From 1ff8560ac9db1cbffcd700b70e1661f2fcc2e5d7 Mon Sep 17 00:00:00 2001 From: Aleksandar Markovic Date: Mon, 21 Aug 2017 14:24:47 +0200 Subject: [PATCH] MIPS: math-emu: CMP.Sxxx.: Prevent occurrences of SIGILL crashes Fix CMP.Sxxx. SIGILL crashes by fixing main switch/case statement in fpu_emul() function so that inadvertent fall-troughs are prevented. Consider, let's say, CMP.SAF.S instruction when one of inputs is zero and another input is a signaling NaN. The desired output is zero, and the exception flag "invalid operation" set. For such case, the main portion of the implementation is within "d_fmt" case of the main "switch/case" statement in fpu_emul() function. The execution will follow one of "if-else" branches that doesn't contain "goto cop1scr;" statement, and will therefore reach the end of "d_fmt" case. It will subsequently fall through to the next case, "l_fmt". After following similar pattern, the execution will fall through to the succeeding case, which is "default". The "default" case contains "return SIGILL;" statement only. This means that the caller application will crash with "illegal instruction" message. It is obvious that above described fall-throughs are unnecessary and harmful. This patch rectifies that behavior by providing "break;" statements at the end of cases "d_fmt" and "l_fmt". There are 22 instructions affected by this problem: CMP... Signed-off-by: Miodrag Dinic Signed-off-by: Goran Ferenc Signed-off-by: Aleksandar Markovic Cc: Douglas Leung Cc: James Hogan Cc: Maciej W. Rozycki Cc: Masahiro Yamada Cc: Paul Burton Cc: Petar Jovanovic Cc: Raghu Gandham Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/17140/ Signed-off-by: Ralf Baechle --- arch/mips/math-emu/cp1emu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c index d225e2173899..9694e9e0b14c 100644 --- a/arch/mips/math-emu/cp1emu.c +++ b/arch/mips/math-emu/cp1emu.c @@ -2394,6 +2394,7 @@ dcopuop: break; } } + break; } case l_fmt: @@ -2468,6 +2469,8 @@ dcopuop: break; } } + break; + default: return SIGILL; } -- 2.20.1