Fix small race in 44x tlbie function
Benjamin Herrenschmidt
benh at kernel.crashing.org
Thu Aug 9 09:01:29 EST 2007
On Wed, 2007-08-08 at 16:29 -0500, Josh Boyer wrote:
> On Wed, 8 Aug 2007 20:43:25 +0000 (UTC)
> Hollis Blanchard <hollisb at us.ibm.com> wrote:
>
> > On Tue, 07 Aug 2007 14:20:50 +1000, David Gibson wrote:
> > >
> > > This patch fixes the problem in both arch/ppc and arch/powerpc by
> > > inhibiting interrupts (even critical and debug interrupts) across the
> > > relevant instructions.
> >
> > How could a critical or debug interrupt modify the contents of MMUCR?
>
> Interrupts from UICs can be configured as critical. If one of those
> triggers, (or any other CE triggers) and causes a tlb miss, you have a
> race. The watchdog timer interrupt also is a CE IIRC.
>
> CE and DE are admittedly a much smaller race, but still possible.
> Masking EE off is the largest one.
There is a much bigger problem if CEs can do tlb misses though... they
can interrupt the tlb miss handler itself, either between the two halves
of a tlb write, or between the write to MMUCR and the write to the tlb,
and I suspect both cases will cause trouble.
We might want to check if we were in the TLB miss handler upon return
from the CE and MCE handlers, and in this case, restart them (just
return to the faulting instruction, that is use srr0 instead of
csrr0/mcsrr0).
Ben.
More information about the Linuxppc-dev
mailing list