[linux] 01/02: [mips*] Correct FP emulation delay slot exception propagation.

Mon Sep 14 22:22:15 UTC 2015

This is an automated email from the git hooks/post-receive script.

aurel32 pushed a commit to branch jessie
in repository linux.

commit 53a249ff116c56e27f12def332b4ea2b6989acc3
Author: Aurelien Jarno <aurelien at aurel32.net>
Date:   Mon Sep 14 22:03:24 2015 +0200

    [mips*] Correct FP emulation delay slot exception propagation.
---
 debian/changelog                                   |   3 +
 ...-correct-delay-slot-exception-propagation.patch | 119 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 3 files changed, 123 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 2ca0dbf..d387579 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -475,6 +475,9 @@ linux (3.16.7-ckt15-1) UNRELEASED; urgency=medium
   [ Uwe Kleine-König ]
   * Merge jessie-security changes
 
+  [ Aurelien Jarno ]
+  * [mips*] Correct FP emulation delay slot exception propagation.
+
  -- Ben Hutchings <ben at decadent.org.uk>  Tue, 26 May 2015 01:42:36 +0100
 
 linux (3.16.7-ckt11-1+deb8u3) jessie-security; urgency=high
diff --git a/debian/patches/bugfix/mips/mips-math-emu-correct-delay-slot-exception-propagation.patch b/debian/patches/bugfix/mips/mips-math-emu-correct-delay-slot-exception-propagation.patch
new file mode 100644
index 0000000..ce156ae
--- /dev/null
+++ b/debian/patches/bugfix/mips/mips-math-emu-correct-delay-slot-exception-propagation.patch
@@ -0,0 +1,119 @@
+From: "Maciej W. Rozycki" <macro at linux-mips.org>
+Date: Fri, 3 Apr 2015 23:26:56 +0100
+Subject: MIPS: math-emu: Correct delay-slot exception propagation
+Origin: https://git.kernel.org/linus/9ab4471c9f1b3e986f4d429951492f736c888ff6
+
+Restore EPC at the branch whose delay slot is emulated if the delay-slot
+instruction signals.  This is so that code in `fpu_emulator_cop1Handler'
+does not see EPC having advanced and mistakenly successfully resume
+userland execution from the location at the branch target in that case.
+Restoring EPC guarantees an immediate exit from the emulation loop and
+if EPC hasn't advanced at all since entering the loop, also issuing the
+signal reported by the delay-slot instruction.
+
+Signed-off-by: Maciej W. Rozycki <macro at linux-mips.org>
+Cc: linux-mips at linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/9701/
+Signed-off-by: Ralf Baechle <ralf at linux-mips.org>
+---
+ arch/mips/math-emu/cp1emu.c | 34 +++++++++++++++++++++++++++++-----
+ arch/mips/math-emu/dsemul.c |  2 +-
+ 2 files changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c
+index 732c3a3..acfef06 100644
+--- a/arch/mips/math-emu/cp1emu.c
++++ b/arch/mips/math-emu/cp1emu.c
+@@ -974,6 +974,14 @@
+ 				/*
+ 				 * Branch taken: emulate dslot instruction
+ 				 */
++				unsigned long bcpc;
++
++				/*
++				 * Remember EPC at the branch to point back
++				 * at so that any delay-slot instruction
++				 * signal is not silently ignored.
++				 */
++				bcpc = xcp->cp0_epc;
+ 				xcp->cp0_epc += dec_insn.pc_inc;
+ 
+ 				contpc = MIPSInst_SIMM(ir);
+@@ -999,7 +1007,15 @@
+ 						 * Single step the non-CP1
+ 						 * instruction in the dslot.
+ 						 */
+-						return mips_dsemul(xcp, ir, contpc);
++						sig = mips_dsemul(xcp, ir,
++								  contpc);
++						if (sig)
++							xcp->cp0_epc = bcpc;
++						/*
++						 * SIGILL forces out of
++						 * the emulation loop.
++						 */
++						return sig ? sig : SIGILL;
+ 					}
+ 				} else
+ 					contpc = (xcp->cp0_epc + (contpc << 2));
+@@ -1014,7 +1030,7 @@
+ 					if (cpu_has_mips_2_3_4_5_r)
+ 						goto emul;
+ 
+-					return SIGILL;
++					goto bc_sigill;
+ 
+ 				case cop1_op:
+ 					goto emul;
+@@ -1024,7 +1040,7 @@
+ 						/* its one of ours */
+ 						goto emul;
+ 
+-					return SIGILL;
++					goto bc_sigill;
+ 
+ 				case spec_op:
+ 					switch (MIPSInst_FUNC(ir)) {
+@@ -1032,16 +1048,24 @@
+ 						if (cpu_has_mips_4_5_r)
+ 							goto emul;
+ 
+-						return SIGILL;
++						goto bc_sigill;
+ 					}
+ 					break;
++
++				bc_sigill:
++					xcp->cp0_epc = bcpc;
++					return SIGILL;
+ 				}
+ 
+ 				/*
+ 				 * Single step the non-cp1
+ 				 * instruction in the dslot
+ 				 */
+-				return mips_dsemul(xcp, ir, contpc);
++				sig = mips_dsemul(xcp, ir, contpc);
++				if (sig)
++					xcp->cp0_epc = bcpc;
++				/* SIGILL forces out of the emulation loop.  */
++				return sig ? sig : SIGILL;
+ 			} else if (likely) {	/* branch not taken */
+ 					/*
+ 					 * branch likely nullifies
+diff --git a/arch/mips/math-emu/dsemul.c b/arch/mips/math-emu/dsemul.c
+index 00ad736..e0b5cc2 100644
+--- a/arch/mips/math-emu/dsemul.c
++++ b/arch/mips/math-emu/dsemul.c
+@@ -96,7 +96,7 @@
+ 
+ 	flush_cache_sigtramp((unsigned long)&fr->badinst);
+ 
+-	return SIGILL;		/* force out of emulation loop */
++	return 0;
+ }
+ 
+ int do_dsemulret(struct pt_regs *xcp)
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 1d3cef2..c4ad450 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -85,6 +85,7 @@ bugfix/x86/input-synaptics-remove-topbuttonpad-property-for-len.patch
 bugfix/x86/input-synaptics-re-route-tracksticks-buttons-on-the-.patch
 bugfix/mips/mips-normalise-code-flow-in-the-cpu-exception-handle.patch
 bugfix/mips/mips-correct-fp-isa-requirements.patch
+bugfix/mips/mips-math-emu-correct-delay-slot-exception-propagation.patch
 bugfix/x86/0001-x86-asm-entry-64-Fold-the-test_in_nmi-macro-into-its.patch
 bugfix/x86/0002-x86-asm-entry-64-Remove-a-redundant-jump.patch
 bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

