From nobody Mon Feb 9 19:08:14 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770487673; cv=none; d=zohomail.com; s=zohoarc; b=CEfMGsfP4ekC6R5CYQRM1qEEMXQ7coetzkD+K0kPpauvtPKnXCpGCzmPfGqqnCKszUZQRLCsWHo6TGKjb/W6i2LrQcBukil0Y0GhakbtNqmuNVvTkc4K604YP7FIHxjbLbYtzN/jUm4vV0hK50Lfdu+J0aWGzJQMf+bNo0QNLe8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770487673; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=u8zQ/PgN+M6EU0nqZmhx5VWC/id7HIJ3f/1jOvE3ams=; b=fuIOFK5zQu0w5w+NDNo8fWpOV/5mS5E381xA+tFd0nIUbzkoVgH9WowVxaLr2PiP4oqDxV0D9hGd2aphJeT0UmafR1pfHoZiF4WUHcfW1T7msQ5UXiWAQ/RPD9ewv0S4Bc9IxDKdOrMKDIQ526JNm5+enIPUqelmdHpFOW2D5uk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770487673896911.4934776100964; Sat, 7 Feb 2026 10:07:53 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vomi5-0001UI-45; Sat, 07 Feb 2026 13:07:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vomhz-0001Ta-RX for qemu-devel@nongnu.org; Sat, 07 Feb 2026 13:07:04 -0500 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vomhr-0005LM-HI for qemu-devel@nongnu.org; Sat, 07 Feb 2026 13:07:01 -0500 Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 617DlDiI2132297 for ; Sat, 7 Feb 2026 18:06:53 GMT Received: from mail-dy1-f198.google.com (mail-dy1-f198.google.com [74.125.82.198]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c5xj1938t-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Sat, 07 Feb 2026 18:06:52 +0000 (GMT) Received: by mail-dy1-f198.google.com with SMTP id 5a478bee46e88-2b708fa4093so9415532eec.0 for ; Sat, 07 Feb 2026 10:06:52 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b855c63152sm4002328eec.25.2026.02.07.10.06.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 07 Feb 2026 10:06:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= u8zQ/PgN+M6EU0nqZmhx5VWC/id7HIJ3f/1jOvE3ams=; b=PaSGwpQ4lkZo5Mv0 CS6A/CdhU6kGgrK9f6x5x5njCuGUybCEgVvsIIIZsbagWGs0ieXx062dLF5bIuVu WHOBYd2Tth1PvPdSn0SKwsYo1GsDDb7aUUo/UbB/XZ9h3cZFJaKbqDWW7A25/OpP aDAPllv0IHmlmlVVeHG8u0E6OfeheatHFGQRXSGtyY4fuvl3XzsDYl43IFRQIOEy ZBM16RtRbouaincS4QDxXT/ONQZfKoD1P3lBckxfLoiLXLiF3S2bpRR59O4WBfVs +HcBrHUiN3/TuHomwB9xLLioXC+Evkx273O7eKpX7qD9WeyKEGrMjlZh+8jL33CW m0aYHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770487612; x=1771092412; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u8zQ/PgN+M6EU0nqZmhx5VWC/id7HIJ3f/1jOvE3ams=; b=SphfY5Lh4c3bUtM1P8s8mrSqMIyLqzVU3vmqG4rdh8IvzlUfRTIFfINLDiPWqMg+mH asVfE/oqJpcdBIt6gl0chMuLeFmsOHvAcY/RiwCirur+yjnMWN87VngH8szNloN9VLry j9DtKBx7MWYYXjDY9SmNc7WCf4hbObIv8SfewonsRngNfeDL/ZUbDUR/CVVDm+lLleS5 VSdQ+KBugY5hdvsMkOmOUGPn42u9XT00KZgyJn4RvIRKL/V9tUjPUdVDN3pSGNXXzFt+ uq8EpvxwLiIb8tLxnqHq5MQvdsgiTlyXB+uNLqdTKuBTqYCoCzgLQoLanh4SLYLYWRFI suqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770487612; x=1771092412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=u8zQ/PgN+M6EU0nqZmhx5VWC/id7HIJ3f/1jOvE3ams=; b=M606dZXBVbOAdZEv88Ozff6A+1rENJf/b0lh2guY8H5wyf6N1+HFM36CkLCGYkUMR8 sYl9TRQAYRWbYZZPU4yMaa/u7oci+nR2cH3e/UjTbyTuD8GfMddzVVfe/fxLYctPhL5F QnySoibrXPlNbLG97Pgoy3qQX1io+uq9IWeceA2/iepiqM988trH6azUTMlYyff73aja mh6S8sqXlvf0hIT7dHmoJi0UPYAtKsNBfuFf05lIcdVqdUe3TujIy2W8eGZ9t0Zhuu8J pWKlatLqriURIi7VbvXlrHfkbyZMiBEo94clzbd1tXIwJHY/zjLd8tneexeVn14JXuoL N+5Q== X-Gm-Message-State: AOJu0YxB4T1qy/5XZaDkj8N1eBsbeit5QX7gfBY5O7UgnWZVblXmerOM y6FT52OML/XvnPnxYCAIq1kb5OQXnJU8tUM/qhsexb/ketGphmaKeNpO9iqEaOmoBy2gJkhMXSJ +Tp8LaBebHya9UGIktHC1XRnsck1/5BmrdAQLqxaRFyfenHyMeFoz5wTLvARrIw+SbA== X-Gm-Gg: AZuq6aJWGJOkrLCPT7apsnPUiDMbBs1OK25dKvU9NjfmmjCtsTXynBsy2KCv10I8gZY cMV+dppruXs5FSMqG3Rcxp83pLv0W1X2cj4VSCHZds17X+JX5Z5Gls70Sx1N8otZueD5YZJFo/Q J8TJRcKZHVsYM81Y5B0QgL/GBLtO8VVYe9L/CH/bX2L9nMXhJCIlDPuZKn6cVZNCEQOTnYtLi72 7U+2FvoUpdkMZOo6UMV7NwOczIJ0+YXp3+kHk0r81oUTv4DHwdoGDVNR1oLo/hnBywvJQ95bDbL FwWjoSSEhnqupB+6f/lCW5puXjf9sbeUZJhKUf8p+adnTzqtJN3rIpQWA2noqMGhC4aueu9i6w4 /qmwGaVWqBQ8a0eu2WAKl6ZRNywk05cfbOA5uEwVxfTOBP8wd3GeVpgETOg== X-Received: by 2002:a05:693c:2d8c:b0:2b7:1c58:dca6 with SMTP id 5a478bee46e88-2b85646d9c4mr4349651eec.6.1770487611539; Sat, 07 Feb 2026 10:06:51 -0800 (PST) X-Received: by 2002:a05:693c:2d8c:b0:2b7:1c58:dca6 with SMTP id 5a478bee46e88-2b85646d9c4mr4349638eec.6.1770487611030; Sat, 07 Feb 2026 10:06:51 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Pierrick Bouvier Subject: [PATCH v2 2/4] target/hexagon: Reject duplex encodings with duplicate dest registers Date: Sat, 7 Feb 2026 10:06:30 -0800 Message-Id: <20260207180632.1042754-3-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260207180632.1042754-1-brian.cain@oss.qualcomm.com> References: <20260207180632.1042754-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-GUID: 1ShrdRGY-jCPL8tDYFihl2vi9ZxOhLgn X-Proofpoint-ORIG-GUID: 1ShrdRGY-jCPL8tDYFihl2vi9ZxOhLgn X-Authority-Analysis: v=2.4 cv=F/tat6hN c=1 sm=1 tr=0 ts=69877f3c cx=c_pps a=wEP8DlPgTf/vqF+yE6f9lg==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=p0WdMEafAAAA:8 a=EUspDBNiAAAA:8 a=KKAkSRfTAAAA:8 a=ceJ5jWYMHQCwmun8QzEA:9 a=QEXdDO2ut3YA:10 a=bBxd6f-gb0O0v-kibOvt:22 a=cvBusfyB2V15izCimMoJ:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjA3MDE0OSBTYWx0ZWRfXziov73BePCf8 1C05VanEmJrrE9M+DVSDZj7qckorTPhVe+2YEWJmtIUKZULDKOaGkUzL7ELuUa83HCZzB5trzhN axPGt+wS6Kd9tEDSzkrrmgEozxzFl1LDUxDpKfKyystAnq8a/23lR675LRGlzbnS0lsioF71m4U +b4DfeittpBvfC7I0OPoBWe1llXvRy1Q0v2Yo8KPWX3sqViLI8tAjyx6q2R7YRLk7yWgZwwC9DO Ex70SFEI1PreMB6a7A1pz624l1SmEvKvwKuO9xC1aY6zQ7exgwxmBl+2fP0k3m6/Oq6CsvwSaU+ ELluvO1pvHAX5dbyQHcq6qjTzVvVp1QfhbsR+amqwUJVkyXiwuCr73cV/kBF/4LFksOHD3kx0tU gwv8fi5RIYy4Wj1xACV62bFIg6r4iwBep3aOSMAUdmnveR9maH+B/5W9hczmg17JPUSbFkMowYZ BZTkaDmxeKpzZkBpkXQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-06_05,2026-02-05_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 clxscore=1015 malwarescore=0 priorityscore=1501 suspectscore=0 spamscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602070149 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.180.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0b-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770487675945154101 A duplex encoding like 0x00000000 decodes as two loads that both write r0. Add a check in decode_insns() after both sub-instructions decode successfully to verify they don't write the same destination register. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696 Signed-off-by: Brian Cain Reviewed-by: Pierrick Bouvier --- target/hexagon/decode.c | 12 ++++++++++++ tests/tcg/hexagon/invalid-encoding.c | 29 ++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index 69ba1ec96c..90499fc320 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -501,12 +501,24 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t = encoding) =20 /* The slot1 subinsn needs to be in the packet first */ if (decode_slot1_subinsn(ctx, slot1_subinsn)) { + Insn *slot1_insn =3D insn; insn->generate =3D opcode_genptr[insn->opcode]; insn->iclass =3D iclass_bits(encoding); ctx->insn =3D ++insn; if (decode_slot0_subinsn(ctx, slot0_subinsn)) { insn->generate =3D opcode_genptr[insn->opcode]; insn->iclass =3D iclass_bits(encoding); + /* + * Check that the two sub-instructions don't write the same + * destination register (e.g., encoding 0x0 decodes as two + * loads both writing R0, which is an invalid packet). + */ + if (insn->dest_idx >=3D 0 && slot1_insn->dest_idx >=3D 0 && + insn->regno[insn->dest_idx] =3D=3D + slot1_insn->regno[slot1_insn->dest_idx]) { + ctx->insn =3D --insn; + return 0; + } return 2; } /* diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval= id-encoding.c index 010a5eb741..1bbd312b61 100644 --- a/tests/tcg/hexagon/invalid-encoding.c +++ b/tests/tcg/hexagon/invalid-encoding.c @@ -65,6 +65,34 @@ static int test_invalid_duplex(void) return sig; } =20 +/* + * Duplex with duplicate destination registers (issue #2696): + * The encoding 0x00000000 decodes as a duplex with parse bits + * [15:14] =3D 0b00: + * slot1: SL1_loadri_io R0 =3D memw(R0+#0x0) + * slot0: SL1_loadri_io R0 =3D memw(R0+#0x0) + * + * Both sub-instructions write R0, which is an invalid packet (duplicate + * destination register). This should raise SIGILL. + */ +static int test_invalid_dups(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + ".word 0x00000000\n" + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "memory"); + + return sig; +} + int main() { struct sigaction act; @@ -75,6 +103,7 @@ int main() assert(sigaction(SIGILL, &act, NULL) =3D=3D 0); =20 assert(test_invalid_duplex() =3D=3D SIGILL); + assert(test_invalid_dups() =3D=3D SIGILL); =20 puts("PASS"); return EXIT_SUCCESS; --=20 2.34.1