env->gpr[HEX_REG_PC]); + break; case EXCP_ATOMIC: cpu_exec_step_atomic(cs); break; diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index b5ece60450..69ba1ec96c 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -509,8 +509,14 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t e= ncoding) insn->iclass =3D iclass_bits(encoding); return 2; } + /* + * Slot0 decode failed after slot1 succeeded. This is an inval= id + * duplex encoding (both sub-instructions must be valid). + */ + ctx->insn =3D --insn; } - g_assert_not_reached(); + /* Invalid duplex encoding - return 0 to signal failure */ + return 0; } } =20 @@ -674,7 +680,10 @@ int decode_packet(DisasContext *ctx, int max_words, co= nst uint32_t *words, encoding32 =3D words[words_read]; end_of_packet =3D is_packet_end(encoding32); new_insns =3D decode_insns(ctx, insn, encoding32); - g_assert(new_insns > 0); + if (new_insns =3D=3D 0) { + /* Invalid instruction encoding */ + return 0; + } /* * If we saw an extender, mark next word extended so immediate * decode works diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c index e88e19cc1a..7fe8b35351 100644 --- a/target/hexagon/translate.c +++ b/target/hexagon/translate.c @@ -195,7 +195,21 @@ static void gen_exception_end_tb(DisasContext *ctx, in= t excp) tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->next_PC); gen_exception_raw(excp); ctx->base.is_jmp =3D DISAS_NORETURN; +} =20 +/* + * Generate exception for decode failures. Unlike gen_exception_end_tb, + * this is used when decode fails before ctx->next_PC is initialized. + */ +static void gen_exception_decode_fail(DisasContext *ctx, int nwords, int e= xcp) +{ + target_ulong fail_pc =3D ctx->base.pc_next + nwords * sizeof(uint32_t); + + gen_exec_counters(ctx); + tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], fail_pc); + gen_exception_raw(excp); + ctx->base.is_jmp =3D DISAS_NORETURN; + ctx->base.pc_next =3D fail_pc; } =20 static int read_packet_words(CPUHexagonState *env, DisasContext *ctx, @@ -935,7 +949,7 @@ static void decode_and_translate_packet(CPUHexagonState= *env, DisasContext *ctx) =20 nwords =3D read_packet_words(env, ctx, words); if (!nwords) { - gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET); + gen_exception_decode_fail(ctx, 0, HEX_CAUSE_INVALID_PACKET); return; } =20 @@ -950,7 +964,7 @@ static void decode_and_translate_packet(CPUHexagonState= *env, DisasContext *ctx) gen_commit_packet(ctx); ctx->base.pc_next +=3D pkt.encod_pkt_size_in_bytes; } else { - gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET); + gen_exception_decode_fail(ctx, nwords, HEX_CAUSE_INVALID_PACKET); } } =20 diff --git a/tests/tcg/hexagon/invalid-duplex.c b/tests/tcg/hexagon/invalid= -duplex.c new file mode 100644 index 0000000000..88ad5024e9 --- /dev/null +++ b/tests/tcg/hexagon/invalid-duplex.c @@ -0,0 +1,28 @@ +/* + * Test that invalid duplex encodings are properly rejected. + * + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* + * This test uses an invalid packet encoding where: + * - Word 0: 0x0fff6fff =3D immext(#0xfffbffc0), parse bits =3D 01 + * - Word 1: 0x600237b0 =3D duplex with: + * - slot0 =3D 0x17b0 (invalid S2 subinstruction encoding) + * - slot1 =3D 0x0002 (valid SA1_addi) + * - duplex iclass =3D 7 (S2 for slot0, A for slot1) + * + * Since slot0 doesn't decode to any valid S2 subinstruction, this packet + * should be rejected and raise SIGILL. + */ + +int main() +{ + asm volatile( + /* Invalid packet: immext followed by duplex with invalid slot0 */ + ".word 0x0fff6fff\n" /* immext(#0xfffbffc0), parse=3D01 */ + ".word 0x600237b0\n" /* duplex: slot0=3D0x17b0 (invalid), slot1= =3D0x0002 */ + : : : "memory"); + return 0; +} diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index e5182c01d8..b0e20139c2 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -51,13 +51,22 @@ HEX_TESTS +=3D scatter_gather HEX_TESTS +=3D hvx_misc HEX_TESTS +=3D hvx_histogram HEX_TESTS +=3D invalid-slots +HEX_TESTS +=3D invalid-duplex HEX_TESTS +=3D unaligned_pc =20 run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \ test $$? -eq 1 && grep -q "exception $(strip $1)" $2.stderr) =20 +# Check that command dies from SIGILL (exit code =3D 128 + 4 =3D 132) run-invalid-slots: invalid-slots - $(call run-and-check-exception, 0x15, $@, $(QEMU) $(QEMU_OPTS) $<) + $(call quiet-command, \ + $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ + TEST, invalid-slots on $(TARGET_NAME)) + +run-invalid-duplex: invalid-duplex + $(call quiet-command, \ + $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ + TEST, invalid-duplex on $(TARGET_NAME)) =20 HEX_TESTS +=3D test_abs HEX_TESTS +=3D test_bitcnt --=20 2.34.1 From nobody Mon Feb 9 06:26:50 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770403121; cv=none; d=zohomail.com; s=zohoarc; b=ayMYryBkJsHkJlSeuCSV9OcEBioVM0JMpmOE3DsBrjMaZ5VL0A4FtgGw3V7eOxb9es/l4mqbmlg6f9c6egDnGvLFzE28KYDmvqGpwH963rg5R/iQXcjPRe8RKMIg/RES8cdoJEuuDIsBgppyxC2VSQXeGcJPmRgkaPtGwkLqdbs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770403121; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Z1WeDq8iLYhbAxqSSPx1kZ21cBW0C5MfaYx4W488Dm8=; b=hIqe+7FJwI7MsPJ+IB0oEGDXrlbAec0sMIAnEdMNB2WMoitlO5UxODGKlXpTv2c9936deL/kwbGCZoeDSGzD9LUvc5mdtbZrmB/5XTvmmWw58h91PvPVFsE5diI5O5b7ux/giKGjYkswiZ0FARGKgFCmzbhJr1aRwOctspvrUaE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770403121090376.007565327729; Fri, 6 Feb 2026 10:38:41 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1voQiw-0001AT-Fw; Fri, 06 Feb 2026 13:38:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQim-000186-OE for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:24 -0500 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQik-0008Cy-QW for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:24 -0500 Received: from pps.filterd (m0279873.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 616GxA6j694761 for ; Fri, 6 Feb 2026 18:38:20 GMT Received: from mail-dy1-f198.google.com (mail-dy1-f198.google.com [74.125.82.198]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c53qvbjbw-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 06 Feb 2026 18:38:19 +0000 (GMT) Received: by mail-dy1-f198.google.com with SMTP id 5a478bee46e88-2b71c5826fbso2512934eec.1 for ; Fri, 06 Feb 2026 10:38:19 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b855c3c846sm2270605eec.16.2026.02.06.10.38.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 10:38:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= Z1WeDq8iLYhbAxqSSPx1kZ21cBW0C5MfaYx4W488Dm8=; b=RXsa9jRGZEQWqKQ2 PlAtPp3sa/3TrggOgJvIOCHv2fINDVfPswAblKax4TcTII1sL+6Cc0lflIbhIqg3 MtjQqKEu90QPAly/9arTOaz7P55QYMz+LWj26XDEYZB17MpjrvI4nO5+53Wg7Uq/ oEANDI5kiv5G4gMppKe9YdQu3Y2Xw+2T9YO6LjmpmOE3xcTv7cKfdzL1asf5tcuD nFdOy7Eno4xOCdTy7fZQ/BALDnVRV1eVZP4pp48ZEwu0Ms0IQ8yXUnTRntekTmAg 9hoPRturQsPpsbCU6mh2NB7K7hEW7i2RpHa6WaG73djDLSXTov4C9cn0eidDjNiz RdV3TQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770403099; x=1771007899; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Z1WeDq8iLYhbAxqSSPx1kZ21cBW0C5MfaYx4W488Dm8=; b=KY12B6PDWm8oxz0ZL2yvR4aNV4ysMDOGm6Oq57YrxbUtKgIb6ZCYaJbs08JraKP02r zD92Jz0a+K6nf5naKqrlLUpYPBiH4zI2ztf5iRIXiUB6eJINChTGr9PA26ET+n6+RFeR HZxXRLt2HK5xGb8bHdmuQckUQ+J/JcdJpOgMer/kVCr8EBoEV8PS0AkXxbDakN/MyFO/ ih9R50BYa+Enb6OXO+Q7Hc62gc0DWAKbHq9KpahoDZRKoOn6x7xsYZFDEBW0AP4u/u3e OUS9ryP4eTbFtNnOyqrIvpSEcw9s+Qtn/H0tJ2AUpbho5clml9FwTOo2ennqW0e0uC0U 06Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770403099; x=1771007899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Z1WeDq8iLYhbAxqSSPx1kZ21cBW0C5MfaYx4W488Dm8=; b=mYrRNaxRlcsMVTnuqAdXrQP0mx505pe/U+1+Eh1v/frQDYzA29/uMAsg/p+CzIoScL Nb+118dBCR/fbFvu2mKkGjBK1+p9p+JP79fBtCBraRU+ZqgTF+PqH/nGItGfIx692nbD Ps4rDy1pJI4gtLuiYFKJVVOCTqZ8TAbtLz8qe7WD+gZFo10vxEbjC68yqGjRx166x+pm uFFn+0IPO63Cplu2oraUPfwIx00c4EJBu8VinmRFsmctdSnQapMBg/Z2wNtT5QReHdLd AEHs5/raS6sKjIAwe6nT4LTtRHQl8XqPSa+EWUtjKwHEXX0KSHM5wDXnVQ98lhZ37RnN aQ4w== X-Gm-Message-State: AOJu0YzlN/NAq+/KjUPFHUNueA0grhxR91lh80T1HbyUa2CTRm1guzbF rdoOpAaUStxdKAjwnIeFSVdwtjlja6ny4kd3luUx1FBlQY7wF9vFovIESTNcchIHrOSiQU3DuwK 301v0MWJ2lvOeDj03IXTNIFfm9GLu2mlZ50Ibgg/IkvlsBuwTd1VJhDk+cal3wpzspg== X-Gm-Gg: AZuq6aIKZqufCjuKoIMHMSu2gSi6GqS0IYz4ebrTz2iS1uvbNbSfuljFL4rijd8fUet R9M+Qk//QPYiZfjRxnzc59E9awlUMctDOKJK2GwXELhxSG4PDf+Cvo6eYM6c8zGF0GdqnMKfvL+ s2XulJ/pwgjncxBJqG408pNASda0UX9VoUJP7KFWPEcse75Wz/gwIA2ij+knx013G27K6i3Y8Ib DH262BfNv6aQCFqtKOcblgbJDW10r58tCIWffBqjmTqrAseuBh09TEcnmaCmyDmSmu1YjOkaZtt J1Ba8Rn3OFfrWJNnPuug1JdqE8mfX6xgJyqDISJeg71sOdd8YnLWJM47ENlJGeHD4nz1mHqWK9N 9OI5rUlpLt3YC7dBkZBlUfmrr+CK5Ij1Wm84olCntEDv5+SzPr6qh0r7vcw== X-Received: by 2002:a05:693c:3007:b0:2b8:30b8:58c0 with SMTP id 5a478bee46e88-2b8563d810cmr1782344eec.6.1770403098764; Fri, 06 Feb 2026 10:38:18 -0800 (PST) X-Received: by 2002:a05:693c:3007:b0:2b8:30b8:58c0 with SMTP id 5a478bee46e88-2b8563d810cmr1782325eec.6.1770403098178; Fri, 06 Feb 2026 10:38:18 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com Subject: [PATCH 2/3] target/hexagon: Reject duplex encodings with duplicate dest registers Date: Fri, 6 Feb 2026 10:38:12 -0800 Message-Id: <20260206183813.2573541-3-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> References: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Authority-Analysis: v=2.4 cv=TsPrRTXh c=1 sm=1 tr=0 ts=6986351c cx=c_pps a=wEP8DlPgTf/vqF+yE6f9lg==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=p0WdMEafAAAA:8 a=EUspDBNiAAAA:8 a=ceJ5jWYMHQCwmun8QzEA:9 a=QEXdDO2ut3YA:10 a=bBxd6f-gb0O0v-kibOvt:22 X-Proofpoint-ORIG-GUID: kjI-jDiziXXwngjzJObDydtBAvMtJH9e X-Proofpoint-GUID: kjI-jDiziXXwngjzJObDydtBAvMtJH9e X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjA2MDEzNyBTYWx0ZWRfX3xTdz+Qacqpd UfZ/Kf+OKtZuwymT9dmdyuoyDmCQJRoRVyDCRMqKCOP/zP3254Z64U+PBHxOvxPwr2XgLpk/zol zS48Avssf7MXjL8liBnnLwyVUlE7LbNr7erncAmEfYiBMcRrWmvoh53ey3fSDSAsaKrNA9oIfFK lH3U7ARXXX4DuLK/YYqAqNeoQcR3/9OrFvCY/7H5BP/OsvvD84pruE1biFw5RfDHUuLQxWmFrfQ /jVJtMcHIYj3eGp7OzaKZ6ogfMyRG39Kg5W9o8JhejDSASjTgJHn8Kv6mTlJPGqDimI8qJL3Hd0 U9EetAR3WllFv8DQr3XNUEaunBEE1xxXT+mGHd080yhLzQJoq4VLplkUl9CkaJOg5gfFhoO3C6d R3Pm4OOk1jIVGRLnOtwDKm0coLYQXgruqFlq/uSbKrUbY+qrW8hs3Pu8LOgSQ9d8Oyfu+AcMPI1 /LdY6K8rBjjH86AL+ow== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-06_05,2026-02-05_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602060137 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.180.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0b-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770403122849158500 A duplex encoding like 0x00000000 decodes as two loads that both write r0. Add a check in decode_insns() after both sub-instructions decode successfully to verify they don't write the same destination register. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696 Signed-off-by: Brian Cain Reviewed-by: Pierrick Bouvier --- target/hexagon/decode.c | 12 ++++++++++++ tests/tcg/hexagon/invalid-dups.c | 23 +++++++++++++++++++++++ tests/tcg/hexagon/Makefile.target | 6 ++++++ 3 files changed, 41 insertions(+) create mode 100644 tests/tcg/hexagon/invalid-dups.c diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index 69ba1ec96c..90499fc320 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -501,12 +501,24 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t = encoding) =20 /* The slot1 subinsn needs to be in the packet first */ if (decode_slot1_subinsn(ctx, slot1_subinsn)) { + Insn *slot1_insn =3D insn; insn->generate =3D opcode_genptr[insn->opcode]; insn->iclass =3D iclass_bits(encoding); ctx->insn =3D ++insn; if (decode_slot0_subinsn(ctx, slot0_subinsn)) { insn->generate =3D opcode_genptr[insn->opcode]; insn->iclass =3D iclass_bits(encoding); + /* + * Check that the two sub-instructions don't write the same + * destination register (e.g., encoding 0x0 decodes as two + * loads both writing R0, which is an invalid packet). + */ + if (insn->dest_idx >=3D 0 && slot1_insn->dest_idx >=3D 0 && + insn->regno[insn->dest_idx] =3D=3D + slot1_insn->regno[slot1_insn->dest_idx]) { + ctx->insn =3D --insn; + return 0; + } return 2; } /* diff --git a/tests/tcg/hexagon/invalid-dups.c b/tests/tcg/hexagon/invalid-d= ups.c new file mode 100644 index 0000000000..cb37ef7066 --- /dev/null +++ b/tests/tcg/hexagon/invalid-dups.c @@ -0,0 +1,23 @@ +/* + * Test that duplex encodings with duplicate destination registers are rej= ected. + * + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* + * The encoding 0x00000000 decodes as a duplex with parse bits [15:14] =3D= 0b00: + * slot1: SL1_loadri_io R0 =3D memw(R0+#0x0) + * slot0: SL1_loadri_io R0 =3D memw(R0+#0x0) + * + * Both sub-instructions write R0, which is an invalid packet (duplicate + * destination register). This should raise SIGILL. + */ + +int main() +{ + asm volatile( + ".word 0x00000000\n" + : : : "r0", "memory"); + return 0; +} diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index b0e20139c2..7199e29a30 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -52,6 +52,7 @@ HEX_TESTS +=3D hvx_misc HEX_TESTS +=3D hvx_histogram HEX_TESTS +=3D invalid-slots HEX_TESTS +=3D invalid-duplex +HEX_TESTS +=3D invalid-dups HEX_TESTS +=3D unaligned_pc =20 run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \ @@ -68,6 +69,11 @@ run-invalid-duplex: invalid-duplex $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ TEST, invalid-duplex on $(TARGET_NAME)) =20 +run-invalid-dups: invalid-dups + $(call quiet-command, \ + $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ + TEST, invalid-dups on $(TARGET_NAME)) + HEX_TESTS +=3D test_abs HEX_TESTS +=3D test_bitcnt HEX_TESTS +=3D test_bitsplit --=20 2.34.1 From nobody Mon Feb 9 06:26:50 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770403146; cv=none; d=zohomail.com; s=zohoarc; b=jogt0e3+12Q+GLBrXFmSC4Cy6LLkB0NTxr2IxZfyupr1YvSMmvCbfANt4VUR69UYOlT4vbMeXirq8D17cXkSapwr/8OUIs5WIaeEg9u9VPfnpGCiikw1WjsC0YgM1t5n4LsNyfH/KIRDDygM4LEPIvIqapS2odGQLe5HcM1c6vk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770403146; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LeWn/rnkeIdof3Uh+foZY8TtCF2GD38j3/bVb9HIVR0=; b=B7yv/WD2LICQXpKUwkuiNGH8wrOufbBcU9+ZVvoO5/rvtplFyO2pKl3qO4K9iDJy9U7m3diZ8V75XhCFj4c0MFqSdldW9uM5hBWbvuaBsNIo3ng1qQB0pbcMm81+az12qv22xVHf9yiF/0zf26M9WsWTVr6oNPOFji+aKbQIhVc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770403146548166.9718590628862; Fri, 6 Feb 2026 10:39:06 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1voQiv-0001A2-KM; Fri, 06 Feb 2026 13:38:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQin-00018c-RE for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:26 -0500 Received: from mx0a-0031df01.pphosted.com ([205.220.168.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1voQik-0008D4-QZ for qemu-devel@nongnu.org; Fri, 06 Feb 2026 13:38:25 -0500 Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 616EqpGn2483302 for ; Fri, 6 Feb 2026 18:38:20 GMT Received: from mail-dy1-f200.google.com (mail-dy1-f200.google.com [74.125.82.200]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c5c1722t4-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Fri, 06 Feb 2026 18:38:20 +0000 (GMT) Received: by mail-dy1-f200.google.com with SMTP id 5a478bee46e88-2b83787af4cso18451658eec.1 for ; Fri, 06 Feb 2026 10:38:20 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b855c3c846sm2270605eec.16.2026.02.06.10.38.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 10:38:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= LeWn/rnkeIdof3Uh+foZY8TtCF2GD38j3/bVb9HIVR0=; b=jYRSDYZPXg9OvXXA DEWPObVU1TeZOvIZWnuM41+PST5DHKRxIDIIbCI3sZTXXt7S6ytBg04ubydacrMs wgfIudNVCWolxIO+fERpIR8vUl/ZK4iVZ/AG63lhIhsIBSRNkC0GEn74t0KCtMC8 K8aDoJXVfaPhcYzfx8jv55MIbc1CL053xs2PW69/Vdfy/o+F31BJk3d9rcOvE1EM dvy6g4EAJXXmVTqVhgLR1QxHZ9XhIKrqLzey33YIDenblYP/cLQOTBzg+DmSgHzu Y1JlX0d1UwOp3oIwH0Jj0KuWwXmDQepdSllfnDx/b4lks44vEgTEPw//JwhgGDjv ziq8Fw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770403100; x=1771007900; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LeWn/rnkeIdof3Uh+foZY8TtCF2GD38j3/bVb9HIVR0=; b=ZVqmQZEX+MzKJrorfxe7NI+o2Ofqkc+u5wSKiCVbcvlRiJ1vTHlb3z25ASS3PUy4UH eMz/ZTfx7FNf+6BTk7Bg0KYSv5Ujs3UBRmj7HuRBJ4CxA36sH7VYA//IHb1elLbg63a8 kVBtT6GpsKfH5Syy7e8wRovIJOvBfCZOppLYHP8QZ9dL701SiA2MAO/rRKdlU80Qf7Lx yHQHqKoW7O0tb2G6C1WvrOyMPv0uK9fVxBcstxdffeG7cHq/d97aB2OHKK1YK8/WVw1j zCJFRXOBdqyj4l8Z5dMNSkZxxZqmLPFQOBSQHEwKgOxqh7lTFkNrtbZmR1uXayiErPLf 8VLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770403100; x=1771007900; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=LeWn/rnkeIdof3Uh+foZY8TtCF2GD38j3/bVb9HIVR0=; b=ldZ7E8vEPZf18yCL31pPX45BYKJyyM+UZBtUrJ73oAFpw0+DVjcDtL4vXdraYx9nl4 gJrlMVi61VQl1BVRo1abXYq8nldZeWL75yp1v02edlWYNyAeYOBKUK5E7kNN2J0JnslX raONUeqh7C2m9vkoyCpEkuWvzDXkAHN7uudwFybAcjCKzxw2MrUzFoe6dHqRfiBFHs68 TfGb5RsCvGwY5FRPEFJSYnl0tOGFa6xQHm871UUGz9XAkgkmLcbNHCt0cdac9rEuHEsZ p8p/x79oY8/lfG9Wbuho4GUkCh1Y0ry9jsvJQSwNwCbNCcaArlhYei7CPvIRjLTTxNsw Ok1w== X-Gm-Message-State: AOJu0YyctbXzB36iBke96FyebIK6bT+EKP7YNFnqo31TaM0rw5HO1fzG NVPhI0qGzDcvP1N0z+W5dN8rEyS5W7l83OtaY5PvoiwJR6fw8AUrL0FL/5DHv0Kgu34QbjFRuq5 JvK0J/FDlgKLRIAMOig7cbwmLUZP/zI7/Dl5kdyVl3RgaR4bl2RJ5sFf0ue/IxDdyHQ== X-Gm-Gg: AZuq6aLyiBv+cEmpORRWmdgDPwWUKQ9Po1pqOWKFLobmnFm0zgHUa7PmAZihEFR5OLY wsfiIkNNuUm0P9wKiKDnBQiuQZjqkon/5SNy7GkGER7drMBPcLrwznqKViF5naWGDOy5c87T1F7 3GbqEsBqwTu6HQE74R2+xR/zZE4Be/35yMaIejZ4z81+01p3Ai1yBtZgwUEGBcGum109Uc8f/lf gfGnjiwYOCSCbedBeA9zlEodGNqrgtKScCY4AnEEOjvZ5Qsoz1oFbvM6bQhxOOlrAo6hmq91IhP U1bRHvqP/Rai83ScDqOSQjYG9Jiem5hKN8e170oE+lWiq/U7a+xqpJUfyCfkE1b7NyVFRHABRvE UDwZjSTOnIPYQ/PPCPCDdSgB0I6UQAPBt9DigZFDRC+cM0mNgNvEyyZuxJQ== X-Received: by 2002:a05:7301:3f18:b0:2ae:5b54:523e with SMTP id 5a478bee46e88-2b856a456b1mr1389008eec.40.1770403099558; Fri, 06 Feb 2026 10:38:19 -0800 (PST) X-Received: by 2002:a05:7301:3f18:b0:2ae:5b54:523e with SMTP id 5a478bee46e88-2b856a456b1mr1388996eec.40.1770403099037; Fri, 06 Feb 2026 10:38:19 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com Subject: [PATCH 3/3] target/hexagon: Return decode failure for invalid non-duplex encodings Date: Fri, 6 Feb 2026 10:38:13 -0800 Message-Id: <20260206183813.2573541-4-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> References: <20260206183813.2573541-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-GUID: sa-K_pRTalGw6htUUTbOUsrraS3oAzlJ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjA2MDEzNyBTYWx0ZWRfX/rv+nIsclXeZ o1nqtlcB/jJetVo3sURjmCJUOHnxe/wwAzTyW2b/cUginmsHi2Wm4b2cgUQO/emh+OaL2ERigK/ GlC+kntO16gN39VaELlo83jkfYPI+EWTsTZr0THpH700zzT0X90Cw4W4I+ZFvHQAskkK4Kjtmm0 mVsK7Kjt0sECaM0Ur+UTeWWNCm02hO5w8yTfF5yl2Nh5G3ayzhAgs2nElfcajVPBAd8cfCh7l9C pp952L2C77E1Kcc295LgWPHvuwlUIqHkiJNcGz5QE0OOFAtxF3U8cbk0HpEPHWMV9rXKhErs3OB mRNZgmk8AEYOJHt9ssPrw9z4zJRVVlw1w2P3BtkDlR5NVqG+kHkddogaGhZq/+pU0CeXDlG9GWv 6a+Xpvod1bqeoULxOFKs3X+MBy1de4AOKy3+4W7s3aFpmnqBx12Ntgn6q0ybcBwkowAbBUqAJAj SDb15pyBhQImUlCy98A== X-Proofpoint-ORIG-GUID: sa-K_pRTalGw6htUUTbOUsrraS3oAzlJ X-Authority-Analysis: v=2.4 cv=E7TAZKdl c=1 sm=1 tr=0 ts=6986351c cx=c_pps a=PfFC4Oe2JQzmKTvty2cRDw==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=EUspDBNiAAAA:8 a=JVcbmikgOCOOM7YXfUEA:9 a=QEXdDO2ut3YA:10 a=6Ab_bkdmUrQuMsNx7PHu:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-06_05,2026-02-05_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 spamscore=0 clxscore=1015 bulkscore=0 phishscore=0 priorityscore=1501 suspectscore=0 impostorscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602060137 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.168.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770403149120154100 When a non-duplex encoding (parse_bits !=3D 0) fails both decode_normal() and decode_hvx(), the decoder hit an unreachable. Instead, handle the decode failure and raise an exception. Signed-off-by: Brian Cain Reviewed-by: Pierrick Bouvier --- target/hexagon/decode.c | 3 ++- tests/tcg/hexagon/invalid-encoding.c | 20 ++++++++++++++++++++ tests/tcg/hexagon/Makefile.target | 6 ++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 tests/tcg/hexagon/invalid-encoding.c diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index 90499fc320..ebb4e02a17 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -489,7 +489,8 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t en= coding) insn->iclass =3D iclass_bits(encoding); return 1; } - g_assert_not_reached(); + /* Invalid non-duplex encoding */ + return 0; } else { uint32_t iclass =3D get_duplex_iclass(encoding); unsigned int slot0_subinsn =3D get_slot0_subinsn(encoding); diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval= id-encoding.c new file mode 100644 index 0000000000..efe914b4e4 --- /dev/null +++ b/tests/tcg/hexagon/invalid-encoding.c @@ -0,0 +1,20 @@ +/* + * Test that invalid non-duplex encodings are properly rejected. + * + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* + * The encoding 0xffffc000 has parse bits [15:14] =3D 0b11, making it a + * non-duplex instruction and packet end. The remaining bits do not match + * any valid normal or HVX instruction encoding, so this should raise SIGI= LL. + */ + +int main() +{ + asm volatile( + ".word 0xffffc000\n" + : : : "memory"); + return 0; +} diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index 7199e29a30..79ebfd56ce 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -53,6 +53,7 @@ HEX_TESTS +=3D hvx_histogram HEX_TESTS +=3D invalid-slots HEX_TESTS +=3D invalid-duplex HEX_TESTS +=3D invalid-dups +HEX_TESTS +=3D invalid-encoding HEX_TESTS +=3D unaligned_pc =20 run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \ @@ -74,6 +75,11 @@ run-invalid-dups: invalid-dups $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ TEST, invalid-dups on $(TARGET_NAME)) =20 +run-invalid-encoding: invalid-encoding + $(call quiet-command, \ + $(QEMU) $(QEMU_OPTS) $< ; test $$? -eq 132, \ + TEST, invalid-encoding on $(TARGET_NAME)) + HEX_TESTS +=3D test_abs HEX_TESTS +=3D test_bitcnt HEX_TESTS +=3D test_bitsplit --=20 2.34.1