From: Joakim Tjernlund <joakim.tjernlund@transmode.se>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
Rex Feany <RFeany@mrv.com>
Subject: Re: [PATCH] powerpc/8xx: fix regression introduced by cache coherency rewrite
Date: Tue, 29 Sep 2009 13:56:42 +0200 [thread overview]
Message-ID: <OF94793A12.243E8E02-ONC1257640.0040DE05-C1257640.00419DBD@transmode.se> (raw)
In-Reply-To: <1254212198.5256.0.camel@pasglop>
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 29/09/2009 10:16:38:
>
>
> > hmm, yes. You do get this and mysterious SEGV if you hit the but so does
> > other bugs too so this is probably due to missing invalidation.
> >
> > I suspect that something like below will fix the problem and
> > is the "correct" fix(untested, not even compiled):
>
> Ok but do we also still have to worry about the "unpopulated" TLB
> entries and invalidate them somehow when populating ?
Since I am probably the only one that knows about DAR problem I figured
I should take a stab at it. This is not tested, but I hope Rex and the list
can do that. Once this works as it should, we can remove all special handling
for 8xx in copy_tofrom_user() and friends.
No sign-off yet, want some confirmation first.
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 4dd38f1..691ebd3 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -774,7 +774,14 @@ restore:
lwz r11,_CTR(r1)
mtspr SPRN_XER,r10
mtctr r11
-
+#ifdef CONFIG_8xx
+ /* Tag DAR with a well know value.
+ * This needs to match head_8xx.S and
+ * do_page_fault()
+ */
+ li r10, 0xf0
+ mtspr SPRN_DAR, r10
+#endif
PPC405_ERR77(0,r1)
BEGIN_FTR_SECTION
lwarx r11,0,r1
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 52ff8c5..418ea96 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -39,6 +39,15 @@
#else
#define DO_8xx_CPU6(val, reg)
#endif
+
+/* DAR needs to be tagged with a known value so that the
+ * DataTLB Miss/Error and do_page_fault() can recognize a
+ * buggy dcbx instruction and workaround the problem.
+ * dcbf, dcbi, dcbst, dcbz instructions do not update DAR
+ * when trapping into a Data TLB Miss/Error. See
+ * DataStoreTLBMiss and DataTLBError for details
+ */
+
__HEAD
_ENTRY(_stext);
_ENTRY(_start);
@@ -428,7 +437,8 @@ DataStoreTLBMiss:
* set. All other Linux PTE bits control the behavior
* of the MMU.
*/
-2: li r11, 0x00f0
+ li r11, 0x00f0
+ mtspr SPRN_DAR, r11 /* Tag DAR */
rlwimi r10, r11, 0, 24, 28 /* Set 24-27, clear 28 */
DO_8xx_CPU6(0x3d80, r3)
mtspr SPRN_MD_RPN, r10 /* Update TLB entry */
@@ -441,7 +451,15 @@ DataStoreTLBMiss:
lwz r3, 8(r0)
#endif
rfi
-
+2:
+ mfspr r10, SPRN_M_TW /* Restore registers */
+ lwz r11, 0(r0)
+ mtcr r11
+ lwz r11, 4(r0)
+#ifdef CONFIG_8xx_CPU6
+ lwz r3, 8(r0)
+#endif
+ b DataAccess
/* This is an instruction TLB error on the MPC8xx. This could be due
* to many reasons, such as executing guarded memory or illegal instruction
* addresses. There is nothing to do but handle a big time error fault.
@@ -492,6 +510,8 @@ DataTLBError:
* assuming we only use the dcbi instruction on kernel addresses.
*/
mfspr r10, SPRN_DAR
+ cmpwi cr0, r10, 0xf0 /* check it DAR holds a tag */
+ beq- 2f
rlwinm r11, r10, 0, 0, 19
ori r11, r11, MD_EVALID
mfspr r10, SPRN_M_CASID
@@ -547,6 +567,7 @@ DataTLBError:
* of the MMU.
*/
li r11, 0x00f0
+ mtspr SPRN_DAR, r11 /* Tag DAR */
rlwimi r10, r11, 0, 24, 28 /* Set 24-27, clear 28 */
DO_8xx_CPU6(0x3d80, r3)
mtspr SPRN_MD_RPN, r10 /* Update TLB entry */
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 7699394..be779b2 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -125,6 +125,32 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
int trap = TRAP(regs);
int is_exec = trap == 0x400;
+#if defined(CONFIG_8xx)
+/*
+ Workarund DTLB Miss/Error, as these do not update DAR
+ for dcbf, dcbi, dcbst, dcbz instructions
+ This relies on every exception tagging DAR with 0xf0
+ before returning (rfi)
+ DAR as passed as address to this function.
+ */
+#define RA(inst) (((inst) & 0x001F0000) >> 16)
+#define RB(inst) (((inst) & 0x0000F800) >> 11)
+ {
+ unsigned long ra, rb, dar, insns;
+
+ if (trap == 0x300 && address == 0xf0) {
+ insns = *((unsigned long *)regs->nip);
+ /* Really check if it is an dcbf, dcbi, dcbst, dcbz insns ? */
+ ra = RA(insns); /* Reg Ra */
+ rb = RB(insns); /* Reg Rb */
+ dar = regs->gpr[rb];
+ if (ra)
+ dar += regs->gpr[ra];
+ /* regs->dar = dar; perhaps */
+ address = dar;
+ }
+ }
+#endif
#if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE))
/*
* Fortunately the bit assignments in SRR1 for an instruction
next prev parent reply other threads:[~2009-09-29 11:59 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-24 0:45 [PATCH] powerpc/8xx: fix regression introduced by cache coherency rewrite Rex Feany
2009-09-24 6:44 ` Benjamin Herrenschmidt
2009-09-24 23:33 ` Rex Feany
2009-09-24 23:52 ` Benjamin Herrenschmidt
2009-09-25 1:35 ` Rex Feany
2009-09-25 1:51 ` Benjamin Herrenschmidt
2009-09-25 3:03 ` Benjamin Herrenschmidt
2009-09-25 8:31 ` Joakim Tjernlund
2009-09-25 9:47 ` Benjamin Herrenschmidt
2009-09-25 10:21 ` Joakim Tjernlund
2009-09-25 21:18 ` Rex Feany
2009-09-27 13:22 ` Joakim Tjernlund
2009-09-28 3:21 ` Benjamin Herrenschmidt
2009-09-28 7:22 ` Joakim Tjernlund
2009-09-28 7:34 ` Benjamin Herrenschmidt
2009-09-28 7:39 ` Joakim Tjernlund
2009-09-28 10:02 ` Joakim Tjernlund
2009-09-29 1:21 ` Rex Feany
2009-09-29 6:26 ` Joakim Tjernlund
2009-09-29 7:07 ` Benjamin Herrenschmidt
2009-09-29 8:13 ` Joakim Tjernlund
2009-09-29 8:16 ` Benjamin Herrenschmidt
2009-09-29 8:24 ` Joakim Tjernlund
2009-09-29 11:56 ` Joakim Tjernlund [this message]
2009-09-29 21:03 ` Rex Feany
2009-09-30 7:59 ` Joakim Tjernlund
2009-09-30 8:19 ` Joakim Tjernlund
2009-09-30 9:00 ` Rex Feany
2009-09-30 9:58 ` Joakim Tjernlund
2009-09-30 11:18 ` Joakim Tjernlund
2009-09-30 17:23 ` Joakim Tjernlund
2009-09-30 22:35 ` Benjamin Herrenschmidt
2009-10-01 7:05 ` Joakim Tjernlund
2009-10-02 13:06 ` Joakim Tjernlund
2009-10-02 18:10 ` Joakim Tjernlund
2009-10-02 21:49 ` Scott Wood
2009-10-02 22:04 ` Benjamin Herrenschmidt
2009-10-05 19:28 ` Scott Wood
2009-10-05 20:29 ` Benjamin Herrenschmidt
2009-10-05 21:04 ` Scott Wood
2009-10-03 8:05 ` Joakim Tjernlund
2009-10-03 8:31 ` Benjamin Herrenschmidt
2009-10-03 9:24 ` Joakim Tjernlund
2009-10-03 10:57 ` Benjamin Herrenschmidt
2009-10-03 11:47 ` Joakim Tjernlund
2009-10-04 8:35 ` Joakim Tjernlund
2009-10-04 20:26 ` Benjamin Herrenschmidt
2009-10-04 20:38 ` Joakim Tjernlund
2009-10-05 18:24 ` Scott Wood
2009-10-05 18:50 ` Joakim Tjernlund
2009-10-04 20:10 ` Joakim Tjernlund
2009-10-04 20:28 ` Benjamin Herrenschmidt
2009-10-04 20:45 ` Joakim Tjernlund
2009-10-05 7:28 ` Joakim Tjernlund
2009-10-05 19:16 ` Joakim Tjernlund
2009-10-05 20:28 ` Benjamin Herrenschmidt
2009-09-29 7:07 ` Benjamin Herrenschmidt
2009-09-29 21:09 ` Rex Feany
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OF94793A12.243E8E02-ONC1257640.0040DE05-C1257640.00419DBD@transmode.se \
--to=joakim.tjernlund@transmode.se \
--cc=RFeany@mrv.com \
--cc=benh@kernel.crashing.org \
--cc=linuxppc-dev@ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.