diff options
| author | David Daney <ddaney@caviumnetworks.com> | 2010-10-21 19:32:26 -0400 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2010-12-16 13:10:57 -0500 |
| commit | 515b029d005b5694cf612a0a5ca6f861a7e45362 (patch) | |
| tree | 983f7fea48513cfae6c7f96d4d4036475d8130b1 /arch/mips | |
| parent | 0bc6791707694c77b3543de39f77972a65de917a (diff) | |
MIPS: Send proper signal and siginfo on FP emulator faults.
We were unconditionally sending SIGBUS with an empty siginfo on FP
emulator faults. This differs from what happens when real floating
point hardware would get a fault.
For most faults we need to send SIGSEGV with the faulting address
filled in in the struct siginfo.
Reported-by: Camm Maguire <camm@maguirefamily.org>
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
To: linux-mips@linux-mips.org
Cc: Camm Maguire <camm@maguirefamily.org>
Patchwork: https://patchwork.linux-mips.org/patch/1727/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'arch/mips')
| -rw-r--r-- | arch/mips/kernel/traps.c | 44 | ||||
| -rw-r--r-- | arch/mips/math-emu/cp1emu.c | 116 |
2 files changed, 130 insertions, 30 deletions
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index 8e9fbe75894e..e97104302541 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c | |||
| @@ -83,7 +83,8 @@ extern asmlinkage void handle_mcheck(void); | |||
| 83 | extern asmlinkage void handle_reserved(void); | 83 | extern asmlinkage void handle_reserved(void); |
| 84 | 84 | ||
| 85 | extern int fpu_emulator_cop1Handler(struct pt_regs *xcp, | 85 | extern int fpu_emulator_cop1Handler(struct pt_regs *xcp, |
| 86 | struct mips_fpu_struct *ctx, int has_fpu); | 86 | struct mips_fpu_struct *ctx, int has_fpu, |
| 87 | void *__user *fault_addr); | ||
| 87 | 88 | ||
| 88 | void (*board_be_init)(void); | 89 | void (*board_be_init)(void); |
| 89 | int (*board_be_handler)(struct pt_regs *regs, int is_fixup); | 90 | int (*board_be_handler)(struct pt_regs *regs, int is_fixup); |
| @@ -661,12 +662,36 @@ asmlinkage void do_ov(struct pt_regs *regs) | |||
| 661 | force_sig_info(SIGFPE, &info, current); | 662 | force_sig_info(SIGFPE, &info, current); |
| 662 | } | 663 | } |
| 663 | 664 | ||
| 665 | static int process_fpemu_return(int sig, void __user *fault_addr) | ||
| 666 | { | ||
| 667 | if (sig == SIGSEGV || sig == SIGBUS) { | ||
| 668 | struct siginfo si = {0}; | ||
| 669 | si.si_addr = fault_addr; | ||
| 670 | si.si_signo = sig; | ||
| 671 | if (sig == SIGSEGV) { | ||
| 672 | if (find_vma(current->mm, (unsigned long)fault_addr)) | ||
| 673 | si.si_code = SEGV_ACCERR; | ||
| 674 | else | ||
| 675 | si.si_code = SEGV_MAPERR; | ||
| 676 | } else { | ||
| 677 | si.si_code = BUS_ADRERR; | ||
| 678 | } | ||
| 679 | force_sig_info(sig, &si, current); | ||
| 680 | return 1; | ||
| 681 | } else if (sig) { | ||
| 682 | force_sig(sig, current); | ||
| 683 | return 1; | ||
| 684 | } else { | ||
| 685 | return 0; | ||
| 686 | } | ||
| 687 | } | ||
| 688 | |||
| 664 | /* | 689 | /* |
| 665 | * XXX Delayed fp exceptions when doing a lazy ctx switch XXX | 690 | * XXX Delayed fp exceptions when doing a lazy ctx switch XXX |
| 666 | */ | 691 | */ |
| 667 | asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) | 692 | asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) |
| 668 | { | 693 | { |
| 669 | siginfo_t info; | 694 | siginfo_t info = {0}; |
| 670 | 695 | ||
| 671 | if (notify_die(DIE_FP, "FP exception", regs, 0, regs_to_trapnr(regs), SIGFPE) | 696 | if (notify_die(DIE_FP, "FP exception", regs, 0, regs_to_trapnr(regs), SIGFPE) |
| 672 | == NOTIFY_STOP) | 697 | == NOTIFY_STOP) |
| @@ -675,6 +700,7 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) | |||
| 675 | 700 | ||
| 676 | if (fcr31 & FPU_CSR_UNI_X) { | 701 | if (fcr31 & FPU_CSR_UNI_X) { |
| 677 | int sig; | 702 | int sig; |
| 703 | void __user *fault_addr = NULL; | ||
| 678 | 704 | ||
| 679 | /* | 705 | /* |
| 680 | * Unimplemented operation exception. If we've got the full | 706 | * Unimplemented operation exception. If we've got the full |
| @@ -690,7 +716,8 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) | |||
| 690 | lose_fpu(1); | 716 | lose_fpu(1); |
| 691 | 717 | ||
| 692 | /* Run the emulator */ | 718 | /* Run the emulator */ |
| 693 | sig = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1); | 719 | sig = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1, |
| 720 | &fault_addr); | ||
| 694 | 721 | ||
| 695 | /* | 722 | /* |
| 696 | * We can't allow the emulated instruction to leave any of | 723 | * We can't allow the emulated instruction to leave any of |
| @@ -702,8 +729,7 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) | |||
| 702 | own_fpu(1); /* Using the FPU again. */ | 729 | own_fpu(1); /* Using the FPU again. */ |
| 703 | 730 | ||
| 704 | /* If something went wrong, signal */ | 731 | /* If something went wrong, signal */ |
| 705 | if (sig) | 732 | process_fpemu_return(sig, fault_addr); |
| 706 | force_sig(sig, current); | ||
| 707 | 733 | ||
| 708 | return; | 734 | return; |
| 709 | } else if (fcr31 & FPU_CSR_INV_X) | 735 | } else if (fcr31 & FPU_CSR_INV_X) |
| @@ -996,11 +1022,11 @@ asmlinkage void do_cpu(struct pt_regs *regs) | |||
| 996 | 1022 | ||
| 997 | if (!raw_cpu_has_fpu) { | 1023 | if (!raw_cpu_has_fpu) { |
| 998 | int sig; | 1024 | int sig; |
| 1025 | void __user *fault_addr = NULL; | ||
| 999 | sig = fpu_emulator_cop1Handler(regs, | 1026 | sig = fpu_emulator_cop1Handler(regs, |
| 1000 | ¤t->thread.fpu, 0); | 1027 | ¤t->thread.fpu, |
| 1001 | if (sig) | 1028 | 0, &fault_addr); |
| 1002 | force_sig(sig, current); | 1029 | if (!process_fpemu_return(sig, fault_addr)) |
| 1003 | else | ||
| 1004 | mt_ase_fp_affinity(); | 1030 | mt_ase_fp_affinity(); |
| 1005 | } | 1031 | } |
| 1006 | 1032 | ||
diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c index b2ad1b0910ff..d32cb0503110 100644 --- a/arch/mips/math-emu/cp1emu.c +++ b/arch/mips/math-emu/cp1emu.c | |||
| @@ -64,7 +64,7 @@ static int fpu_emu(struct pt_regs *, struct mips_fpu_struct *, | |||
| 64 | 64 | ||
| 65 | #if __mips >= 4 && __mips != 32 | 65 | #if __mips >= 4 && __mips != 32 |
| 66 | static int fpux_emu(struct pt_regs *, | 66 | static int fpux_emu(struct pt_regs *, |
| 67 | struct mips_fpu_struct *, mips_instruction); | 67 | struct mips_fpu_struct *, mips_instruction, void *__user *); |
| 68 | #endif | 68 | #endif |
| 69 | 69 | ||
| 70 | /* Further private data for which no space exists in mips_fpu_struct */ | 70 | /* Further private data for which no space exists in mips_fpu_struct */ |
| @@ -208,16 +208,23 @@ static inline int cop1_64bit(struct pt_regs *xcp) | |||
| 208 | * Two instructions if the instruction is in a branch delay slot. | 208 | * Two instructions if the instruction is in a branch delay slot. |
| 209 | */ | 209 | */ |
| 210 | 210 | ||
| 211 | static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | 211 | static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx, |
| 212 | void *__user *fault_addr) | ||
| 212 | { | 213 | { |
| 213 | mips_instruction ir; | 214 | mips_instruction ir; |
| 214 | unsigned long emulpc, contpc; | 215 | unsigned long emulpc, contpc; |
| 215 | unsigned int cond; | 216 | unsigned int cond; |
| 216 | 217 | ||
| 217 | if (get_user(ir, (mips_instruction __user *) xcp->cp0_epc)) { | 218 | if (!access_ok(VERIFY_READ, xcp->cp0_epc, sizeof(mips_instruction))) { |
| 218 | MIPS_FPU_EMU_INC_STATS(errors); | 219 | MIPS_FPU_EMU_INC_STATS(errors); |
| 220 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 219 | return SIGBUS; | 221 | return SIGBUS; |
| 220 | } | 222 | } |
| 223 | if (__get_user(ir, (mips_instruction __user *) xcp->cp0_epc)) { | ||
| 224 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 225 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 226 | return SIGSEGV; | ||
| 227 | } | ||
| 221 | 228 | ||
| 222 | /* XXX NEC Vr54xx bug workaround */ | 229 | /* XXX NEC Vr54xx bug workaround */ |
| 223 | if ((xcp->cp0_cause & CAUSEF_BD) && !isBranchInstr(&ir)) | 230 | if ((xcp->cp0_cause & CAUSEF_BD) && !isBranchInstr(&ir)) |
| @@ -245,10 +252,16 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 245 | #endif | 252 | #endif |
| 246 | return SIGILL; | 253 | return SIGILL; |
| 247 | } | 254 | } |
| 248 | if (get_user(ir, (mips_instruction __user *) emulpc)) { | 255 | if (!access_ok(VERIFY_READ, emulpc, sizeof(mips_instruction))) { |
| 249 | MIPS_FPU_EMU_INC_STATS(errors); | 256 | MIPS_FPU_EMU_INC_STATS(errors); |
| 257 | *fault_addr = (mips_instruction __user *)emulpc; | ||
| 250 | return SIGBUS; | 258 | return SIGBUS; |
| 251 | } | 259 | } |
| 260 | if (__get_user(ir, (mips_instruction __user *) emulpc)) { | ||
| 261 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 262 | *fault_addr = (mips_instruction __user *)emulpc; | ||
| 263 | return SIGSEGV; | ||
| 264 | } | ||
| 252 | /* __compute_return_epc() will have updated cp0_epc */ | 265 | /* __compute_return_epc() will have updated cp0_epc */ |
| 253 | contpc = xcp->cp0_epc; | 266 | contpc = xcp->cp0_epc; |
| 254 | /* In order not to confuse ptrace() et al, tweak context */ | 267 | /* In order not to confuse ptrace() et al, tweak context */ |
| @@ -269,10 +282,17 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 269 | u64 val; | 282 | u64 val; |
| 270 | 283 | ||
| 271 | MIPS_FPU_EMU_INC_STATS(loads); | 284 | MIPS_FPU_EMU_INC_STATS(loads); |
| 272 | if (get_user(val, va)) { | 285 | |
| 286 | if (!access_ok(VERIFY_READ, va, sizeof(u64))) { | ||
| 273 | MIPS_FPU_EMU_INC_STATS(errors); | 287 | MIPS_FPU_EMU_INC_STATS(errors); |
| 288 | *fault_addr = va; | ||
| 274 | return SIGBUS; | 289 | return SIGBUS; |
| 275 | } | 290 | } |
| 291 | if (__get_user(val, va)) { | ||
| 292 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 293 | *fault_addr = va; | ||
| 294 | return SIGSEGV; | ||
| 295 | } | ||
| 276 | DITOREG(val, MIPSInst_RT(ir)); | 296 | DITOREG(val, MIPSInst_RT(ir)); |
| 277 | break; | 297 | break; |
| 278 | } | 298 | } |
| @@ -284,10 +304,16 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 284 | 304 | ||
| 285 | MIPS_FPU_EMU_INC_STATS(stores); | 305 | MIPS_FPU_EMU_INC_STATS(stores); |
| 286 | DIFROMREG(val, MIPSInst_RT(ir)); | 306 | DIFROMREG(val, MIPSInst_RT(ir)); |
| 287 | if (put_user(val, va)) { | 307 | if (!access_ok(VERIFY_WRITE, va, sizeof(u64))) { |
| 288 | MIPS_FPU_EMU_INC_STATS(errors); | 308 | MIPS_FPU_EMU_INC_STATS(errors); |
| 309 | *fault_addr = va; | ||
| 289 | return SIGBUS; | 310 | return SIGBUS; |
| 290 | } | 311 | } |
| 312 | if (__put_user(val, va)) { | ||
| 313 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 314 | *fault_addr = va; | ||
| 315 | return SIGSEGV; | ||
| 316 | } | ||
| 291 | break; | 317 | break; |
| 292 | } | 318 | } |
| 293 | 319 | ||
| @@ -297,10 +323,16 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 297 | u32 val; | 323 | u32 val; |
| 298 | 324 | ||
| 299 | MIPS_FPU_EMU_INC_STATS(loads); | 325 | MIPS_FPU_EMU_INC_STATS(loads); |
| 300 | if (get_user(val, va)) { | 326 | if (!access_ok(VERIFY_READ, va, sizeof(u32))) { |
| 301 | MIPS_FPU_EMU_INC_STATS(errors); | 327 | MIPS_FPU_EMU_INC_STATS(errors); |
| 328 | *fault_addr = va; | ||
| 302 | return SIGBUS; | 329 | return SIGBUS; |
| 303 | } | 330 | } |
| 331 | if (__get_user(val, va)) { | ||
| 332 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 333 | *fault_addr = va; | ||
| 334 | return SIGSEGV; | ||
| 335 | } | ||
| 304 | SITOREG(val, MIPSInst_RT(ir)); | 336 | SITOREG(val, MIPSInst_RT(ir)); |
| 305 | break; | 337 | break; |
| 306 | } | 338 | } |
| @@ -312,10 +344,16 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 312 | 344 | ||
| 313 | MIPS_FPU_EMU_INC_STATS(stores); | 345 | MIPS_FPU_EMU_INC_STATS(stores); |
| 314 | SIFROMREG(val, MIPSInst_RT(ir)); | 346 | SIFROMREG(val, MIPSInst_RT(ir)); |
| 315 | if (put_user(val, va)) { | 347 | if (!access_ok(VERIFY_WRITE, va, sizeof(u32))) { |
| 316 | MIPS_FPU_EMU_INC_STATS(errors); | 348 | MIPS_FPU_EMU_INC_STATS(errors); |
| 349 | *fault_addr = va; | ||
| 317 | return SIGBUS; | 350 | return SIGBUS; |
| 318 | } | 351 | } |
| 352 | if (__put_user(val, va)) { | ||
| 353 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 354 | *fault_addr = va; | ||
| 355 | return SIGSEGV; | ||
| 356 | } | ||
| 319 | break; | 357 | break; |
| 320 | } | 358 | } |
| 321 | 359 | ||
| @@ -440,11 +478,18 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 440 | contpc = (xcp->cp0_epc + | 478 | contpc = (xcp->cp0_epc + |
| 441 | (MIPSInst_SIMM(ir) << 2)); | 479 | (MIPSInst_SIMM(ir) << 2)); |
| 442 | 480 | ||
| 443 | if (get_user(ir, | 481 | if (!access_ok(VERIFY_READ, xcp->cp0_epc, |
| 444 | (mips_instruction __user *) xcp->cp0_epc)) { | 482 | sizeof(mips_instruction))) { |
| 445 | MIPS_FPU_EMU_INC_STATS(errors); | 483 | MIPS_FPU_EMU_INC_STATS(errors); |
| 484 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 446 | return SIGBUS; | 485 | return SIGBUS; |
| 447 | } | 486 | } |
| 487 | if (__get_user(ir, | ||
| 488 | (mips_instruction __user *) xcp->cp0_epc)) { | ||
| 489 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 490 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 491 | return SIGSEGV; | ||
| 492 | } | ||
| 448 | 493 | ||
| 449 | switch (MIPSInst_OPCODE(ir)) { | 494 | switch (MIPSInst_OPCODE(ir)) { |
| 450 | case lwc1_op: | 495 | case lwc1_op: |
| @@ -506,9 +551,8 @@ static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx) | |||
| 506 | 551 | ||
| 507 | #if __mips >= 4 && __mips != 32 | 552 | #if __mips >= 4 && __mips != 32 |
| 508 | case cop1x_op:{ | 553 | case cop1x_op:{ |
| 509 | int sig; | 554 | int sig = fpux_emu(xcp, ctx, ir, fault_addr); |
| 510 | 555 | if (sig) | |
| 511 | if ((sig = fpux_emu(xcp, ctx, ir))) | ||
| 512 | return sig; | 556 | return sig; |
| 513 | break; | 557 | break; |
| 514 | } | 558 | } |
| @@ -604,7 +648,7 @@ DEF3OP(nmadd, dp, ieee754dp_mul, ieee754dp_add, ieee754dp_neg); | |||
| 604 | DEF3OP(nmsub, dp, ieee754dp_mul, ieee754dp_sub, ieee754dp_neg); | 648 | DEF3OP(nmsub, dp, ieee754dp_mul, ieee754dp_sub, ieee754dp_neg); |
| 605 | 649 | ||
| 606 | static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | 650 | static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, |
| 607 | mips_instruction ir) | 651 | mips_instruction ir, void *__user *fault_addr) |
| 608 | { | 652 | { |
| 609 | unsigned rcsr = 0; /* resulting csr */ | 653 | unsigned rcsr = 0; /* resulting csr */ |
| 610 | 654 | ||
| @@ -624,10 +668,16 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 624 | xcp->regs[MIPSInst_FT(ir)]); | 668 | xcp->regs[MIPSInst_FT(ir)]); |
| 625 | 669 | ||
| 626 | MIPS_FPU_EMU_INC_STATS(loads); | 670 | MIPS_FPU_EMU_INC_STATS(loads); |
| 627 | if (get_user(val, va)) { | 671 | if (!access_ok(VERIFY_READ, va, sizeof(u32))) { |
| 628 | MIPS_FPU_EMU_INC_STATS(errors); | 672 | MIPS_FPU_EMU_INC_STATS(errors); |
| 673 | *fault_addr = va; | ||
| 629 | return SIGBUS; | 674 | return SIGBUS; |
| 630 | } | 675 | } |
| 676 | if (__get_user(val, va)) { | ||
| 677 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 678 | *fault_addr = va; | ||
| 679 | return SIGSEGV; | ||
| 680 | } | ||
| 631 | SITOREG(val, MIPSInst_FD(ir)); | 681 | SITOREG(val, MIPSInst_FD(ir)); |
| 632 | break; | 682 | break; |
| 633 | 683 | ||
| @@ -638,10 +688,16 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 638 | MIPS_FPU_EMU_INC_STATS(stores); | 688 | MIPS_FPU_EMU_INC_STATS(stores); |
| 639 | 689 | ||
| 640 | SIFROMREG(val, MIPSInst_FS(ir)); | 690 | SIFROMREG(val, MIPSInst_FS(ir)); |
| 641 | if (put_user(val, va)) { | 691 | if (!access_ok(VERIFY_WRITE, va, sizeof(u32))) { |
| 642 | MIPS_FPU_EMU_INC_STATS(errors); | 692 | MIPS_FPU_EMU_INC_STATS(errors); |
| 693 | *fault_addr = va; | ||
| 643 | return SIGBUS; | 694 | return SIGBUS; |
| 644 | } | 695 | } |
| 696 | if (put_user(val, va)) { | ||
| 697 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 698 | *fault_addr = va; | ||
| 699 | return SIGSEGV; | ||
| 700 | } | ||
| 645 | break; | 701 | break; |
| 646 | 702 | ||
| 647 | case madd_s_op: | 703 | case madd_s_op: |
| @@ -701,10 +757,16 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 701 | xcp->regs[MIPSInst_FT(ir)]); | 757 | xcp->regs[MIPSInst_FT(ir)]); |
| 702 | 758 | ||
| 703 | MIPS_FPU_EMU_INC_STATS(loads); | 759 | MIPS_FPU_EMU_INC_STATS(loads); |
| 704 | if (get_user(val, va)) { | 760 | if (!access_ok(VERIFY_READ, va, sizeof(u64))) { |
| 705 | MIPS_FPU_EMU_INC_STATS(errors); | 761 | MIPS_FPU_EMU_INC_STATS(errors); |
| 762 | *fault_addr = va; | ||
| 706 | return SIGBUS; | 763 | return SIGBUS; |
| 707 | } | 764 | } |
| 765 | if (__get_user(val, va)) { | ||
| 766 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 767 | *fault_addr = va; | ||
| 768 | return SIGSEGV; | ||
| 769 | } | ||
| 708 | DITOREG(val, MIPSInst_FD(ir)); | 770 | DITOREG(val, MIPSInst_FD(ir)); |
| 709 | break; | 771 | break; |
| 710 | 772 | ||
| @@ -714,10 +776,16 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 714 | 776 | ||
| 715 | MIPS_FPU_EMU_INC_STATS(stores); | 777 | MIPS_FPU_EMU_INC_STATS(stores); |
| 716 | DIFROMREG(val, MIPSInst_FS(ir)); | 778 | DIFROMREG(val, MIPSInst_FS(ir)); |
| 717 | if (put_user(val, va)) { | 779 | if (!access_ok(VERIFY_WRITE, va, sizeof(u64))) { |
| 718 | MIPS_FPU_EMU_INC_STATS(errors); | 780 | MIPS_FPU_EMU_INC_STATS(errors); |
| 781 | *fault_addr = va; | ||
| 719 | return SIGBUS; | 782 | return SIGBUS; |
| 720 | } | 783 | } |
| 784 | if (__put_user(val, va)) { | ||
| 785 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 786 | *fault_addr = va; | ||
| 787 | return SIGSEGV; | ||
| 788 | } | ||
| 721 | break; | 789 | break; |
| 722 | 790 | ||
| 723 | case madd_d_op: | 791 | case madd_d_op: |
| @@ -1242,7 +1310,7 @@ static int fpu_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 1242 | } | 1310 | } |
| 1243 | 1311 | ||
| 1244 | int fpu_emulator_cop1Handler(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | 1312 | int fpu_emulator_cop1Handler(struct pt_regs *xcp, struct mips_fpu_struct *ctx, |
| 1245 | int has_fpu) | 1313 | int has_fpu, void *__user *fault_addr) |
| 1246 | { | 1314 | { |
| 1247 | unsigned long oldepc, prevepc; | 1315 | unsigned long oldepc, prevepc; |
| 1248 | mips_instruction insn; | 1316 | mips_instruction insn; |
| @@ -1252,10 +1320,16 @@ int fpu_emulator_cop1Handler(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 1252 | do { | 1320 | do { |
| 1253 | prevepc = xcp->cp0_epc; | 1321 | prevepc = xcp->cp0_epc; |
| 1254 | 1322 | ||
| 1255 | if (get_user(insn, (mips_instruction __user *) xcp->cp0_epc)) { | 1323 | if (!access_ok(VERIFY_READ, xcp->cp0_epc, sizeof(mips_instruction))) { |
| 1256 | MIPS_FPU_EMU_INC_STATS(errors); | 1324 | MIPS_FPU_EMU_INC_STATS(errors); |
| 1325 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 1257 | return SIGBUS; | 1326 | return SIGBUS; |
| 1258 | } | 1327 | } |
| 1328 | if (__get_user(insn, (mips_instruction __user *) xcp->cp0_epc)) { | ||
| 1329 | MIPS_FPU_EMU_INC_STATS(errors); | ||
| 1330 | *fault_addr = (mips_instruction __user *)xcp->cp0_epc; | ||
| 1331 | return SIGSEGV; | ||
| 1332 | } | ||
| 1259 | if (insn == 0) | 1333 | if (insn == 0) |
| 1260 | xcp->cp0_epc += 4; /* skip nops */ | 1334 | xcp->cp0_epc += 4; /* skip nops */ |
| 1261 | else { | 1335 | else { |
| @@ -1267,7 +1341,7 @@ int fpu_emulator_cop1Handler(struct pt_regs *xcp, struct mips_fpu_struct *ctx, | |||
| 1267 | */ | 1341 | */ |
| 1268 | /* convert to ieee library modes */ | 1342 | /* convert to ieee library modes */ |
| 1269 | ieee754_csr.rm = ieee_rm[ieee754_csr.rm]; | 1343 | ieee754_csr.rm = ieee_rm[ieee754_csr.rm]; |
| 1270 | sig = cop1Emulate(xcp, ctx); | 1344 | sig = cop1Emulate(xcp, ctx, fault_addr); |
| 1271 | /* revert to mips rounding mode */ | 1345 | /* revert to mips rounding mode */ |
| 1272 | ieee754_csr.rm = mips_rm[ieee754_csr.rm]; | 1346 | ieee754_csr.rm = mips_rm[ieee754_csr.rm]; |
| 1273 | } | 1347 | } |