44x bug: funny TLB writes?
Hollis Blanchard
hollisb at us.ibm.com
Sat Sep 22 03:37:36 EST 2007
On Fri, 2007-09-21 at 15:42 +1000, David Gibson wrote:
> On Thu, Sep 20, 2007 at 10:34:12PM -0500, Hollis Blanchard wrote:
> > I seem to have come across a strange bug while doing KVM development. It
> > seems that the final tlbwe in finish_tlb (head_44x.S) is actually
> > leaking RPN bits into the "attribute" word.
> >
> > When I set a breakpoint there and press enter on the serial console, I
> > see r12=ef600703, which is the physical address of the UART on this chip
> > (440EP), plus the correct permission bits at the bottom.
> >
> > Am I crazy? I'm not really looking to step through that assembly right
> > now... Clearly (current) hardware is just ignoring these errant writes,
> > but it should be fixed.
>
> A quick glance at the code suggests this is indeed wrong. Hurrah.
> Another reason to rewrite the 44x tlb miss handling.
Actually it's slightly worse than I thought. Not only are we setting "0"
bits in the TLB word, I'm also seeing mappings like this:
pid word0 word1 word2
00000001 7fe4f210 00209000 00200349
That means WIMG=0011, which seems inappropriate for userspace mappings.
(Oh and we're also writing to the only reserved bit in word2.)
--
Hollis Blanchard
IBM Linux Technology Center
More information about the Linuxppc-dev
mailing list