On 2/6/26 10:38 AM, Brian Cain wrote:
When decoding a duplex instruction, if the slot0 sub-instruction fails
to decode after slot1 succeeds, QEMU was leaving the packet in a
partially-decoded state. This allowed invalid duplex encodings (where
one sub-instruction doesn't match any valid pattern) to be executed
incorrectly.
Fix by resetting the decoder state when slot0 fails, returning an empty
instruction that triggers an exception.
Add gen_exception_decode_fail() for raising exceptions when decode fails
before ctx->next_PC is initialized. This keeps gen_exception_end_tb()
semantics unchanged (it continues to use ctx->next_PC for the exception
PC after successful decode).
Update the invalid-slots test to expect SIGILL (exit code 132) instead
of the old exit(1) behavior now that the exception is properly handled.
Add invalid-duplex test for the specific case of invalid duplex encoding
after immext.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3291
Signed-off-by: Brian Cain <[email protected]>
---
linux-user/hexagon/cpu_loop.c | 4 ++++
target/hexagon/decode.c | 13 +++++++++++--
target/hexagon/translate.c | 18 ++++++++++++++++--
tests/tcg/hexagon/invalid-duplex.c | 28 ++++++++++++++++++++++++++++
tests/tcg/hexagon/Makefile.target | 11 ++++++++++-
5 files changed, 69 insertions(+), 5 deletions(-)
create mode 100644 tests/tcg/hexagon/invalid-duplex.c
Reviewed-by: Pierrick Bouvier <[email protected]>
