From: Aleksandar Markovic <aleksandar.markovic@xxxxxxxxxx> Fix CMP.Sxxx.<D|S> SIGILL crashes by fixing main switch/case statement in fpu_emul() function so that inadvertent fall-troughs are prevented. Consider, let's say, CMP.SAF.S instruction when one of inputs is zero and another input is a signaling NaN. The desired output is zero, and the exception flag "invalid operation" set. For such case, the main portion of the implementation is within "d_fmt" case of the main "switch/case" statement in fpu_emul() function. The execution will follow one of "if-else" branches that doesn't contain "goto cop1scr;" statement, and will therefore reach the end of "d_fmt" case. It will subsequently fall through to the next case, "l_fmt". After following similar pattern, the execution will fall through to the succeeding case, which is "default". The "default" case contains "return SIGILL;" statement only. This means that the caller application will crash with "illegal instruction" message. It is obvious that above described fall-throughs are unnecessary and harmful. This patch rectifies that behavior by providing "break;" statements at the end of cases "d_fmt" and "l_fmt". There are 22 instructions affected by this problem: CMP.<SAF|SEQ|SLE|SLT|SNE|SOR|SUEQ|SULE|SULT|SUN|SUNE>.<D|S>. Signed-off-by: Miodrag Dinic <miodrag.dinic@xxxxxxxxxx> Signed-off-by: Goran Ferenc <goran.ferenc@xxxxxxxxxx> Signed-off-by: Aleksandar Markovic <aleksandar.markovic@xxxxxxxxxx> --- arch/mips/math-emu/cp1emu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c index f08a7b4..520a5ac 100644 --- a/arch/mips/math-emu/cp1emu.c +++ b/arch/mips/math-emu/cp1emu.c @@ -2394,6 +2394,7 @@ static int fpu_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, break; } } + break; } case l_fmt: @@ -2468,6 +2469,8 @@ static int fpu_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, break; } } + break; + default: return SIGILL; } -- 2.9.3
