From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Cc: Scott Wood <scottwood@freescale.com>,
"linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
Rex Feany <RFeany@mrv.com>
Subject: Re: [PATCH] 8xx: fix user space TLB walk in dcbX fixup
Date: Tue, 12 Jan 2010 13:40:45 +1100 [thread overview]
Message-ID: <1263264045.724.183.camel@pasglop> (raw)
In-Reply-To: <1262969186-18462-1-git-send-email-Joakim.Tjernlund@transmode.se>
On Fri, 2010-01-08 at 17:46 +0100, Joakim Tjernlund wrote:
> The newly added fixup for buggy dcbX insn's has
> a bug that always trigger a kernel TLB walk so a user space
> dcbX insn will cause a Kernel Machine Check if it hits DTLB error.
>
> Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
> ---
>
> I found this problem in 2.4 and forward ported it to 2.6. I
> cannot test it so I cannot be 100% sure I got it right.
>
> arch/powerpc/kernel/head_8xx.S | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
Do you have something to make sure that TASK_SIZE is never bigger than
2G ? Else userspace could be all the way to 0xbfffffff ...
Cheers,
Ben.
> diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
> index ce327c5..91bef6e 100644
> --- a/arch/powerpc/kernel/head_8xx.S
> +++ b/arch/powerpc/kernel/head_8xx.S
> @@ -542,11 +542,11 @@ DARFixed:/* Return from dcbx instruction bug workaround, r10 holds value of DAR
> FixupDAR:/* Entry point for dcbx workaround. */
> /* fetch instruction from memory. */
> mfspr r10, SPRN_SRR0
> + andis. r11, r10, 0x8000 /* Address >= 0x80000000 */
> DO_8xx_CPU6(0x3780, r3)
> mtspr SPRN_MD_EPN, r10
> mfspr r11, SPRN_M_TWB /* Get level 1 table entry address */
> - cmplwi cr0, r11, 0x0800
> - blt- 3f /* Branch if user space */
> + beq- 3f /* Branch if user space */
> lis r11, (swapper_pg_dir-PAGE_OFFSET)@h
> ori r11, r11, (swapper_pg_dir-PAGE_OFFSET)@l
> rlwimi r11, r10, 32-20, 0xffc /* r11 = r11&~0xffc|(r10>>20)&0xffc */
next prev parent reply other threads:[~2010-01-12 2:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-08 16:46 [PATCH] 8xx: fix user space TLB walk in dcbX fixup Joakim Tjernlund
2010-01-12 2:40 ` Benjamin Herrenschmidt [this message]
2010-01-12 7:07 ` Joakim Tjernlund
2010-01-12 8:44 ` Benjamin Herrenschmidt
2010-01-12 9:17 ` Joakim Tjernlund
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1263264045.724.183.camel@pasglop \
--to=benh@kernel.crashing.org \
--cc=Joakim.Tjernlund@transmode.se \
--cc=RFeany@mrv.com \
--cc=linuxppc-dev@ozlabs.org \
--cc=scottwood@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.