84bd6d8b9c
Every path that ends up at do_sparc64_fault() must install a valid FAULT_CODE_* bitmask in the per-thread fault code byte. Two paths leading to the label winfix_trampoline (which expects the FAULT_CODE_* mask in register %g4) were not doing so: 1) For pre-hypervisor TLB protection violation traps, if we took the 'winfix_trampoline' path we wouldn't have %g4 initialized with the FAULT_CODE_* value yet. Resulting in using the TLB_TAG_ACCESS register address value instead. 2) In the TSB miss path, when we notice that we are going to use a hugepage mapping, but we haven't allocated the hugepage TSB yet, we still have to take the window fixup case into consideration and in that particular path we leave %g4 not setup properly. Errors on this sort were largely invisible previously, but after commit4ccb927289
("sparc64: sun4v TLB error power off events") we now have a fault_code mask bit (FAULT_CODE_BAD_RA) that triggers due to this bug. FAULT_CODE_BAD_RA triggers because this bit is set in TLB_TAG_ACCESS (see #1 above) and thus we get seemingly random bus errors triggered for user processes. Fixes:4ccb927289
("sparc64: sun4v TLB error power off events") Reported-by: Meelis Roos <mroos@linux.ee> Signed-off-by: David S. Miller <davem@davemloft.net>
55 lines
1.2 KiB
ArmAsm
55 lines
1.2 KiB
ArmAsm
/*
|
|
* dtlb_prot.S: DTLB protection trap strategy.
|
|
* This is included directly into the trap table.
|
|
*
|
|
* Copyright (C) 1996,1998 David S. Miller (davem@redhat.com)
|
|
* Copyright (C) 1997,1998 Jakub Jelinek (jj@ultra.linux.cz)
|
|
*/
|
|
|
|
/* Ways we can get here:
|
|
*
|
|
* [TL == 0] 1) User stores to readonly pages.
|
|
* [TL == 0] 2) Nucleus stores to user readonly pages.
|
|
* [TL > 0] 3) Nucleus stores to user readonly stack frame.
|
|
*/
|
|
|
|
/* PROT ** ICACHE line 1: User DTLB protection trap */
|
|
mov TLB_SFSR, %g1
|
|
stxa %g0, [%g1] ASI_DMMU ! Clear FaultValid bit
|
|
membar #Sync ! Synchronize stores
|
|
rdpr %pstate, %g5 ! Move into alt-globals
|
|
wrpr %g5, PSTATE_AG|PSTATE_MG, %pstate
|
|
rdpr %tl, %g1 ! Need a winfixup?
|
|
cmp %g1, 1 ! Trap level >1?
|
|
mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr
|
|
|
|
/* PROT ** ICACHE line 2: More real fault processing */
|
|
ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
|
|
bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup
|
|
mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4
|
|
ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
|
|
/* PROT ** ICACHE line 3: Unused... */
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
|
|
/* PROT ** ICACHE line 4: Unused... */
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|
|
nop
|