[PATCH 0/8] Fix 8xx MMU/TLB
joakim.tjernlund at transmode.se
Fri Oct 16 19:16:07 EST 2009
Rex Feany <RFeany at mrv.com> wrote on 15/10/2009 18:56:50:
> arch/powerpc/kernel/head_8xx.o: In function `FixupDAR':
> /home/rfeany/src/lnxnm/linux-dev/arch/powerpc/kernel/head_8xx.S:576: undefined
> reference to `DARfix'
> With all of your patches applied I have this problem:
> open("/proc/mounts", O_RDONLY) = 3
> fstat64(0x3, 0x7fc6ad58) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x3001f000
> read(3, 0x3001f000, 1024) = -1 EFAULT (Bad address)
> exit_group(0) = ?
> but it works fine with /dev/zero:
> open("/dev/zero", O_RDONLY) = 3
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x30001000
> read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> \0"..., 1024) = 1024
> If I revert "8xx: start using dcbX instructions in various copy
> routines" then it works again. I think it is the cache instructions
> added to __copy_tofrom_user: reading from /dev/zero is OK (it uses
> __clear_user, no dcbX), but copy_to_user() fails.
Yes, only copy_tofrom_user will actually case a TLBError with
the dcbX insn.
> It seems stable with all but the dcbX patch applied. I haven't been able
> to crash it yet, anyway :)
Right, it is the pte table walk that is blowing up.
I just noted that 2.6 lacks a tophys() call in its table walk
so I removed that one(there is one more tophys call but I don't think
it should be removed).
Try this addon patch:
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 3df4a17..0e91da4 100644
@@ -540,7 +540,6 @@ DARFixed:/* Return from dcbx instruction bug workaround, r10 holds value of DAR
mtspr SPRN_MD_EPN, r10
mfspr r11, SPRN_M_TWB /* Get level 1 table entry address */
lwz r11, 0(r11) /* Get the level 1 entry */
- tophys (r11, r11)
mtspr SPRN_MD_TWC, r11 /* Load pte table base address */
mfspr r11, SPRN_MD_TWC /* ....and get the pte address */
More information about the Linuxppc-dev