* Memory corruption bug in HardHat-1.2 CPU6 workaround
@ 2000-09-28 5:24 Graham Stoney
2000-09-28 14:49 ` Dan Malek
0 siblings, 1 reply; 2+ messages in thread
From: Graham Stoney @ 2000-09-28 5:24 UTC (permalink / raw)
To: mgreer; +Cc: LinuxPPC Embedded Mailing List
Hi Mark,
I've picked you at random from the MontaVista people on the list; if you're
not the right guy, could you please forward this to the appropriate person?
I've just noticed some potential memory corruption bugs associated with
the CPU6 workaround in the PPC HardHat-1.2 kernel. I posted a complete fix
for this to the mailing list in response to Dan's initial half fix to the
previous CPU6 workaround which corrupted the kernel command line, but it
looks like my patch didn't quite make it in. See:
http://lists.linuxppc.org/listarcs/linuxppc-embedded/200006/msg00038.html
The bugs are a carry-over from when the CPU6 workaround used a word of data
12 bytes into the kernel command line as scratch space. It looks like
the remaining cmd_line references were changed without removing the 12 byte
offset, meaning that they will clobber an unrelated value in memory 8 bytes
after cpu6_bug. While I haven't observed any errant behaviour from this yet,
it's just waiting to bite someone unexpectedly, and will be darned hard to
find when it does. Better to fix it now.
Here's a patch to fix the problem:
--- arch/ppc/kernel/head.S Wed Sep 27 12:29:21 2000
+++ arch/ppc/kernel/head.S.fix Thu Sep 28 16:12:09 2000
@@ -2428,12 +2428,12 @@
lis r6, cpu6_bug@h
ori r6, r6, cpu6_bug@l
li r7, 0x3980
- stw r7, 12(r6)
- lwz r7, 12(r6)
+ stw r7, 0(r6)
+ lwz r7, 0(r6)
mtspr M_TWB, r9 /* Update MMU base address */
li r7, 0x3380
- stw r7, 12(r6)
- lwz r7, 12(r6)
+ stw r7, 0(r6)
+ lwz r7, 0(r6)
mtspr M_CASID, r5 /* Update context */
#else
mtspr M_TWB, r9 /* Update MMU base address */
@@ -2574,8 +2574,8 @@
lis r7, cpu6_bug@h
ori r7, r7, cpu6_bug@l
li r4, 0x3980
- stw r4, 12(r7)
- lwz r4, 12(r7)
+ stw r4, 0(r7)
+ lwz r4, 0(r7)
mtspr M_TWB, r3 /* Update MMU base address */
SYNC
mtmsr r5
Regards,
Graham
--
Graham Stoney
Principal Hardware/Software Engineer
Canon Information Systems Research Australia
Ph: +61 2 9805 2909 Fax: +61 2 9805 2929
** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: Memory corruption bug in HardHat-1.2 CPU6 workaround
2000-09-28 5:24 Memory corruption bug in HardHat-1.2 CPU6 workaround Graham Stoney
@ 2000-09-28 14:49 ` Dan Malek
0 siblings, 0 replies; 2+ messages in thread
From: Dan Malek @ 2000-09-28 14:49 UTC (permalink / raw)
To: Graham Stoney; +Cc: mgreer, LinuxPPC Embedded Mailing List
Graham Stoney wrote:
> I've just noticed some potential memory corruption bugs associated with
> the CPU6 workaround in the PPC HardHat-1.2 kernel.
In what LSP of the 1.2 CDK? Mark has been predominantly discussing
the 8240/755 Sandpoint and providing pointers to software that doesn't
represent integration of the 8xx software on the CDK.
Is this a problem in one of the MPC8xx LSPs of the CDK?
> ...meaning that they will clobber an unrelated value in memory 8 bytes
> after cpu6_bug.
I'm travelling and don't have an 8xx LSP handy, but there was supposed
to be sufficient space allocated here to prevent this condition. Thanks
for the note and I will check the software to ensure this is correct in
the MPC8xx CDKs.
-- Dan
** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2000-09-28 14:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2000-09-28 5:24 Memory corruption bug in HardHat-1.2 CPU6 workaround Graham Stoney
2000-09-28 14:49 ` Dan Malek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.