New 745x errata

Gabriel Paubert paubert at
Tue Nov 18 04:05:14 EST 2003

On Mon, Nov 17, 2003 at 03:37:00PM +0000, Adrian Cox wrote:
> On Mon, 2003-11-17 at 15:12, Gabriel Paubert wrote:
> > On Mon, Nov 17, 2003 at 02:57:53PM +0000, Adrian Cox wrote:
> > > Any opinion on the dcbt issue?  It looks like it could provide a way for
> > > a malicious userspace application to crash the machine, though it needs
> > > a combination of:
> > > 1) good timing
> > > 2) a peripheral that would be confused by an extra read cycle
> > Well, only privileged applications should have access to
> > peripherals, no?
> [...]
> > But maybe I miss something.
> That's the bug - a dcbt to a protected region can cause a spurious read
> cycle to that address. To trigger it:
> 1) the target address is in a BAT or TLB, marked as supervisor access
> only.
> 2) a cache miss to a cache alias of the target address reaches the
> load-store unit
> 2) you issue a dcbt to the target address within 1 clock cycle of step
> 2.
> Actually, I now believe the bug may be harmless, as the peripheral has
> an extra defence - its BAT or TLB entry will be non-cacheable, so no bus
> cycle will occur. The text of the errata doesn't spell this out as
> clearly as I'd like, but I think all it can do is cause a spurious bus
> cycle to ram.

Now that I downloaded the errata, it is rather clear that if the area
is cache-inhibited, there won't be any spurious access.

You might have a spurious access to a write-through area, even if
guarded it seems, but if something is marked write through, spurious
reads should have no side effects to start with.

In short, I believe that the erratum is harmless, until somebody
clearly shows that I'm wrong of course :-)


** Sent via the linuxppc-dev mail list. See

More information about the Linuxppc-dev mailing list