From nobody Wed Feb 11 03:26:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770730495; cv=none; d=zohomail.com; s=zohoarc; b=LAzA9qmjjjB1KSs8GZkAOnJPgWH2aI5xNZBVN9M7yjpZrsk4QIIZpUq4KlEoJIvGM6/eCENR4NZCTU9PrdtylH8cGOi8rymd+HY8vyCE/GE8rB5WV3qLDOfR6yJgCwEFYzsozIqBjN3D/LYmJ6vEv05hukY5rz1qvrkQJm+/H00= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770730495; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=l37Zxlyi9mO3iVC6cC8zZBYMzG8H0SBlmrQTeaH80AI=; b=SsztMaSKnBEPy7i5G85Wa7+kbE6GnfaOTq2LbhgGwSOj2TbfHQq3bs+0qjzt7xd6zapYXV+m0254zfAAQ7VFTWBJ9lp7p/PrjUuBamp1YyaMHqPS8pRsRO8tDzEZaFO6VnUb4YS1OwkfyMSxlzbAuxyBhmWGq/Nz+k7EopYOreQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770730495020917.2959550192935; Tue, 10 Feb 2026 05:34:55 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vpnsr-0005ep-EF; Tue, 10 Feb 2026 08:34:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsl-0005dm-Uf for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:23 -0500 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsj-0001nc-Nf for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:23 -0500 Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 61A7diKF1419509 for ; Tue, 10 Feb 2026 13:34:19 GMT Received: from mail-dy1-f199.google.com (mail-dy1-f199.google.com [74.125.82.199]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c7rpvtjev-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Tue, 10 Feb 2026 13:34:18 +0000 (GMT) Received: by mail-dy1-f199.google.com with SMTP id 5a478bee46e88-2b7a28264c1so3616648eec.0 for ; Tue, 10 Feb 2026 05:34:18 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2ba7e149c58sm2716162eec.26.2026.02.10.05.34.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 05:34:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= l37Zxlyi9mO3iVC6cC8zZBYMzG8H0SBlmrQTeaH80AI=; b=U4K3K2yX4XQR4jC9 frDnxtbzugsIr4CgvZQKglHOsrqjzS2VDVt7nfsib2qr97z4TH+T0hvVyCVX01W6 NZXUTNvxdKRcOy/v0zNRKzoikaE3LK/XmpjPrcZl8zTn9jyHuj/FDSU+ol/7kz25 eatpKvL7aIaemq3LOm4MU+AhFShPNg3YvbgjiIHrcAz25HYqPdvjfP3TUoxhRQMz wFBO1t2XUgCtVeUANBmZ8iWSidXbt//j7yBv7Azwd8/P30PW1C3dFjmybPe9GlL5 WNvctO2UmeQOHCwAtM2UsL6FWbLJHYJsMyeClVLvxwNKQku5xQDRK3nCKJo9iBY1 guCJVg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770730458; x=1771335258; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=l37Zxlyi9mO3iVC6cC8zZBYMzG8H0SBlmrQTeaH80AI=; b=JnzKYnXAQGgguaFPo/rBOVs9Ttsv9ONEmdcjaFt73A44K9zLWKKs3rBqMypofRxsu/ 1peq5rrjXfUCpSJtMkhNe95mjvdKVvJl621B9bm8xgoHD9hbWcGJtGUBTUnWiI3RBbYf FuJtGmrS6cjm3TWOx7xgd7Y6E243NZ1NYBAoNxYlj0vNn7Ek9eRjCz8Qff0EWqpzlOC4 laWgKOojujBob0mNuNZeBvNHpfFLI/UhFhddNBHnRXJSyUZ5NnF2/sM+I4YaUE+IMeIi pfXgIaLAq7rMZkBHLVJhhrmKsuAj50QX8A0T8g4NFYnaEE6SE+xVx6d1hWJ6HBxJjLhz WcEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770730458; x=1771335258; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=l37Zxlyi9mO3iVC6cC8zZBYMzG8H0SBlmrQTeaH80AI=; b=f5+qDWPWz/16dQ7e4dprOgI/X8LnDwEh6aWYNrMPtqewCE2cAgchKvEW4THZKBGstc G79im0KkOxUxwZJoi8Teom4cWwvHNGRF/2h+hpumWzgYIHiIlDzO4xyR1B/zxzt9EJ49 TNd2ctUubUJv2pB/Ckb4kparaUo+MXm2UEhGNyV6Nyc9u95Qrrd+N0p661YpAo/QxeFx BLnnGq+C2IxBjomOPCs42KvwWSPJ2zV6Reb6lhEP3rBARkT4gfK2PArKTffN1oIq+GZ2 rpHj2qq5Iwar86kYEvjXUHZE27A5YB8iz0nZLZc9hQmgyTPd5v9vSmbB6lx+zb2e1mco ddYw== X-Gm-Message-State: AOJu0YzQLYMg9ll6L87SASKUGf80lp/TGsZtwklDVUKgxFHzr+z8pEod +ynYoi3IYAw+E5AeKK9T6IgM4fofAB5htoGqNEP7eT1gsvPM+XIhG4C0ujTUlwzcK622nNy6KKw 5FUd5S4POsQfsCunE2xy1DGFGk0dj+Kb9xW8F6MfJmWf7kQiGEdrNnnSva3eaP3wEig== X-Gm-Gg: AZuq6aLC6uVVQrW1vjU3F0rn/ei6S0fK4JvjpEagmMyCsA3xbBftvwOiNev4DujRkbD WI7vJ/0EvmlrGw5FlNxPwG/ne+oKOZniOYKYRavJzoKkCvXCuRrr2q6t/7HhXOtgNga+ZHRjDcW XC8mCWrq2ZemxCuwnrygfqJDkJtjjLqtvMpZjaboVqPY5FICAURUSmHdI1EV+rS3p/dMC6Phb3v t1Vjug5R/hLCIIesBehYE5f6U2wVrIO0Y2c6knVFemaxmaXfI63UTOI1Ohss5jbeePUenxK7p9c BSHU/UekXFhBjCETY3DitXTflSYSj4m9K16tBqMVXit8oe5sr+PgkljUb4TOldlLeqdV5+CNENU dvh9ThIycc70vedYRXBKyr96/MuMk7829KS0eLqoy6LWGi3iBdInLN5wB8Dzu9/G9z6S90g== X-Received: by 2002:a05:7301:6784:b0:2ba:8aa8:9c04 with SMTP id 5a478bee46e88-2ba8aa8a736mr737110eec.2.1770730457364; Tue, 10 Feb 2026 05:34:17 -0800 (PST) X-Received: by 2002:a05:7301:6784:b0:2ba:8aa8:9c04 with SMTP id 5a478bee46e88-2ba8aa8a736mr737091eec.2.1770730456730; Tue, 10 Feb 2026 05:34:16 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Brian Cain , Pierrick Bouvier , Laurent Vivier Subject: [PATCH v3 1/4] target/hexagon: Fix invalid duplex decoding Date: Tue, 10 Feb 2026 05:33:51 -0800 Message-Id: <20260210133355.16093-2-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> References: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjEwMDExNCBTYWx0ZWRfXzSE+HqQcu9Qp 3JvfgRG/wzicM6YIdaCdQpC4KRbCYkXVpUfyKsA4qfVSNZwHGdzUeee+oTU6TBlNUbrFrqaeFoQ KFjRHrPivYEuieCyJEJeBTz1AhZF75/dx35D/nyHOoZl6ePMKrQW6I4u8dtfWi0Jn1Eo2rFJOqR t3AFJkU5VoY1ecvxWAqvZEqn89PHqEdAXXbmI/fTzim3K1AwFHAZTow3sn0V+F+0g9wuaxv4QDG VAqwk2KYnmFrS6q0JtrHAeN6ybTDtHfPG1P9/HtzJ+1hXbTpbGSoVoE94Hsa0vv/woVA2c1bl4Q eO2XmqQPekcrfTZP8GP8hlJ54pLc3+qJVRvfTOhXCaQe7jfVLXrFxV9BD46KWmzxd5o44it/Ywl Vi3liwms+HZo1IpOLWZy8EvOYkCYWnYT3mkGQ3HgK9aVZmFOL/1PL2OmeZD0EMIUQ91IGnrB3eT xvNfKBqV+8w3u5KTXIA== X-Authority-Analysis: v=2.4 cv=KKZXzVFo c=1 sm=1 tr=0 ts=698b33da cx=c_pps a=cFYjgdjTJScbgFmBucgdfQ==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=p0WdMEafAAAA:8 a=COk6AnOGAAAA:8 a=KKAkSRfTAAAA:8 a=pGLkceISAAAA:8 a=OCWrEZw6VeUBrM89gJgA:9 a=QEXdDO2ut3YA:10 a=scEy_gLbYbu1JhEsrz4S:22 a=TjNXssC_j7lpFel5tvFf:22 a=cvBusfyB2V15izCimMoJ:22 X-Proofpoint-ORIG-GUID: XmSuPz42c789r6S_anpMQzGqBSf45oK3 X-Proofpoint-GUID: XmSuPz42c789r6S_anpMQzGqBSf45oK3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-10_01,2026-02-10_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 lowpriorityscore=0 suspectscore=0 impostorscore=0 spamscore=0 adultscore=0 malwarescore=0 priorityscore=1501 phishscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602100114 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.180.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0b-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770730497661154100 When decoding a duplex instruction, if the slot0 sub-instruction fails to decode after slot1 succeeds, QEMU was leaving the packet in a partially-decoded state. This allowed invalid duplex encodings (where one sub-instruction doesn't match any valid pattern) to be executed incorrectly. Fix by resetting the decoder state when slot0 fails, returning an empty instruction that triggers an exception. Add gen_exception_decode_fail() for raising exceptions when decode fails before ctx->next_PC is initialized. This keeps gen_exception_end_tb() semantics unchanged (it continues to use ctx->next_PC for the exception PC after successful decode). Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3291 Signed-off-by: Brian Cain Reviewed-by: Pierrick Bouvier Reviewed-by: Taylor Simpson --- linux-user/hexagon/cpu_loop.c | 4 ++ target/hexagon/decode.c | 13 ++++- target/hexagon/translate.c | 18 ++++++- tests/tcg/hexagon/invalid-encoding.c | 81 ++++++++++++++++++++++++++++ tests/tcg/hexagon/Makefile.target | 1 + 5 files changed, 113 insertions(+), 4 deletions(-) create mode 100644 tests/tcg/hexagon/invalid-encoding.c diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c index 1941f4c9c1..c0e1098e3f 100644 --- a/linux-user/hexagon/cpu_loop.c +++ b/linux-user/hexagon/cpu_loop.c @@ -64,6 +64,10 @@ void cpu_loop(CPUHexagonState *env) force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN, env->gpr[HEX_REG_R31]); break; + case HEX_CAUSE_INVALID_PACKET: + force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, + env->gpr[HEX_REG_PC]); + break; case EXCP_ATOMIC: cpu_exec_step_atomic(cs); break; diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index b5ece60450..69ba1ec96c 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -509,8 +509,14 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t e= ncoding) insn->iclass =3D iclass_bits(encoding); return 2; } + /* + * Slot0 decode failed after slot1 succeeded. This is an inval= id + * duplex encoding (both sub-instructions must be valid). + */ + ctx->insn =3D --insn; } - g_assert_not_reached(); + /* Invalid duplex encoding - return 0 to signal failure */ + return 0; } } =20 @@ -674,7 +680,10 @@ int decode_packet(DisasContext *ctx, int max_words, co= nst uint32_t *words, encoding32 =3D words[words_read]; end_of_packet =3D is_packet_end(encoding32); new_insns =3D decode_insns(ctx, insn, encoding32); - g_assert(new_insns > 0); + if (new_insns =3D=3D 0) { + /* Invalid instruction encoding */ + return 0; + } /* * If we saw an extender, mark next word extended so immediate * decode works diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c index e88e19cc1a..7fe8b35351 100644 --- a/target/hexagon/translate.c +++ b/target/hexagon/translate.c @@ -195,7 +195,21 @@ static void gen_exception_end_tb(DisasContext *ctx, in= t excp) tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], ctx->next_PC); gen_exception_raw(excp); ctx->base.is_jmp =3D DISAS_NORETURN; +} =20 +/* + * Generate exception for decode failures. Unlike gen_exception_end_tb, + * this is used when decode fails before ctx->next_PC is initialized. + */ +static void gen_exception_decode_fail(DisasContext *ctx, int nwords, int e= xcp) +{ + target_ulong fail_pc =3D ctx->base.pc_next + nwords * sizeof(uint32_t); + + gen_exec_counters(ctx); + tcg_gen_movi_tl(hex_gpr[HEX_REG_PC], fail_pc); + gen_exception_raw(excp); + ctx->base.is_jmp =3D DISAS_NORETURN; + ctx->base.pc_next =3D fail_pc; } =20 static int read_packet_words(CPUHexagonState *env, DisasContext *ctx, @@ -935,7 +949,7 @@ static void decode_and_translate_packet(CPUHexagonState= *env, DisasContext *ctx) =20 nwords =3D read_packet_words(env, ctx, words); if (!nwords) { - gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET); + gen_exception_decode_fail(ctx, 0, HEX_CAUSE_INVALID_PACKET); return; } =20 @@ -950,7 +964,7 @@ static void decode_and_translate_packet(CPUHexagonState= *env, DisasContext *ctx) gen_commit_packet(ctx); ctx->base.pc_next +=3D pkt.encod_pkt_size_in_bytes; } else { - gen_exception_end_tb(ctx, HEX_CAUSE_INVALID_PACKET); + gen_exception_decode_fail(ctx, nwords, HEX_CAUSE_INVALID_PACKET); } } =20 diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval= id-encoding.c new file mode 100644 index 0000000000..010a5eb741 --- /dev/null +++ b/tests/tcg/hexagon/invalid-encoding.c @@ -0,0 +1,81 @@ +/* + * Test that invalid instruction encodings are properly rejected. + * + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include + +static void *resume_pc; + +static void handle_sigill(int sig, siginfo_t *info, void *puc) +{ + ucontext_t *uc =3D (ucontext_t *)puc; + + if (sig !=3D SIGILL) { + _exit(EXIT_FAILURE); + } + + uc->uc_mcontext.r0 =3D SIGILL; + uc->uc_mcontext.pc =3D (unsigned long)resume_pc; +} + +/* + * Each test function: + * - Sets r0 to something other than SIGILL + * - Stores the resume address into resume_pc + * - Executes the invalid encoding + * - The handler sets r0 =3D SIGILL and resumes after the faulting packet + * - Returns the value in r0 + */ + +/* + * Invalid duplex encoding (issue #3291): + * - Word 0: 0x0fff6fff =3D immext(#0xfffbffc0), parse bits =3D 01 + * - Word 1: 0x600237b0 =3D duplex with: + * - slot0 =3D 0x17b0 (invalid S2 subinstruction encoding) + * - slot1 =3D 0x0002 (valid SA1_addi) + * - duplex iclass =3D 7 (S2 for slot0, A for slot1) + * + * Since slot0 doesn't decode to any valid S2 subinstruction, this packet + * should be rejected and raise SIGILL. + */ +static int test_invalid_duplex(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + ".word 0x0fff6fff\n" /* immext(#0xfffbffc0), parse=3D01 */ + ".word 0x600237b0\n" /* duplex: slot0=3D0x17b0 (invalid) */ + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "memory"); + + return sig; +} + +int main() +{ + struct sigaction act; + + memset(&act, 0, sizeof(act)); + act.sa_sigaction =3D handle_sigill; + act.sa_flags =3D SA_SIGINFO; + assert(sigaction(SIGILL, &act, NULL) =3D=3D 0); + + assert(test_invalid_duplex() =3D=3D SIGILL); + + puts("PASS"); + return EXIT_SUCCESS; +} diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index e5182c01d8..16669e04a8 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -51,6 +51,7 @@ HEX_TESTS +=3D scatter_gather HEX_TESTS +=3D hvx_misc HEX_TESTS +=3D hvx_histogram HEX_TESTS +=3D invalid-slots +HEX_TESTS +=3D invalid-encoding HEX_TESTS +=3D unaligned_pc =20 run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \ --=20 2.34.1 From nobody Wed Feb 11 03:26:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770730510; cv=none; d=zohomail.com; s=zohoarc; b=BnrbpIXA4gmZHHVpSWIFe0Ie+ZvgCfSEg0WD2dDtFbE5bw166FwJTguTgfKKaH4oyNL5zVVqSYDGpjEpfosUB2GsGXWWd6G2OkFjPYsVqzAakmE8lLrFQDu9aQ2EFTXjXu8peiZFm7AjSmXphzisbqWkNBRz6W7E2jc6dA6cIdo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770730510; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GexMtmgfGvMqUlr405tGcNusaInSecWFUKDx3/DCuI8=; b=L8P6Tkp9FhWoljJgmFQUj1N0OI5HFGPz5LYz4A0JYVIt6fMS1lLZ9d3uGLX6IU1bHkl2K9qKuUlSvXtssEFiPYHgW7myjxByTJtimL28H5EFir6v5RQzpUN0C1JQ8LuLAsLFxJvpMJFCOORrXjERI0END6yVVKbz7RacOZFP3Do= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770730510792931.7281466043913; Tue, 10 Feb 2026 05:35:10 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vpnsr-0005f5-JY; Tue, 10 Feb 2026 08:34:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsn-0005e1-0l for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:25 -0500 Received: from mx0a-0031df01.pphosted.com ([205.220.168.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsj-0001nd-Nc for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:24 -0500 Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 61A6jRRr442377 for ; Tue, 10 Feb 2026 13:34:19 GMT Received: from mail-dy1-f199.google.com (mail-dy1-f199.google.com [74.125.82.199]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c7qp9jqv0-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Tue, 10 Feb 2026 13:34:18 +0000 (GMT) Received: by mail-dy1-f199.google.com with SMTP id 5a478bee46e88-2ba745f54c6so5132967eec.0 for ; Tue, 10 Feb 2026 05:34:18 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2ba7e149c58sm2716162eec.26.2026.02.10.05.34.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 05:34:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= GexMtmgfGvMqUlr405tGcNusaInSecWFUKDx3/DCuI8=; b=mkJtRSBSlB+8+7pZ hmeJZk6inWTkDtR1a+SuX5VzyR9NNZmjjC2gZ+KcH1svuvSe5BFli4q15TfMvbFZ awCAutNA9/bArvVMDaD6GYQw+3k1GGJLtqfj8pVpHA7jVDbWlaXhBC//bdIhPID3 n183vx5wdVkQhXSX1b55GMpTec9vSmu21STpsuSCXw+uwBQ3ScNPxLqznSfAp6vw KPH5+DrgkYdQkGOZ/ExD8ebcAyyAam0jFbqMC6jB1E6K5h4mzcGM+IEwHJsaUSwE mX3LNXt3mVdt3eXDogJOFlIx/Q3lA1WK1wwwz2HIj3VZdbZztbpg+tn7jn3GYXfh R/iiqA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770730458; x=1771335258; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GexMtmgfGvMqUlr405tGcNusaInSecWFUKDx3/DCuI8=; b=EMhKYVjY0rFijeJi6jW1sSGE+t5ehvgtUo8lXe2Q9mq4NFigBiXKOKGJ/eaKvqlIIp vsN0pZ5IC1rgw/9rXSxcs4KsTN6uluzx1D8Y7s8x2UpLXgt1+0+Wx+dWsqw15vrcchW1 F/2DxxG40NA4J6bZ9NGMN8aY2zmnprSvLHggk+0gvmxbZgWa8h5SWs23f2X5fXX3jtp2 SSG83bZMkA/tthxxbhUvUTOB1Ioz5yHmf9gV9ycpyGPsnn6fUxRFcH8/B/UoLP6IK3sA 1l1LNM+dppaip/whiiHL6zpNcUsR8tIsxFnSD32MpTqPLYM/9iYAGJxryW5sl2kI/fRa bBTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770730458; x=1771335258; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GexMtmgfGvMqUlr405tGcNusaInSecWFUKDx3/DCuI8=; b=P2AwZQZ0PjVZXxLw0FxxVLmRhVuyGtthxZoWtJsLnPKjckkacMvKBOiFpTN6Uc75lH 2zOCkTJGRkOJK/7k2SXob3XnOxCYYLJppfO/GIs8hzmpbwIBQuvygSTJp3FOQ9BxwsMN sHYr85psXerU1UckqizaGuF2UwMogZ4/Fv2+h3rbDnmiKqRZEipHxkE3WS+jrOHzZPpc q9Is7UeXHVJfwu8aLMbIAukTKUOdxgFVnbQrbU9PJGvYF6OV0Gt8jJyeSq1omMdw/Vvf WzkhD+2QCa4ESN9iQJ+eMQ9au8o3HUfImGSTH5vG6gwQmMvl6SK6rR74hLtf4Anvtsg1 zvqg== X-Gm-Message-State: AOJu0YxThM7yJ2DdgyhIuaZGaZ+OiF5cQf99s3mXTJGYYcCb3r1cswMH hPV7siSCFZ3PCrmms6fYmCUwoLAK8bIuKzNQkaAyTi5uhM5MLKfTj0mezDOaxk0mrwS6GMyhbUR QXXzV3xBenMMX0wbGJ8skh8Ck3lWynGqFEkUaRamDc0nuqD7BC+mS9XXRdAHNqlz8Zg== X-Gm-Gg: AZuq6aJSO1hUOGMRmqy1cuZurHSTVZtnCEbnynXGPLZN5wbwbQnkledEhAhbyabZwgi kTNhFkdix0T10OPF63+0XXbBUBxK5xh15pUDzsb5pUk4hDq0GE4+Dt3V8Zs4Fm9jEi5s8I4yLii 0DAw07pUpigpTRwuuB4MAWcNtZbmE5n2RQVZjpsVnkWfYcbjNm9kpeBbBbSrFG9om+ZfJ+aGv8I Yu/M6fRJ7jCmj1bWsRHK8zNBfXZpYnMrHBcC4hJ/JMo9lAHPuAOewJk+TPjx8/2rkZGltsgUwCz FqDZNiNBXqA004phQrT1knmq4nk32JOCP+sor1UIxteCQkf4Fhlm1j0HvUDTrIX1EKD3gt2fmb0 CRRldMC7ZKoeOl+HH40+ahrS4DxRtG/W+2DtKoBR/51166nNoKUt4wDpE4lqiYprkUagBjQ== X-Received: by 2002:a05:693c:37c7:b0:2b6:c617:f795 with SMTP id 5a478bee46e88-2b856486ab7mr6821721eec.17.1770730457955; Tue, 10 Feb 2026 05:34:17 -0800 (PST) X-Received: by 2002:a05:693c:37c7:b0:2b6:c617:f795 with SMTP id 5a478bee46e88-2b856486ab7mr6821704eec.17.1770730457442; Tue, 10 Feb 2026 05:34:17 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Pierrick Bouvier Subject: [PATCH v3 2/4] target/hexagon: Return decode failure for invalid non-duplex encodings Date: Tue, 10 Feb 2026 05:33:52 -0800 Message-Id: <20260210133355.16093-3-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> References: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-GUID: 9qw5PkAqcubCNGmDbsp3NtbiKwyMBv0s X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjEwMDExNCBTYWx0ZWRfX/mTXFx9oHJFX rJTthrIPLtfJWU74yjx5rVKVlpVw1xg39DVAHQB8pWwpNnRWiR++IlQQ1XgLhNslMTDxRbW5lzG bC867KIO5jNl0VOWPriDy6RoVi5aMXuOTFeAO2/9jZPBPIgQcJ1Lo6CSgjVUMzbve5XovHDU1qz eBdbKYy1ikUxUwF+OcV0Nyj0UDJwKpZ4paLoBK16HGNb0/9C/523y4JiOu72ioCXoxH+M6nwK1R llJGNm8f63MW3fAW6RKQoGoBNMe/+bM/qRV24QFFnyfDlkiG6aJT1nHmTC9b9QuiBdH10Gf12v6 wg2Q7EvFUV245EHEvo9e6mFdwe6NPeXK9Ucja1LSVEy6RKdqvsWoL2Mj9LuBxEJfE15sLB+XKkN 4c8Z3DUQJPUJ79phWfz2XiYr5Og4b693BZmSXYRdlwx6tcMnSrD1eQSr33j3lQzugiwSF4H2cGq Ft/LE1TeOAnphxRQypQ== X-Authority-Analysis: v=2.4 cv=dP2rWeZb c=1 sm=1 tr=0 ts=698b33da cx=c_pps a=cFYjgdjTJScbgFmBucgdfQ==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=KKAkSRfTAAAA:8 a=pGLkceISAAAA:8 a=EUspDBNiAAAA:8 a=D67r-eMCZ0zeLs--bqkA:9 a=QEXdDO2ut3YA:10 a=scEy_gLbYbu1JhEsrz4S:22 a=cvBusfyB2V15izCimMoJ:22 X-Proofpoint-ORIG-GUID: 9qw5PkAqcubCNGmDbsp3NtbiKwyMBv0s X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-10_01,2026-02-10_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 clxscore=1015 impostorscore=0 phishscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 adultscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602100114 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.168.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0a-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770730513526154100 When a non-duplex encoding (parse_bits !=3D 0) fails both decode_normal() and decode_hvx(), the decoder hit an unreachable. Instead, handle the decode failure and raise an exception. Reviewed-by: Pierrick Bouvier Reviewed-by: Taylor Simpson Signed-off-by: Brian Cain --- target/hexagon/decode.c | 3 ++- tests/tcg/hexagon/invalid-encoding.c | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index 69ba1ec96c..33ad60c5b4 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -489,7 +489,8 @@ decode_insns(DisasContext *ctx, Insn *insn, uint32_t en= coding) insn->iclass =3D iclass_bits(encoding); return 1; } - g_assert_not_reached(); + /* Invalid non-duplex encoding */ + return 0; } else { uint32_t iclass =3D get_duplex_iclass(encoding); unsigned int slot0_subinsn =3D get_slot0_subinsn(encoding); diff --git a/tests/tcg/hexagon/invalid-encoding.c b/tests/tcg/hexagon/inval= id-encoding.c index 010a5eb741..639d7f2495 100644 --- a/tests/tcg/hexagon/invalid-encoding.c +++ b/tests/tcg/hexagon/invalid-encoding.c @@ -65,6 +65,30 @@ static int test_invalid_duplex(void) return sig; } =20 +/* + * Invalid non-duplex encoding: + * The encoding 0xffffc000 has parse bits [15:14] =3D 0b11, making it a + * non-duplex instruction and packet end. The remaining bits do not match + * any valid normal or HVX instruction encoding, so this should raise SIGI= LL. + */ +static int test_invalid_nonduplex(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + ".word 0xffffc000\n" + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "memory"); + + return sig; +} + int main() { struct sigaction act; @@ -75,6 +99,7 @@ int main() assert(sigaction(SIGILL, &act, NULL) =3D=3D 0); =20 assert(test_invalid_duplex() =3D=3D SIGILL); + assert(test_invalid_nonduplex() =3D=3D SIGILL); =20 puts("PASS"); return EXIT_SUCCESS; --=20 2.34.1 From nobody Wed Feb 11 03:26:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770730480; cv=none; d=zohomail.com; s=zohoarc; b=kOLWv2ixUpTwqjsV9fZD2GCjoVxnW4pUs/pgZHdlHNYsLn7KIqzPRueUw1P/Od7joiE3gVw/yhErYlNW77xUjuVcIwtkL4mAKzfxuPmxND6fTuwm52uF8MIrip8zw4ySfcMFM6IS2CcvRJsMUKHrTVN8i9naHnxnslYjpcxKTAo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770730480; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GPUiSXKwen3lJ7VamxwDEFzXupLyXqvuwOfovAsxzxc=; b=MunVePYgbz8/7N7gyevX1inahfp8Nhv7MFsFFQs7BjqlzbYQu0Yfh0DeCYKZRZE3PdvfkM+StZdCfGGUgthXEkUOPuyltfltgE3yu4dJOdP1TIfTAANj7KK5+j0J34p2QPAc0b4AIoPq5SQG2zg1jmpIM2f67PLK1Al+PKXCq+k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770730480507393.4681594769057; Tue, 10 Feb 2026 05:34:40 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vpnsn-0005e2-LN; Tue, 10 Feb 2026 08:34:25 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsl-0005dj-QD for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:23 -0500 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsj-0001o0-Ni for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:23 -0500 Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 61AA9CJ41172867 for ; Tue, 10 Feb 2026 13:34:20 GMT Received: from mail-dy1-f197.google.com (mail-dy1-f197.google.com [74.125.82.197]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c7kftupev-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Tue, 10 Feb 2026 13:34:19 +0000 (GMT) Received: by mail-dy1-f197.google.com with SMTP id 5a478bee46e88-2ba745f54c6so5133198eec.0 for ; Tue, 10 Feb 2026 05:34:19 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2ba7e149c58sm2716162eec.26.2026.02.10.05.34.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 05:34:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= GPUiSXKwen3lJ7VamxwDEFzXupLyXqvuwOfovAsxzxc=; b=cenCmf9PEqGoI/ag n3OXdViCbmU2DoJsbzHCPUSZWSKYzEgXxX823dp3LFcP0j0ll4RBFt7kXqBsder9 G7wobdfOZpRLGpT+WWRsFat+Zp17TbiM8ln19yV4aN3N3Q5nUhMUX2RSbqrcEmBv bYNBoMp5UMnjQwoKAu2BSLFYzYjgsrBcxijXYXEfyhda/5UXttsVpeiUioqM5iuU Z9ESXM3o0gMbikeIINLx4zfcsXYhGdenWM8/4oK1p8M/6VuvYgwZBcwIuKVbMinc GM2sMse4PUf5ohiWKmC5YlErUaWpQUwOjwXLSBA3iTlL5um91HnFvmKCDxdrH65s MIWGlw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770730459; x=1771335259; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GPUiSXKwen3lJ7VamxwDEFzXupLyXqvuwOfovAsxzxc=; b=isNjBOHck2j2laWH7x0K+jUkjtrSyB3d9WgX/7uOeoZWJe6B3lLRw9PxiwL5pX9BB8 1PO2UwedgPFktBiVwPMXhnZy5QQwlHAanHiPVe2EOTyrS4k8cN3kJX2rqcKZECGHMy0D 1PoTYEcqKVykxqswIcjZ/YDUQ/6w1gKJ6GdUKgtNv8AJ7MMeSKZ4GfMCCJHIuHPZymwa lBXm4cRi2Qb78D5HeCrvwjMi9SV53I/FeBxf6HiorSi+rNgjSBTO2U5eqAxsTkpP9xLK qOeQf6uGgkdJZLapoC3/mwe3TwvwzNceaMGXzlF1BYqC4PkvsuPEUnDTV5nkwJebIWU+ bQaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770730459; x=1771335259; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GPUiSXKwen3lJ7VamxwDEFzXupLyXqvuwOfovAsxzxc=; b=V0yDNtwedQbK2QA2S99DLbHvVS4KtMDHbub8MI82B2LZDI+/FxX6DME9AGGYNe0R1X XyvmuexcZksl90I3mUu19/6XZgn+SZSLBNXLb/hj3NUfEx0/JvhAJa/wZpuvSWIPYxd9 psg5d63t+7GEmD+RI+V+ayzi0JCEiK9QvoMg6XflMs5kc/SozdYOpfiRksiH9jfzWtkQ cos4dF8E94+tso1SzMb6SsZ9yW+SKKtJm+J/56tJQukKeFYdR8fDDNsfCnTE9bLsL0Gf 5Jsk4mSSZPL3Pg0cVBwNaOsb3oSwl2dPtW38NmakKEbqk6gcko8pHsjTjL7ffktJR29P c2gw== X-Gm-Message-State: AOJu0YzkdAvLUazRBAp539hcxlDkExIqR8+hHn5qSpkq4cZgDvrH4zuc q/OVQQgWoYYfJHsDiNKQ60XpPR5S7NFZV+M/uuHGBUiWhSfQ8AwJAYpGOtU/1nVYmSNlZ7rYWDR xLiNwZrRoblKqWgvHWa4kK5V3ENU2wMjk1ZAEXH8tSyZAMZU3BNonB5znvupuk+HCDA== X-Gm-Gg: AZuq6aLncMveOaGOWpnOGh4+8mLXzToQXC4g3CxMz9JTfX9i34k+ee6c3zUGFRSy6LD ygfGjYgVKasiZPA5ueHlb1oZaKYffFvENTkxx2ZpCjmjsvrGga48keaGgkdJr857gLuYr7oJDFe GtL5xLtE1X2sLGXNxVcZ4ZqLcsdVIf+gQYLVuTP8JdH/l8aeQaoQKL87NY09IHpgPFiv0CCsf7U KAFZADwJhMs/29Riacby46sa3dQdrl/nXobLMFBSBfulw+XP7PcV9HBERKBmdpAj040Td07br/L Y5OBDg3vqrP76P/oNiZWGSseVECsHCgTzVk0LPmUWQemOzXHnrLX8VU1nvMdPteia/fOdUp42wu 2tkNehSJOtMjBpEF1GCfOiYSOQfKO1SCmoP4Y4FCal7qEh+B9Bp3SNu1cEMOfvy5G68Df6A== X-Received: by 2002:a05:7300:c8d:b0:2ae:5bde:a5c5 with SMTP id 5a478bee46e88-2b8568311bcmr6489247eec.30.1770730458716; Tue, 10 Feb 2026 05:34:18 -0800 (PST) X-Received: by 2002:a05:7300:c8d:b0:2ae:5bde:a5c5 with SMTP id 5a478bee46e88-2b8568311bcmr6489234eec.30.1770730458161; Tue, 10 Feb 2026 05:34:18 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Pierrick Bouvier Subject: [PATCH v3 3/4] tests/tcg/hexagon: Handle SIGILL internally in invalid-slots test Date: Tue, 10 Feb 2026 05:33:53 -0800 Message-Id: <20260210133355.16093-4-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> References: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjEwMDExNCBTYWx0ZWRfX43pQALMuHlKi fxw23tZjEmryCjWAowj1BfVPApwXdCOEEC8v8LVeLRxdECWjDezftEJee+1wRwUyqTWyJup7CZT d5noqWBIEH9eZ4zo4C2lgtil8fXZzSkPHi5FQxCLnrlr5lfeQ5wi5GLC0dQOR/qwws8jSfxa/j9 x+PcJmaXbUDRcfYKUSmtcTAFRBskg8MyPvO2TMmvKxeFJT6/ObgQf33c2WRAEa2583yUpI3cC2k MzEwdn+ZXx9tC2M9yrXj2WwPCoiLgYR4RdS5D8HFRhHd72QsIgxgsU5SpS3ccJ5tOKTwJoj5zH6 iUUWavfQVyo9YnaSPyhLjsK0IyGnYf+9HSQthWyfI3DQ/m3pHoMglWL1W53i+XWfaARWiGcMGlO DUkSDdoJvp1HPMGHmZFBwJsSOIiQYZkOqwmHHpV8zdpBL/XfLXIzxl7/ek5OOpfQ5ZqHHpqL7qD OOtTT/b7+Sdsi/G99Lg== X-Proofpoint-ORIG-GUID: l8AZOrP_juWl5SIsIUZvFx-iHmr4gAj1 X-Authority-Analysis: v=2.4 cv=XfuEDY55 c=1 sm=1 tr=0 ts=698b33db cx=c_pps a=Uww141gWH0fZj/3QKPojxA==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=mDV3o1hIAAAA:8 a=pGLkceISAAAA:8 a=KKAkSRfTAAAA:8 a=EUspDBNiAAAA:8 a=F0Jt1ehG-eUF7qKHwFUA:9 a=QEXdDO2ut3YA:10 a=PxkB5W3o20Ba91AHUih5:22 a=cvBusfyB2V15izCimMoJ:22 X-Proofpoint-GUID: l8AZOrP_juWl5SIsIUZvFx-iHmr4gAj1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-10_01,2026-02-10_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 adultscore=0 priorityscore=1501 lowpriorityscore=0 impostorscore=0 suspectscore=0 malwarescore=0 phishscore=0 spamscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602100114 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.180.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0b-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770730482102158500 Rewrite invalid-slots.c to catch and verify SIGILL using a sigaction handler that modifies the ucontext, matching the pattern used by invalid-encoding.c. Reviewed-by: Taylor Simpson Reviewed-by: Pierrick Bouvier Signed-off-by: Brian Cain --- tests/tcg/hexagon/invalid-slots.c | 76 ++++++++++++++++++++++++------- tests/tcg/hexagon/Makefile.target | 6 --- 2 files changed, 59 insertions(+), 23 deletions(-) diff --git a/tests/tcg/hexagon/invalid-slots.c b/tests/tcg/hexagon/invalid-= slots.c index 366ce4f42f..607027f314 100644 --- a/tests/tcg/hexagon/invalid-slots.c +++ b/tests/tcg/hexagon/invalid-slots.c @@ -1,29 +1,71 @@ /* - * Copyright(c) 2023 Qualcomm Innovation Center, Inc. All Rights Reserved. + * Test that invalid slot assignments are properly rejected. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later */ =20 +#include +#include +#include +#include +#include +#include + +static void *resume_pc; + +static void handle_sigill(int sig, siginfo_t *info, void *puc) +{ + ucontext_t *uc =3D (ucontext_t *)puc; + + if (sig !=3D SIGILL) { + _exit(EXIT_FAILURE); + } + + uc->uc_mcontext.r0 =3D SIGILL; + uc->uc_mcontext.pc =3D (unsigned long)resume_pc; +} + char mem[8] __attribute__((aligned(8))); =20 -int main() +/* + * Invalid packet with 2 instructions at slot 0: + * - Word 0: 0xa1804100 =3D memw(r0) =3D r1 + * - Word 1: 0x28032804 =3D { r3 =3D #0; r4 =3D #0 } + * + * This should raise SIGILL due to the invalid slot assignment. + */ +static int test_invalid_slots(void) { + int sig; + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" "r0 =3D #mem\n" - /* Invalid packet (2 instructions at slot 0): */ ".word 0xa1804100\n" /* { memw(r0) =3D r1; */ ".word 0x28032804\n" /* r3 =3D #0; r4 =3D #0 } */ - : : : "r0", "r3", "r4", "memory"); - return 0; + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "r3", "r4", "memory"); + + return sig; +} + +int main() +{ + struct sigaction act; + + memset(&act, 0, sizeof(act)); + act.sa_sigaction =3D handle_sigill; + act.sa_flags =3D SA_SIGINFO; + assert(sigaction(SIGILL, &act, NULL) =3D=3D 0); + + assert(test_invalid_slots() =3D=3D SIGILL); + + puts("PASS"); + return EXIT_SUCCESS; } diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index 16669e04a8..d64aeba090 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -54,12 +54,6 @@ HEX_TESTS +=3D invalid-slots HEX_TESTS +=3D invalid-encoding HEX_TESTS +=3D unaligned_pc =20 -run-and-check-exception =3D $(call run-test,$2,$3 2>$2.stderr; \ - test $$? -eq 1 && grep -q "exception $(strip $1)" $2.stderr) - -run-invalid-slots: invalid-slots - $(call run-and-check-exception, 0x15, $@, $(QEMU) $(QEMU_OPTS) $<) - HEX_TESTS +=3D test_abs HEX_TESTS +=3D test_bitcnt HEX_TESTS +=3D test_bitsplit --=20 2.34.1 From nobody Wed Feb 11 03:26:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=oss.qualcomm.com ARC-Seal: i=1; a=rsa-sha256; t=1770730496; cv=none; d=zohomail.com; s=zohoarc; b=Ep1htJj45XQX8T9LHJLsbk3zuVosfQ4IRL28fnBLQWAkuOTdU1X7DkXKJEjwkz6V37HZVb62tZ/Ayp0wnNMCBw3WVehYL66FPiYEQ4RG9BuRJCeBoszYcGj7pneNNV1ORQzZVoDqO+NrtAMKfItXsULMF9rGpH+yrmvG40vQYso= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770730496; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xbXi2oXZsKBH1Y/QXhqVGsr/9BWhgHx07lNx0z3p67k=; b=fTMFbj8d1I+AMHkhNDaOsLhdc7sBlZbIqSwRsx4Ls3aGgWJL7s+l12zLa8s8GkG+36t2vehswjpOGWUkHcDiTNPPf6/3cNMVDKSpmZS8vYXz6rvOD7mEHFTc3JsygqmdmqVTuPHNcVpVzfvlFMCoBXiGeE+RhYXv3OARNi1GCG4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1770730496248178.32102806318812; Tue, 10 Feb 2026 05:34:56 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vpnsx-0005fr-4m; Tue, 10 Feb 2026 08:34:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsn-0005eT-Rp for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:27 -0500 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vpnsk-0001o6-7G for qemu-devel@nongnu.org; Tue, 10 Feb 2026 08:34:25 -0500 Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 61A7jMlE1419505 for ; Tue, 10 Feb 2026 13:34:21 GMT Received: from mail-dy1-f197.google.com (mail-dy1-f197.google.com [74.125.82.197]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4c7rpvtjf2-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for ; Tue, 10 Feb 2026 13:34:21 +0000 (GMT) Received: by mail-dy1-f197.google.com with SMTP id 5a478bee46e88-2ba67282cabso6501011eec.1 for ; Tue, 10 Feb 2026 05:34:21 -0800 (PST) Received: from hu-bcain-lv.qualcomm.com (Global_NAT1.qualcomm.com. [129.46.96.20]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2ba7e149c58sm2716162eec.26.2026.02.10.05.34.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 05:34:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= xbXi2oXZsKBH1Y/QXhqVGsr/9BWhgHx07lNx0z3p67k=; b=a0KhVxby59OU9hBm tmx5Z6Knj68rUN1ZP3J0O5G1E6hdNOIhiTjhad2IPFnvQUfjlLIO1sk9Cf5hrpoD RIIZVpGU9UhL2FhhzrGTdbdFvpBhE/ZjcQ08lrntzw1dgMqm1bXkQQnWawwtEWBR copu9njJhfCP+1eOgVRr+bh6YAeGcpCUSalQsvdNmWHktBwBQhm32yJNtY5c84v0 w72QbaqS9jXVxRQgo3BvoqJ/pgCuOQ64EFwMIiReyIqAWX//BdEmHJ06f8JNMx1Z aqRxLIQ2jE11i+ClIbDx/czV66dKfT4UxYn6HSDEWNzJPqDNQh5xGUcc8lgoVA0k TSHiyw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oss.qualcomm.com; s=google; t=1770730460; x=1771335260; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xbXi2oXZsKBH1Y/QXhqVGsr/9BWhgHx07lNx0z3p67k=; b=CEpzUX2d9aoK/fYMPbQMUYRp/++NeD8PEq4qyNCBGdK2e9cibJgy8P8aeyDRXT7tCE J+PAYdxHVZR6tYAuSxWpWghsMFVSn0pQ2itq1iwwUUiYsH+Frg82CWpn1/M16xfdhkqR 3ON9vOoh4dQ4/BTZP1oN25Ga/0tkqpUcm+ObPWZEJ93SfW92pCUXwzZ3wyiEVPGOY+uS egKHZJgNv7hkzWJaKha2sufTPluKXBiHBv1/3CcNkUaxu6V/EvIlTcflBo9EYiMjlClb w/Z4fjdpNHBiU6WhnS0f0saXP2j2wqH0wVI02ihtEjewEcYQuCDxibZhxPruhDAx9D3i HXxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770730460; x=1771335260; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xbXi2oXZsKBH1Y/QXhqVGsr/9BWhgHx07lNx0z3p67k=; b=gdIzUHsfB21IkZba7J4tR4UsmITIEaNimWW+IRcbcTWn/GdnaVcFIYKcPtA9Vwjgtl RoFlS9HlrhUYd81EnIl+pOPvgw9vcr9ZaZdEBen5OOtZL4gW09gilTb2BOtcBDPRLw9S Nk2jKKk3gCfWfYnaGquJL5mZHcvH7ipOlSk+gDKPjDcLcOt38PB2/WcmiTJ6VOlI2DC2 4s+Yt1PJQW3h+q0CASH2EtzO5UaSeGjbwkUaCHVfsXxoUzieLTGZ6IhqtxTPj8i0FNUc YPzN65AyWKlYL07GC9JNE5OqKQ/67+evUGpylrmPTuGzC5L1mtFfz7aDHR96OVU+MYXD hRHw== X-Gm-Message-State: AOJu0YwhOp8lsJkIftS2Atvs8z2Bs4thVBGIs/Uq7p7wZkC6SxbndyvU k2LKiDPnP5+p03WMdxc4SVh9D1LU8meAc2/JB7xu0xfJx9Ceo+XNZldvpJEHxvYrj3YqbRApOjU f5pmNjlX1TWsHylGrXitAFk2GqCEEleEkRlMFaXVEMvmKhlar26BdgQ/TA2f75xwizg== X-Gm-Gg: AZuq6aI12wbYzujx8u3VI4wQM4rsgUZV+I/8m3D0Vpb5W6/6iuqslKA4YOpCb/2IMbH jFgfxiF97Ov9jUAa4OU/SpKwrLbq0tKawFduqV751W5hGiAuGtzCb8SvMOptTPMbW6spGaS2vfg FfdM/8AzMGmQUTdBc5GmOrdpVrfR5+TLl/KFXgrIMFr3407NXv746gkSF4XbbSIIAZVKE82yDW2 0YSCUDyH2UgMOOFqPfO2zzZs1bSxCiQPsroUHg4uGwq21uJsWxeKXlpEvtdmYxGJxI7U/daqaKI +04VTR1tQSXiz0p1tF9ezF0lFnDFhW1j1R54BefhswDr27JxWl8iY3V9nUzLTidj1YatPCPeKX6 aL9P3VaHBccqDE6set7OgUqyj3V8aybuupnObAmWKoMkXlkn6NzUQeybKg0dBtnrxxuVNwQ== X-Received: by 2002:a05:7300:3720:b0:2ba:956e:d26a with SMTP id 5a478bee46e88-2ba956ed77cmr117825eec.36.1770730459772; Tue, 10 Feb 2026 05:34:19 -0800 (PST) X-Received: by 2002:a05:7300:3720:b0:2ba:956e:d26a with SMTP id 5a478bee46e88-2ba956ed77cmr117805eec.36.1770730459104; Tue, 10 Feb 2026 05:34:19 -0800 (PST) From: Brian Cain To: qemu-devel@nongnu.org Cc: brian.cain@oss.qualcomm.com, ltaylorsimpson@gmail.com, alex@alexrp.com, Laurent Vivier , Pierrick Bouvier Subject: [PATCH v3 4/4] target/hexagon: Detect register write conflicts with bitmap algorithm Date: Tue, 10 Feb 2026 05:33:54 -0800 Message-Id: <20260210133355.16093-5-brian.cain@oss.qualcomm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> References: <20260210133355.16093-1-brian.cain@oss.qualcomm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjEwMDExNCBTYWx0ZWRfXwnESCry89Ee+ 40woOtbmn7JLl5mpUtQO4GjGGaxRtA9fU9UPcalu5TXdf+UjVZyaoI2V62xw479z/JZSwPE8t9w B6Zobnd0K1uUC4ZOOvrZLV3CbT17lYg1gPuMf4nJNkzno8njCzNxjLpOMgLpyNWuQqmy5YK9nD3 sVls0Q81E06QVE4MmI25UYwbOt4H0bkv69JRpvnf6QcvBppUQ6gv7nIFQsYDpakGqZcpBzsuOxx kmYyvZh9Id7vHu9vbfkGKd5YZYfgQxWsUT7M2mu0oZrIVsA5CNmFBJmOF7gg+CsgGE57WpVFMUv /CSDYKdsVtEQl5JzztJXtdC+tlip2n9LQw/ACTG2PCTUdYwq4ZwBWspr1EUoGX1siG3sgTz+XG4 Tc6jasPxlCSA3XHrsxlxsvyczRGiYj5VGx79TTgtFCDubKuFMItAJV6z3vCnbh7Utf3e1s3iXae UaKugI+tqeCAVAMMWyg== X-Authority-Analysis: v=2.4 cv=KKZXzVFo c=1 sm=1 tr=0 ts=698b33dd cx=c_pps a=Uww141gWH0fZj/3QKPojxA==:117 a=ouPCqIW2jiPt+lZRy3xVPw==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=p0WdMEafAAAA:8 a=EUspDBNiAAAA:8 a=JaF38Zb2HHyKl8zT_ZQA:9 a=QEXdDO2ut3YA:10 a=PxkB5W3o20Ba91AHUih5:22 X-Proofpoint-ORIG-GUID: XPZItImDGrbtETHP0ERQVBQqiqswJGF2 X-Proofpoint-GUID: XPZItImDGrbtETHP0ERQVBQqiqswJGF2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-10_01,2026-02-10_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 lowpriorityscore=0 suspectscore=0 impostorscore=0 spamscore=0 adultscore=0 malwarescore=0 priorityscore=1501 phishscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000 definitions=main-2602100114 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.220.180.131; envelope-from=brian.cain@oss.qualcomm.com; helo=mx0b-0031df01.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @qualcomm.com) X-ZM-MESSAGEID: 1770730499147154100 A conflict exists when any GPR is written by multiple instructions and at least one write is unconditional. This catches (1) two unconditional writes to the same GPR and (2) an unconditional write combined with a predicated write. Add HEX_CAUSE_REG_WRITE_CONFLICT and map it to SIGILL. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696 Signed-off-by: Brian Cain --- target/hexagon/cpu_bits.h | 1 + target/hexagon/insn.h | 6 + linux-user/hexagon/cpu_loop.c | 1 + target/hexagon/decode.c | 43 +++++++ target/hexagon/translate.c | 21 +++- tests/tcg/hexagon/multiple-writes.c | 169 ++++++++++++++++++++++++++++ target/hexagon/gen_trans_funcs.py | 10 ++ tests/tcg/hexagon/Makefile.target | 1 + 8 files changed, 250 insertions(+), 2 deletions(-) create mode 100644 tests/tcg/hexagon/multiple-writes.c diff --git a/target/hexagon/cpu_bits.h b/target/hexagon/cpu_bits.h index ff596e2a94..19beca81c0 100644 --- a/target/hexagon/cpu_bits.h +++ b/target/hexagon/cpu_bits.h @@ -34,6 +34,7 @@ enum hex_cause { HEX_CAUSE_FETCH_NO_UPAGE =3D 0x012, HEX_CAUSE_INVALID_PACKET =3D 0x015, HEX_CAUSE_INVALID_OPCODE =3D 0x015, + HEX_CAUSE_REG_WRITE_CONFLICT =3D 0x01d, HEX_CAUSE_PC_NOT_ALIGNED =3D 0x01e, HEX_CAUSE_PRIV_NO_UREAD =3D 0x024, HEX_CAUSE_PRIV_NO_UWRITE =3D 0x025, diff --git a/target/hexagon/insn.h b/target/hexagon/insn.h index 5d59430da9..db4dbb728a 100644 --- a/target/hexagon/insn.h +++ b/target/hexagon/insn.h @@ -41,6 +41,8 @@ struct Instruction { uint32_t new_value_producer_slot:4; int32_t new_read_idx; int32_t dest_idx; + bool dest_is_pair; + bool dest_is_gpr; bool has_pred_dest; =20 bool part1; /* @@ -72,6 +74,10 @@ struct Packet { bool pkt_has_hvx; Insn *vhist_insn; =20 + /* Bitmaps for detecting duplicate GPR destination writes */ + DECLARE_BITMAP(wreg_mult_gprs, 32); /* GPRs written by >1 insn */ + DECLARE_BITMAP(uncond_wreg_gprs, 32); /* GPRs written unconditionally = */ + Insn insn[INSTRUCTIONS_MAX]; }; =20 diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c index c0e1098e3f..5711055aff 100644 --- a/linux-user/hexagon/cpu_loop.c +++ b/linux-user/hexagon/cpu_loop.c @@ -65,6 +65,7 @@ void cpu_loop(CPUHexagonState *env) env->gpr[HEX_REG_R31]); break; case HEX_CAUSE_INVALID_PACKET: + case HEX_CAUSE_REG_WRITE_CONFLICT: force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPC, env->gpr[HEX_REG_PC]); break; diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c index 33ad60c5b4..08b0fa2c8d 100644 --- a/target/hexagon/decode.c +++ b/target/hexagon/decode.c @@ -655,6 +655,44 @@ decode_set_slot_number(Packet *pkt) return has_valid_slot_assignment(pkt); } =20 +/* + * Build bitmaps of destination GPR writes across the packet. + */ +static void decode_mark_dest_regs(Packet *pkt) +{ + DECLARE_BITMAP(all_dest_gprs, 32) =3D { 0 }; + + for (int i =3D 0; i < pkt->num_insns; i++) { + Insn *insn =3D &pkt->insn[i]; + int dest =3D insn->dest_idx; + + if (dest < 0 || !insn->dest_is_gpr) { + continue; + } + + int rnum =3D insn->regno[dest]; + bool is_uncond =3D !GET_ATTRIB(insn->opcode, A_CONDEXEC); + + if (test_bit(rnum, all_dest_gprs)) { + set_bit(rnum, pkt->wreg_mult_gprs); + } + set_bit(rnum, all_dest_gprs); + if (is_uncond) { + set_bit(rnum, pkt->uncond_wreg_gprs); + } + + if (insn->dest_is_pair) { + if (test_bit(rnum + 1, all_dest_gprs)) { + set_bit(rnum + 1, pkt->wreg_mult_gprs); + } + set_bit(rnum + 1, all_dest_gprs); + if (is_uncond) { + set_bit(rnum + 1, pkt->uncond_wreg_gprs); + } + } + } +} + /* * decode_packet * Decodes packet with given words @@ -674,6 +712,10 @@ int decode_packet(DisasContext *ctx, int max_words, co= nst uint32_t *words, =20 /* Initialize */ memset(pkt, 0, sizeof(*pkt)); + for (i =3D 0; i < INSTRUCTIONS_MAX; i++) { + pkt->insn[i].dest_idx =3D -1; + pkt->insn[i].new_read_idx =3D -1; + } /* Try to build packet */ while (!end_of_packet && (words_read < max_words)) { Insn *insn =3D &pkt->insn[num_insns]; @@ -737,6 +779,7 @@ int decode_packet(DisasContext *ctx, int max_words, con= st uint32_t *words, /* Invalid packet */ return 0; } + decode_mark_dest_regs(pkt); } decode_fill_newvalue_regno(pkt); =20 diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c index 7fe8b35351..6e399bc2f2 100644 --- a/target/hexagon/translate.c +++ b/target/hexagon/translate.c @@ -940,10 +940,21 @@ static void gen_commit_packet(DisasContext *ctx) } } =20 +/* + * Check for register write conflicts in the packet. + */ +static bool pkt_has_write_conflict(Packet *pkt) +{ + DECLARE_BITMAP(conflict, 32); + + bitmap_and(conflict, pkt->wreg_mult_gprs, pkt->uncond_wreg_gprs, 32); + return !bitmap_empty(conflict, 32); +} + static void decode_and_translate_packet(CPUHexagonState *env, DisasContext= *ctx) { uint32_t words[PACKET_WORDS_MAX]; - int nwords; + int nwords, words_read; Packet pkt; int i; =20 @@ -954,8 +965,14 @@ static void decode_and_translate_packet(CPUHexagonStat= e *env, DisasContext *ctx) } =20 ctx->pkt =3D &pkt; - if (decode_packet(ctx, nwords, words, &pkt, false) > 0) { + words_read =3D decode_packet(ctx, nwords, words, &pkt, false); + if (words_read > 0) { pkt.pc =3D ctx->base.pc_next; + if (pkt_has_write_conflict(&pkt)) { + gen_exception_decode_fail(ctx, words_read, + HEX_CAUSE_REG_WRITE_CONFLICT); + return; + } gen_start_packet(ctx); for (i =3D 0; i < pkt.num_insns; i++) { ctx->insn =3D &pkt.insn[i]; diff --git a/tests/tcg/hexagon/multiple-writes.c b/tests/tcg/hexagon/multip= le-writes.c new file mode 100644 index 0000000000..8686317fdc --- /dev/null +++ b/tests/tcg/hexagon/multiple-writes.c @@ -0,0 +1,169 @@ +/* + * Test detection of multiple writes to the same register. + * + * Ported from the system test (tests/tcg/hexagon/system/multiple_writes.c= ). + * In linux-user mode, duplicate GPR writes are detected at translate time + * and raise SIGILL when at least one conflicting write is unconditional. + * Purely predicated duplicate writes (e.g., complementary if/if-not) are + * legal and are not flagged statically. + * + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include + +static void *resume_pc; + +static void handle_sigill(int sig, siginfo_t *info, void *puc) +{ + ucontext_t *uc =3D (ucontext_t *)puc; + + if (sig !=3D SIGILL) { + _exit(EXIT_FAILURE); + } + + uc->uc_mcontext.r0 =3D SIGILL; + uc->uc_mcontext.pc =3D (unsigned long)resume_pc; +} + +/* + * Unconditional pair write overlapping a single write: + * { r1:0 =3D add(r3:2, r3:2); r1 =3D add(r0, r1) } + * R1 is written by both instructions. This is invalid and must raise SIG= ILL. + */ +static int test_static_pair_overlap(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + ".word 0xd30242e0\n" /* r1:0 =3D add(r3:2, r3:2), parse=3D01 */ + ".word 0xf300c101\n" /* r1 =3D add(r0, r1), parse=3D11 (end) */ + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "memory"); + + return sig; +} + +/* + * Two predicated writes under complementary predicates: + * { if (p0) r0 =3D r2; if (!p0) r0 =3D r3 } + * This is architecturally valid: only one write executes at runtime. + * Must NOT raise SIGILL; the result should reflect the executed branch. + */ +static int test_legal_predicated(void) +{ + int result; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + "r2 =3D #7\n" + "r3 =3D #13\n" + "p0 =3D cmp.eq(r2, r2)\n" + "{\n" + " if (p0) r0 =3D r2\n" + " if (!p0) r0 =3D r3\n" + "}\n" + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(result) + : "r"(&resume_pc) + : "r0", "r1", "r2", "r3", "p0", "memory"); + + return result; +} + +/* + * Mixed: unconditional + predicated writes to the same register: + * { if (p0) r1 =3D add(r0, #0); if (!p0) r1 =3D add(r0, #0); + * r1 =3D add(r0, #0) } + * The unconditional write always conflicts with the predicated writes. + * Must raise SIGILL. + */ +static int test_mixed_writes(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + "p0 =3D cmp.eq(r0, r0)\n" + ".word 0x7e204021\n" /* if (p0) r1 =3D add(r0, #0), parse=3D01 */ + ".word 0x7ea04021\n" /* if (!p0) r1 =3D add(r0, #0), parse=3D01 */ + ".word 0x7800c021\n" /* r1 =3D add(r0, #0), parse=3D11 (end) */ + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "p0", "memory"); + + return sig; +} + +/* + * Zero encoding (issue #2696): + * The encoding 0x00000000 decodes as a duplex with parse bits + * [15:14] =3D 0b00: + * slot1: SL1_loadri_io R0 =3D memw(R0+#0x0) + * slot0: SL1_loadri_io R0 =3D memw(R0+#0x0) + * + * Both sub-instructions write R0 unconditionally, which is an invalid + * packet. This tests what happens when we jump to zeroed memory. + * Must raise SIGILL. + */ +static int test_zero(void) +{ + int sig; + + asm volatile( + "r0 =3D #0\n" + "r1 =3D ##1f\n" + "memw(%1) =3D r1\n" + ".word 0x00000000\n" + "1:\n" + "%0 =3D r0\n" + : "=3Dr"(sig) + : "r"(&resume_pc) + : "r0", "r1", "memory"); + + return sig; +} + +int main() +{ + struct sigaction act; + + memset(&act, 0, sizeof(act)); + act.sa_sigaction =3D handle_sigill; + act.sa_flags =3D SA_SIGINFO; + assert(sigaction(SIGILL, &act, NULL) =3D=3D 0); + + /* Legal: complementary predicated writes must not raise SIGILL */ + assert(test_legal_predicated() =3D=3D 7); + + /* Illegal: unconditional pair + single overlap must raise SIGILL */ + assert(test_static_pair_overlap() =3D=3D SIGILL); + + /* Illegal: unconditional + predicated writes to same reg must SIGILL = */ + assert(test_mixed_writes() =3D=3D SIGILL); + + /* Illegal: zero encoding =3D duplex with duplicate dest R0 */ + assert(test_zero() =3D=3D SIGILL); + + puts("PASS"); + return EXIT_SUCCESS; +} diff --git a/target/hexagon/gen_trans_funcs.py b/target/hexagon/gen_trans_f= uncs.py index 45da1b7b5d..19c1f9fdea 100755 --- a/target/hexagon/gen_trans_funcs.py +++ b/target/hexagon/gen_trans_funcs.py @@ -91,6 +91,8 @@ def gen_trans_funcs(f): new_read_idx =3D -1 dest_idx =3D -1 dest_idx_reg_id =3D None + dest_is_pair =3D "false" + dest_is_gpr =3D "false" has_pred_dest =3D "false" for regno, (reg_type, reg_id, *_) in enumerate(regs): reg =3D hex_common.get_register(tag, reg_type, reg_id) @@ -104,6 +106,12 @@ def gen_trans_funcs(f): if dest_idx_reg_id is None or reg_id < dest_idx_reg_id: dest_idx =3D regno dest_idx_reg_id =3D reg_id + dest_is_pair =3D ("true" + if isinstance(reg, hex_common.Pair) + else "false") + dest_is_gpr =3D ("true" + if reg_type =3D=3D "R" + else "false") if reg_type =3D=3D "P" and reg.is_written() and not reg.is_rea= d(): has_pred_dest =3D "true" =20 @@ -129,6 +137,8 @@ def gen_trans_funcs(f): f.write(code_fmt(f"""\ insn->new_read_idx =3D {new_read_idx}; insn->dest_idx =3D {dest_idx}; + insn->dest_is_pair =3D {dest_is_pair}; + insn->dest_is_gpr =3D {dest_is_gpr}; insn->has_pred_dest =3D {has_pred_dest}; """)) f.write(textwrap.dedent(f"""\ diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile= .target index d64aeba090..f86f02bb31 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -52,6 +52,7 @@ HEX_TESTS +=3D hvx_misc HEX_TESTS +=3D hvx_histogram HEX_TESTS +=3D invalid-slots HEX_TESTS +=3D invalid-encoding +HEX_TESTS +=3D multiple-writes HEX_TESTS +=3D unaligned_pc =20 HEX_TESTS +=3D test_abs --=20 2.34.1