New 745x errata
Gabriel Paubert
paubert at iram.es
Tue Nov 18 02:49:17 EST 2003
On Mon, Nov 17, 2003 at 03:37:00PM +0000, Adrian Cox wrote:
> On Mon, 2003-11-17 at 15:12, Gabriel Paubert wrote:
> > On Mon, Nov 17, 2003 at 02:57:53PM +0000, Adrian Cox wrote:
> > > Any opinion on the dcbt issue? It looks like it could provide a way for
> > > a malicious userspace application to crash the machine, though it needs
> > > a combination of:
> > > 1) good timing
> > > 2) a peripheral that would be confused by an extra read cycle
>
> > Well, only privileged applications should have access to
> > peripherals, no?
> [...]
> > But maybe I miss something.
>
> That's the bug - a dcbt to a protected region can cause a spurious read
> cycle to that address. To trigger it:
>
> 1) the target address is in a BAT or TLB, marked as supervisor access
> only.
> 2) a cache miss to a cache alias of the target address reaches the
> load-store unit
> 2) you issue a dcbt to the target address within 1 clock cycle of step
> 2.
>
> Actually, I now believe the bug may be harmless, as the peripheral has
> an extra defence - its BAT or TLB entry will be non-cacheable, so no bus
> cycle will occur. The text of the errata doesn't spell this out as
> clearly as I'd like, but I think all it can do is cause a spurious bus
> cycle to ram.
If this is true, this is not very different from a speculative cache line
fill which turns out not to be necessary, wasteful but not a big deal.
Gabriel
** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc-dev
mailing list