Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4f6deb8c authored by David S. Miller's avatar David S. Miller
Browse files

sparc: Don't leak context bits into thread->fault_address 



On pre-Niagara systems, we fetch the fault address on data TLB
exceptions from the TLB_TAG_ACCESS register.  But this register also
contains the context ID assosciated with the fault in the low 13 bits
of the register value.

This propagates into current_thread_info()->fault_address and can
cause trouble later on.

So clear the low 13-bits out of the TLB_TAG_ACCESS value in the cases
where it matters.

Reported-by: default avatarMikulas Patocka <mpatocka@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8448cefe

arch/sparc/kernel/dtlb_prot.S

+2 −2
Original line number Diff line number Diff line
@@ -25,13 +25,13 @@ 


/* PROT ** ICACHE line 2: More real fault processing */

	ldxa		[%g4] ASI_DMMU, %g5		! Put tagaccess in %g5

	srlx		%g5, PAGE_SHIFT, %g5

	sllx		%g5, PAGE_SHIFT, %g5		! Clear context ID bits

	bgu,pn		%xcc, winfix_trampoline		! Yes, perform winfixup

	 mov		FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4

	ba,pt		%xcc, sparc64_realfault_common	! Nope, normal fault

	 nop

	nop

	nop

	nop



/* PROT ** ICACHE line 3: Unused...	*/

	nop

arch/sparc/kernel/ktlb.S

+12 −0
Original line number Diff line number Diff line
@@ -20,6 +20,10 @@ kvmap_itlb: 
	mov		TLB_TAG_ACCESS, %g4

	ldxa		[%g4] ASI_IMMU, %g4



	/* The kernel executes in context zero, therefore we do not

	 * need to clear the context ID bits out of %g4 here.

	 */



	/* sun4v_itlb_miss branches here with the missing virtual

	 * address already loaded into %g4

	 */
@@ -128,6 +132,10 @@ kvmap_dtlb: 
	mov		TLB_TAG_ACCESS, %g4

	ldxa		[%g4] ASI_DMMU, %g4



	/* The kernel executes in context zero, therefore we do not

	 * need to clear the context ID bits out of %g4 here.

	 */



	/* sun4v_dtlb_miss branches here with the missing virtual

	 * address already loaded into %g4

	 */
@@ -251,6 +259,10 @@ kvmap_dtlb_longpath: 
	nop

	.previous



	/* The kernel executes in context zero, therefore we do not

	 * need to clear the context ID bits out of %g5 here.

	 */



	be,pt	%xcc, sparc64_realfault_common

	 mov	FAULT_CODE_DTLB, %g4

	ba,pt	%xcc, winfix_trampoline

arch/sparc/kernel/tsb.S

+10 −2
Original line number Diff line number Diff line
@@ -29,13 +29,17 @@ 
	 */

tsb_miss_dtlb:

	mov		TLB_TAG_ACCESS, %g4

	ba,pt		%xcc, tsb_miss_page_table_walk

	ldxa		[%g4] ASI_DMMU, %g4

	srlx		%g4, PAGE_SHIFT, %g4

	ba,pt		%xcc, tsb_miss_page_table_walk

	 sllx		%g4, PAGE_SHIFT, %g4



tsb_miss_itlb:

	mov		TLB_TAG_ACCESS, %g4

	ba,pt		%xcc, tsb_miss_page_table_walk

	ldxa		[%g4] ASI_IMMU, %g4

	srlx		%g4, PAGE_SHIFT, %g4

	ba,pt		%xcc, tsb_miss_page_table_walk

	 sllx		%g4, PAGE_SHIFT, %g4



	/* At this point we have:

	 * %g1 --	PAGE_SIZE TSB entry address
@@ -284,6 +288,10 @@ tsb_do_dtlb_fault: 
	nop

	.previous



	/* Clear context ID bits.  */

	srlx		%g5, PAGE_SHIFT, %g5

	sllx		%g5, PAGE_SHIFT, %g5



	be,pt	%xcc, sparc64_realfault_common

	 mov	FAULT_CODE_DTLB, %g4

	ba,pt	%xcc, winfix_trampoline