Re: [patch 2.6.13-rc6] i386: fix incorrect FP signal delivery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 23 Aug 2005 02:20:07 +0200, Andi Kleen wrote:

> How about you describe what you actually changed and why so that not 
> every reviewer has to look up all the bits in the manual?


 The patch had a bug anyway, so here's another try.  *** Replace
the previous patch with this one. ***


i386 floating-point exception handling has a bug that can cause error
code 0 to be sent instead of the proper code during signal delivery.
This is caused by unconditionally checking the IS and c1 bits from
the FPU status word when they are not always relevant.  The IS bit
tells whether an exception is a stack fault and is only relevant
when the exception is IE (invalid operation.)  The C1 bit determines
whether a stack fault is overflow or underflow and is only relevant
when IS and IE are set.

This bug also exists in the 2.4 kernel and appears to be in the 2.6
x86_64 code as well.

Patch applies with offsets to 2.4.31 and 2.6.13-rc6-mm1.

Signed-off-by: Chuck Ebbert <[email protected]>

 arch/i386/kernel/traps.c |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

--- 2.6.13-rc6a.orig/arch/i386/kernel/traps.c
+++ 2.6.13-rc6a/arch/i386/kernel/traps.c
@@ -778,7 +778,7 @@ void math_error(void __user *eip)
 {
 	struct task_struct * task;
 	siginfo_t info;
-	unsigned short cwd, swd;
+	unsigned short cwd, swd, wd;
 
 	/*
 	 * Save the info for the exception handler and clear the error.
@@ -803,7 +803,21 @@ void math_error(void __user *eip)
 	 */
 	cwd = get_fpu_cwd(task);
 	swd = get_fpu_swd(task);
-	switch (((~cwd) & swd & 0x3f) | (swd & 0x240)) {
+	wd = swd & 0x3f & ~cwd;
+	/*
+	 * If the exception is invalid operation, the IS bit is needed
+	 * to see if it's a stack fault.
+	 */
+	if (wd & 1)
+		wd |= swd & 0x40;
+	/*
+	 * If it's a stack fault, C1 is needed to see if it's overflow or
+	 * underflow.
+	 */
+	if (wd & 0x40)
+		wd |= swd & 0x200;
+
+	switch (wd) {
 		case 0x000:
 		default:
 			break;
__
Chuck
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux