diff options
| author | David S. Miller <davem@davemloft.net> | 2014-10-18 23:03:09 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-10-18 23:03:09 -0400 |
| commit | 84bd6d8b9c0f06b3f188efb479c77e20f05e9a8a (patch) | |
| tree | cd2253bd51ef69d5dd85f23325c4711ca0c9717f | |
| parent | 52d589a01d4545ce1dc5c3892bb8c7b55edfe714 (diff) | |
sparc64: Fix corrupted thread fault code.
Every path that ends up at do_sparc64_fault() must install a valid
FAULT_CODE_* bitmask in the per-thread fault code byte.
Two paths leading to the label winfix_trampoline (which expects the
FAULT_CODE_* mask in register %g4) were not doing so:
1) For pre-hypervisor TLB protection violation traps, if we took
the 'winfix_trampoline' path we wouldn't have %g4 initialized
with the FAULT_CODE_* value yet. Resulting in using the
TLB_TAG_ACCESS register address value instead.
2) In the TSB miss path, when we notice that we are going to use a
hugepage mapping, but we haven't allocated the hugepage TSB yet, we
still have to take the window fixup case into consideration and
in that particular path we leave %g4 not setup properly.
Errors on this sort were largely invisible previously, but after
commit 4ccb9272892c33ef1c19a783cfa87103b30c2784 ("sparc64: sun4v TLB
error power off events") we now have a fault_code mask bit
(FAULT_CODE_BAD_RA) that triggers due to this bug.
FAULT_CODE_BAD_RA triggers because this bit is set in TLB_TAG_ACCESS
(see #1 above) and thus we get seemingly random bus errors triggered
for user processes.
Fixes: 4ccb9272892c ("sparc64: sun4v TLB error power off events")
Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | arch/sparc/kernel/dtlb_prot.S | 6 | ||||
| -rw-r--r-- | arch/sparc/kernel/tsb.S | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S index b2c2c5be281c..d668ca149e64 100644 --- a/arch/sparc/kernel/dtlb_prot.S +++ b/arch/sparc/kernel/dtlb_prot.S | |||
| @@ -24,11 +24,11 @@ | |||
| 24 | mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr | 24 | mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr |
| 25 | 25 | ||
| 26 | /* PROT ** ICACHE line 2: More real fault processing */ | 26 | /* PROT ** ICACHE line 2: More real fault processing */ |
| 27 | ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5 | ||
| 27 | bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup | 28 | bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup |
| 28 | ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5 | ||
| 29 | ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault | ||
| 30 | mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4 | 29 | mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4 |
| 31 | nop | 30 | ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault |
| 31 | nop | ||
| 32 | nop | 32 | nop |
| 33 | nop | 33 | nop |
| 34 | nop | 34 | nop |
diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S index 14158d40ba76..be98685c14c6 100644 --- a/arch/sparc/kernel/tsb.S +++ b/arch/sparc/kernel/tsb.S | |||
| @@ -162,10 +162,10 @@ tsb_miss_page_table_walk_sun4v_fastpath: | |||
| 162 | nop | 162 | nop |
| 163 | .previous | 163 | .previous |
| 164 | 164 | ||
| 165 | rdpr %tl, %g3 | 165 | rdpr %tl, %g7 |
| 166 | cmp %g3, 1 | 166 | cmp %g7, 1 |
| 167 | bne,pn %xcc, winfix_trampoline | 167 | bne,pn %xcc, winfix_trampoline |
| 168 | nop | 168 | mov %g3, %g4 |
| 169 | ba,pt %xcc, etrap | 169 | ba,pt %xcc, etrap |
| 170 | rd %pc, %g7 | 170 | rd %pc, %g7 |
| 171 | call hugetlb_setup | 171 | call hugetlb_setup |