Re: [PATCH] mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
From: Xi Ruoyao
Date: Fri Jan 26 2024 - 16:04:09 EST
Please ignore this for wrong address of stable@. Will send v2.
On Sat, 2024-01-27 at 04:59 +0800, Xi Ruoyao wrote:
> If we still own the FPU after initializing fcr31, when we are preempted
> the dirty value in the FPU will be read out and stored into fcr31,
> clobbering our setting. This can cause an improper floating-point
> environment after execve(). For example:
>
> zsh% cat measure.c
> #include <fenv.h>
> int main() { return fetestexcept(FE_INEXACT); }
> zsh% cc measure.c -o measure -lm
> zsh% echo $((1.0/3)) # raising FE_INEXACT
> 0.33333333333333331
> zsh% while ./measure; do ; done
> (stopped in seconds)
>
> Call lose_fpu(0) before setting fcr31 to prevent this.
>
> Closes: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xxxxxxxxxxx/
> Fixes: 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling")
> Cc: stable@xxxxxxxxxxxxxx
> Signed-off-by: Xi Ruoyao <xry111@xxxxxxxxxxx>
> ---
> arch/mips/kernel/elf.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/mips/kernel/elf.c b/arch/mips/kernel/elf.c
> index 5582a4ca1e9e..7aa2c2360ff6 100644
> --- a/arch/mips/kernel/elf.c
> +++ b/arch/mips/kernel/elf.c
> @@ -11,6 +11,7 @@
>
> #include <asm/cpu-features.h>
> #include <asm/cpu-info.h>
> +#include <asm/fpu.h>
>
> #ifdef CONFIG_MIPS_FP_SUPPORT
>
> @@ -309,6 +310,11 @@ void mips_set_personality_nan(struct arch_elf_state *state)
> struct cpuinfo_mips *c = &boot_cpu_data;
> struct task_struct *t = current;
>
> + /* Do this early so t->thread.fpu.fcr31 won't be clobbered in case
> + * we are preempted before the lose_fpu(0) in start_thread.
> + */
> + lose_fpu(0);
> +
> t->thread.fpu.fcr31 = c->fpu_csr31;
> switch (state->nan_2008) {
> case 0:
--
Xi Ruoyao <xry111@xxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University