• Dave Martin's avatar
    arm64: fpsimd: Fix bad si_code for undiagnosed SIGFPE · af4a81b9
    Dave Martin authored
    Currently a SIGFPE delivered in response to a floating-point
    exception trap may have si_code set to 0 on arm64.  As reported by
    Eric, this is a bad idea since this is the value of SI_USER -- yet
    this signal is definitely not the result of kill(2), tgkill(2) etc.
    and si_uid and si_pid make limited sense whereas we do want to
    yield a value for si_addr (which doesn't exist for SI_USER).
    
    It's not entirely clear whether the architecure permits a
    "spurious" fp exception trap where none of the exception flag bits
    in ESR_ELx is set.  (IMHO the architectural intent is to forbid
    this.)  However, it does permit those bits to contain garbage if
    the TFV bit in ESR_ELx is 0.  That case isn't currently handled at
    all and may result in si_code == 0 or si_code containing a FPE_FLT*
    constant corresponding to an exception that did not in fact happen.
    
    There is nothing sensible we can return for si_code in such cases,
    but SI_USER is certainly not appropriate and will lead to violation
    of legitimate userspace assumptions.
    
    This patch allocates a new si_code value FPE_UNKNOWN that at least
    does not conflict with any existing SI_* or FPE_* code, and yields
    this in si_code for undiagnosable cases.  This is probably the best
    simplicity/incorrectness tradeoff achieveable without relying on
    implementation-dependent features or adding a lot of code.  In any
    case, there appears to be no perfect solution possible that would
    justify a lot of effort here.
    
    Yielding FPE_UNKNOWN when some well-defined fp exception caused the
    trap is a violation of POSIX, but this is forced by the
    architecture.  We have no realistic prospect of yielding the
    correct code in such cases.  At present I am not aware of any ARMv8
    implementation that supports trapped floating-point exceptions in
    any case.
    
    The new code may be applicable to other architectures for similar
    reasons.
    
    No attempt is made to provide ESR_ELx to userspace in the signal
    frame, since architectural limitations mean that it is unlikely to
    provide much diagnostic value, doesn't benefit existing software
    and would create ABI with no proven purpose.  The existing
    mechanism for passing it also has problems of its own which may
    result in the wrong value being passed to userspace due to
    interaction with mm faults.  The implied rework does not appear
    justified.
    Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Reported-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarDave Martin <Dave.Martin@arm.com>
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    af4a81b9
esr.h 9.22 KB