Christophe Leroy writes: > In ITLB miss handled the line supposed to clear bits 20-23 on the > L2 ITLB entry is buggy and does indeed nothing, leading to undefined > value which could allow execution when it shouldn't. > > Properly do the clearing with the relevant instruction. > > Fixes: 74fabcadfd43 ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") > Cc: stable@vger.kernel.org > Signed-off-by: Christophe Leroy > --- > arch/powerpc/kernel/head_8xx.S | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S > index 9922306ae512..073a651787df 100644 > --- a/arch/powerpc/kernel/head_8xx.S > +++ b/arch/powerpc/kernel/head_8xx.S > @@ -256,7 +256,7 @@ InstructionTLBMiss: > * set. All other Linux PTE bits control the behavior > * of the MMU. > */ > - rlwimi r10, r10, 0, 0x0f00 /* Clear bits 20-23 */ > + rlwinm r10, r10, 0, ~0x0f00 /* Clear bits 20-23 */ > rlwimi r10, r10, 4, 0x0400 /* Copy _PAGE_EXEC into bit 21 */ > ori r10, r10, RPN_PATTERN | 0x200 /* Set 22 and 24-27 */ > mtspr SPRN_MI_RPN, r10 /* Update TLB entry */ > -- > 2.25.0 Looks a valid change. rlwimi r10, r10, 0, 0x0f00 means: r10 = ((r10 << 0) & 0x0f00) | (r10 & ~0x0f00) which ends up being r10 = r10 On ISA, rlwinm is recommended for clearing high order bits. rlwinm r10, r10, 0, ~0x0f00 means: r10 = (r10 << 0) & ~0x0f00 Which does exactly what the comments suggests. FWIW: Reviwed-by: Leonardo Bras