• James Hogan's avatar
    MIPS: mm: Don't clobber $1 on XPA TLB refill · f3832196
    James Hogan authored
    For XPA kernels build_update_entries() uses $1 (at) as a scratch
    register, but doesn't arrange for it to be preserved, so it will always
    be clobbered by the TLB refill exception. Although this register
    normally has a very short lifetime that doesn't cross memory accesses,
    TLB refills due to instruction fetches (either on a page boundary or
    after preemption) could clobber live data, and its easy to reproduce
    the clobber with a little bit of assembler code.
    
    Note that the use of a hardware page table walker will partly mask the
    problem, as the TLB refill handler will not always be invoked.
    
    This is fixed by avoiding the use of the extra scratch register. The
    pte_high parts (going into the lower half of the EntryLo registers) are
    loaded and manipulated separately so as to keep the PTE pointer around
    for the other halves (instead of storing in the scratch register), and
    the pte_low parts (going into the high half of the EntryLo registers)
    are masked with 0x00ffffff using an ext instruction (instead of loading
    0x00ffffff into the scratch register and AND'ing).
    
    [paul.burton@imgtec.com:
      - Rebase atop other TLB work.
      - Use ext instead of an sll, srl sequence.
      - Use cpu_has_xpa instead of #ifdefs.
      - Modify commit subject to include "mm".]
    
    Fixes: c5b36783 ("MIPS: Add support for XPA.")
    Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
    Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
    Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
    Cc: linux-kernel@vger.kernel.org
    Cc: linux-mips@linux-mips.org
    Patchwork: https://patchwork.linux-mips.org/patch/13120/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
    f3832196
tlbex.c 68.3 KB