New 745x errata
paubert at iram.es
Tue Nov 18 04:05:14 EST 2003
On Mon, Nov 17, 2003 at 03:37:00PM +0000, Adrian Cox wrote:
> On Mon, 2003-11-17 at 15:12, Gabriel Paubert wrote:
> > On Mon, Nov 17, 2003 at 02:57:53PM +0000, Adrian Cox wrote:
> > > Any opinion on the dcbt issue? It looks like it could provide a way for
> > > a malicious userspace application to crash the machine, though it needs
> > > a combination of:
> > > 1) good timing
> > > 2) a peripheral that would be confused by an extra read cycle
> > Well, only privileged applications should have access to
> > peripherals, no?
> > But maybe I miss something.
> That's the bug - a dcbt to a protected region can cause a spurious read
> cycle to that address. To trigger it:
> 1) the target address is in a BAT or TLB, marked as supervisor access
> 2) a cache miss to a cache alias of the target address reaches the
> load-store unit
> 2) you issue a dcbt to the target address within 1 clock cycle of step
> Actually, I now believe the bug may be harmless, as the peripheral has
> an extra defence - its BAT or TLB entry will be non-cacheable, so no bus
> cycle will occur. The text of the errata doesn't spell this out as
> clearly as I'd like, but I think all it can do is cause a spurious bus
> cycle to ram.
Now that I downloaded the errata, it is rather clear that if the area
is cache-inhibited, there won't be any spurious access.
You might have a spurious access to a write-through area, even if
guarded it seems, but if something is marked write through, spurious
reads should have no side effects to start with.
In short, I believe that the erratum is harmless, until somebody
clearly shows that I'm wrong of course :-)
** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/
More information about the Linuxppc-dev