[PATCH] Avoid potential hazard on Context register

linux-mips.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Avoid potential hazard on Context register
@ 2009-10-11  6:07 Chris Dearman
  2009-10-11 13:39 ` Ralf Baechle
  0 siblings, 1 reply; 6+ messages in thread
From: Chris Dearman @ 2009-10-11  6:07 UTC (permalink / raw)
  To: linux-mips

set_saved_sp reads Context register. Avoid reading stale value from 
earlier incomplete write

Signed-off-by: Chris Dearman <chris@mips.com>
---

  arch/mips/kernel/head.S |    1 +
  1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/arch/mips/kernel/head.S b/arch/mips/kernel/head.S
index 531ce7b..ea695d9 100644
--- a/arch/mips/kernel/head.S
+++ b/arch/mips/kernel/head.S
@@ -191,6 +191,7 @@ NESTED(kernel_entry, 16, sp)			# kernel entry point
  	/* Set the SP after an empty pt_regs.  */
  	PTR_LI		sp, _THREAD_SIZE - 32 - PT_SIZE
  	PTR_ADDU	sp, $28
+	back_to_back_c0_hazard
  	set_saved_sp	sp, t0, t1
  	PTR_SUBU	sp, 4 * SZREG		# init stack pointer

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] Avoid potential hazard on Context register
  2009-10-11  6:07 [PATCH] Avoid potential hazard on Context register Chris Dearman
@ 2009-10-11 13:39 ` Ralf Baechle
  2009-10-11 14:53   ` Ralf Baechle
  2009-10-11 20:05   ` Chris Dearman
  0 siblings, 2 replies; 6+ messages in thread
From: Ralf Baechle @ 2009-10-11 13:39 UTC (permalink / raw)
  To: Chris Dearman; +Cc: linux-mips

On Sat, Oct 10, 2009 at 11:07:21PM -0700, Chris Dearman wrote:

> set_saved_sp reads Context register. Avoid reading stale value from  
> earlier incomplete write

Which is executed fairly frequently.  So it'll be cheaper to fix the issue
in the writers.  Will post patch in a few minutes.

I'm curious, did you actually manage to trigger this one?  The time between
the instructions should be fairly long but then again the 34K has been
good for a few surprises!

  Ralf

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Avoid potential hazard on Context register
  2009-10-11 13:39 ` Ralf Baechle
@ 2009-10-11 14:53   ` Ralf Baechle
  2009-10-11 20:26     ` Chris Dearman
  2009-10-11 20:05   ` Chris Dearman
  1 sibling, 1 reply; 6+ messages in thread
From: Ralf Baechle @ 2009-10-11 14:53 UTC (permalink / raw)
  To: Chris Dearman; +Cc: linux-mips

There is no hazard barrier between writes to c0_context and subsequent
read accesses.  This is a fairly theoretical hole as c0_context is only
written on CPU bootup and other, unrelated code will almost certainly
execute a hazard barrier somewhen between the write and read access.
Even if not, the window is probably in the thousands of cycles so likely
too large to actually consistute a pipeline hazard.

Reported and initial patch by Chris Dearman <chris@mips.com>.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

 arch/mips/include/asm/mmu_context.h |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h
index ed331c2..6083db5 100644
--- a/arch/mips/include/asm/mmu_context.h
+++ b/arch/mips/include/asm/mmu_context.h
@@ -16,6 +16,7 @@
 #include <linux/smp.h>
 #include <linux/slab.h>
 #include <asm/cacheflush.h>
+#include <asm/hazards.h>
 #include <asm/tlbflush.h>
 #ifdef CONFIG_MIPS_MT_SMTC
 #include <asm/mipsmtregs.h>
@@ -36,11 +37,13 @@ extern unsigned long pgd_current[];
 #ifdef CONFIG_32BIT
 #define TLBMISS_HANDLER_SETUP()						\
 	write_c0_context((unsigned long) smp_processor_id() << 25);	\
+	back_to_back_c0_hazard();					\
 	TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir)
 #endif
 #ifdef CONFIG_64BIT
 #define TLBMISS_HANDLER_SETUP()						\
 	write_c0_context((unsigned long) smp_processor_id() << 26);	\
+	back_to_back_c0_hazard();					\
 	TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir)
 #endif
 

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] Avoid potential hazard on Context register
  2009-10-11 13:39 ` Ralf Baechle
  2009-10-11 14:53   ` Ralf Baechle
@ 2009-10-11 20:05   ` Chris Dearman
  1 sibling, 0 replies; 6+ messages in thread
From: Chris Dearman @ 2009-10-11 20:05 UTC (permalink / raw)
  To: Ralf Baechle; +Cc: linux-mips

Ralf Baechle wrote:

> I'm curious, did you actually manage to trigger this one?  The time between
> the instructions should be fairly long but then again the 34K has been
> good for a few surprises!

Yes... It actually showed up in 74k silicon at particular clock 
frequencies. The dual issue pipeline does make it susceptible to these 
"theoretical" problems ;)

Chris

-- 
Chris Dearman               Desk: +1 408 530 5092  Cell: +1 650 224 8603
MIPS Technologies Inc            955 East Arques Ave, Sunnyvale CA 94085

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Avoid potential hazard on Context register
  2009-10-11 14:53   ` Ralf Baechle
@ 2009-10-11 20:26     ` Chris Dearman
  2009-10-12  3:20       ` Ralf Baechle
  0 siblings, 1 reply; 6+ messages in thread
From: Chris Dearman @ 2009-10-11 20:26 UTC (permalink / raw)
  To: Ralf Baechle; +Cc: linux-mips

Ralf Baechle wrote:
> There is no hazard barrier between writes to c0_context and subsequent
> read accesses.  This is a fairly theoretical hole as c0_context is only
> written on CPU bootup and other, unrelated code will almost certainly
It was actually in the bootup code where I saw the problem, and this 
patch doesn't deal with that case:

>         MTC0            zero, CP0_CONTEXT       # clear context register 
>         PTR_LA          $28, init_thread_union 
>         /* Set the SP after an empty pt_regs.  */ 
>         PTR_LI          sp, _THREAD_SIZE - 32 - PT_SIZE 
>         PTR_ADDU        sp, $28 
>         back_to_back_c0_hazard 
>         set_saved_sp    sp, t0, t1 

The problem I observed is that the Context valuse used by set_saved_sp 
is whatever it inherits from YAMON.

Chris

-- 
Chris Dearman               Desk: +1 408 530 5092  Cell: +1 650 224 8603
MIPS Technologies Inc            955 East Arques Ave, Sunnyvale CA 94085

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Avoid potential hazard on Context register
  2009-10-11 20:26     ` Chris Dearman
@ 2009-10-12  3:20       ` Ralf Baechle
  0 siblings, 0 replies; 6+ messages in thread
From: Ralf Baechle @ 2009-10-12  3:20 UTC (permalink / raw)
  To: Chris Dearman; +Cc: linux-mips

On Sun, Oct 11, 2009 at 01:26:58PM -0700, Chris Dearman wrote:

> Ralf Baechle wrote:
>> There is no hazard barrier between writes to c0_context and subsequent
>> read accesses.  This is a fairly theoretical hole as c0_context is only
>> written on CPU bootup and other, unrelated code will almost certainly
> It was actually in the bootup code where I saw the problem, and this  
> patch doesn't deal with that case:
>
>>         MTC0            zero, CP0_CONTEXT       # clear context 
>> register         PTR_LA          $28, init_thread_union         /* Set 
>> the SP after an empty pt_regs.  */         PTR_LI          sp, 
>> _THREAD_SIZE - 32 - PT_SIZE         PTR_ADDU        sp, $28         
>> back_to_back_c0_hazard         set_saved_sp    sp, t0, t1 
>
> The problem I observed is that the Context valuse used by set_saved_sp  
> is whatever it inherits from YAMON.

So we need a double hazard barrier like below.

  Ralf

There is no hazard barrier between writes to c0_context and subsequent
read accesses.  This is a fairly theoretical hole as c0_context is only
written on CPU bootup and other, unrelated code will almost certainly
execute a hazard barrier somewhen between the write and read access.
Even if not, the window is probably in the thousands of cycles so likely
too large to actually consistute a pipeline hazard.

Reported and initial patch by Chris Dearman <chris@mips.com>.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

 arch/mips/include/asm/mmu_context.h |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h
index ed331c2..d339d9d 100644
--- a/arch/mips/include/asm/mmu_context.h
+++ b/arch/mips/include/asm/mmu_context.h
@@ -16,6 +16,7 @@
 #include <linux/smp.h>
 #include <linux/slab.h>
 #include <asm/cacheflush.h>
+#include <asm/hazards.h>
 #include <asm/tlbflush.h>
 #ifdef CONFIG_MIPS_MT_SMTC
 #include <asm/mipsmtregs.h>
@@ -35,12 +36,16 @@ extern unsigned long pgd_current[];
 
 #ifdef CONFIG_32BIT
 #define TLBMISS_HANDLER_SETUP()						\
+	back_to_back_c0_hazard();					\
 	write_c0_context((unsigned long) smp_processor_id() << 25);	\
+	back_to_back_c0_hazard();					\
 	TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir)
 #endif
 #ifdef CONFIG_64BIT
 #define TLBMISS_HANDLER_SETUP()						\
+	back_to_back_c0_hazard();					\
 	write_c0_context((unsigned long) smp_processor_id() << 26);	\
+	back_to_back_c0_hazard();					\
 	TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir)
 #endif
 

^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2009-10-12  3:19 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-11  6:07 [PATCH] Avoid potential hazard on Context register Chris Dearman
2009-10-11 13:39 ` Ralf Baechle
2009-10-11 14:53   ` Ralf Baechle
2009-10-11 20:26     ` Chris Dearman
2009-10-12  3:20       ` Ralf Baechle
2009-10-11 20:05   ` Chris Dearman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).