| 1 |
On 2016-08-08 18:52, Jack Morgan wrote: |
| 2 |
> Any update on this issue? rsync is still broken on sparc. |
| 3 |
|
| 4 |
Yes it, as well as ssh, ssl, and ext4 bugs were fixed via this patch. It |
| 5 |
was taged for stable. |
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
-------- Original Message -------- |
| 10 |
Subject: [PATCH] sparc: Don't leak context bits into |
| 11 |
thread->fault_address |
| 12 |
Date: 2016-07-27 20:53 |
| 13 |
From: David Miller <davem@×××××××××.net> |
| 14 |
To: sparclinux@×××××××××××.org |
| 15 |
Cc: mpatocka@××××××.com |
| 16 |
|
| 17 |
On pre-Niagara systems, we fetch the fault address on data TLB |
| 18 |
exceptions from the TLB_TAG_ACCESS register. But this register also |
| 19 |
contains the context ID assosciated with the fault in the low 13 bits |
| 20 |
of the register value. |
| 21 |
|
| 22 |
This propagates into current_thread_info()->fault_address and can |
| 23 |
cause trouble later on. |
| 24 |
|
| 25 |
So clear the low 13-bits out of the TLB_TAG_ACCESS value in the cases |
| 26 |
where it matters. |
| 27 |
|
| 28 |
Reported-by: Mikulas Patocka <mpatocka@××××××.com> |
| 29 |
Signed-off-by: David S. Miller <davem@×××××××××.net> |
| 30 |
--- |
| 31 |
arch/sparc/kernel/dtlb_prot.S | 4 ++-- |
| 32 |
arch/sparc/kernel/ktlb.S | 12 ++++++++++++ |
| 33 |
arch/sparc/kernel/tsb.S | 12 ++++++++++-- |
| 34 |
3 files changed, 24 insertions(+), 4 deletions(-) |
| 35 |
|
| 36 |
diff --git a/arch/sparc/kernel/dtlb_prot.S |
| 37 |
b/arch/sparc/kernel/dtlb_prot.S |
| 38 |
index d668ca14..4087a62 100644 |
| 39 |
--- a/arch/sparc/kernel/dtlb_prot.S |
| 40 |
+++ b/arch/sparc/kernel/dtlb_prot.S |
| 41 |
@@ -25,13 +25,13 @@ |
| 42 |
|
| 43 |
/* PROT ** ICACHE line 2: More real fault processing */ |
| 44 |
ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5 |
| 45 |
+ srlx %g5, PAGE_SHIFT, %g5 |
| 46 |
+ sllx %g5, PAGE_SHIFT, %g5 ! Clear context ID bits |
| 47 |
bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup |
| 48 |
mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4 |
| 49 |
ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault |
| 50 |
nop |
| 51 |
nop |
| 52 |
- nop |
| 53 |
- nop |
| 54 |
|
| 55 |
/* PROT ** ICACHE line 3: Unused... */ |
| 56 |
nop |
| 57 |
diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S |
| 58 |
index ef0d8e9..f22bec0 100644 |
| 59 |
--- a/arch/sparc/kernel/ktlb.S |
| 60 |
+++ b/arch/sparc/kernel/ktlb.S |
| 61 |
@@ -20,6 +20,10 @@ kvmap_itlb: |
| 62 |
mov TLB_TAG_ACCESS, %g4 |
| 63 |
ldxa [%g4] ASI_IMMU, %g4 |
| 64 |
|
| 65 |
+ /* The kernel executes in context zero, therefore we do not |
| 66 |
+ * need to clear the context ID bits out of %g4 here. |
| 67 |
+ */ |
| 68 |
+ |
| 69 |
/* sun4v_itlb_miss branches here with the missing virtual |
| 70 |
* address already loaded into %g4 |
| 71 |
*/ |
| 72 |
@@ -128,6 +132,10 @@ kvmap_dtlb: |
| 73 |
mov TLB_TAG_ACCESS, %g4 |
| 74 |
ldxa [%g4] ASI_DMMU, %g4 |
| 75 |
|
| 76 |
+ /* The kernel executes in context zero, therefore we do not |
| 77 |
+ * need to clear the context ID bits out of %g4 here. |
| 78 |
+ */ |
| 79 |
+ |
| 80 |
/* sun4v_dtlb_miss branches here with the missing virtual |
| 81 |
* address already loaded into %g4 |
| 82 |
*/ |
| 83 |
@@ -251,6 +259,10 @@ kvmap_dtlb_longpath: |
| 84 |
nop |
| 85 |
.previous |
| 86 |
|
| 87 |
+ /* The kernel executes in context zero, therefore we do not |
| 88 |
+ * need to clear the context ID bits out of %g5 here. |
| 89 |
+ */ |
| 90 |
+ |
| 91 |
be,pt %xcc, sparc64_realfault_common |
| 92 |
mov FAULT_CODE_DTLB, %g4 |
| 93 |
ba,pt %xcc, winfix_trampoline |
| 94 |
diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S |
| 95 |
index be98685..d568c82 100644 |
| 96 |
--- a/arch/sparc/kernel/tsb.S |
| 97 |
+++ b/arch/sparc/kernel/tsb.S |
| 98 |
@@ -29,13 +29,17 @@ |
| 99 |
*/ |
| 100 |
tsb_miss_dtlb: |
| 101 |
mov TLB_TAG_ACCESS, %g4 |
| 102 |
+ ldxa [%g4] ASI_DMMU, %g4 |
| 103 |
+ srlx %g4, PAGE_SHIFT, %g4 |
| 104 |
ba,pt %xcc, tsb_miss_page_table_walk |
| 105 |
- ldxa [%g4] ASI_DMMU, %g4 |
| 106 |
+ sllx %g4, PAGE_SHIFT, %g4 |
| 107 |
|
| 108 |
tsb_miss_itlb: |
| 109 |
mov TLB_TAG_ACCESS, %g4 |
| 110 |
+ ldxa [%g4] ASI_IMMU, %g4 |
| 111 |
+ srlx %g4, PAGE_SHIFT, %g4 |
| 112 |
ba,pt %xcc, tsb_miss_page_table_walk |
| 113 |
- ldxa [%g4] ASI_IMMU, %g4 |
| 114 |
+ sllx %g4, PAGE_SHIFT, %g4 |
| 115 |
|
| 116 |
/* At this point we have: |
| 117 |
* %g1 -- PAGE_SIZE TSB entry address |
| 118 |
@@ -284,6 +288,10 @@ tsb_do_dtlb_fault: |
| 119 |
nop |
| 120 |
.previous |
| 121 |
|
| 122 |
+ /* Clear context ID bits. */ |
| 123 |
+ srlx %g5, PAGE_SHIFT, %g5 |
| 124 |
+ sllx %g5, PAGE_SHIFT, %g5 |
| 125 |
+ |
| 126 |
be,pt %xcc, sparc64_realfault_common |
| 127 |
mov FAULT_CODE_DTLB, %g4 |
| 128 |
ba,pt %xcc, winfix_trampoline |
Archives