Changeset 36f19c0 in mainline

Timestamp:

2007-04-09T16:21:47Z (18 years ago)

Author:

Jakub Jermar <jakub@…>

Branches:

lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export

Children:

ec5b3204

Parents:

183788f1

Message:

Fix a nasty bug in the TLB miss handlers on sparc64.
After we no longer lock the kernel stack in the DTLB,
there is a real danger of nested DTLB misses. The nested
miss can very easily clobber the DTLB Tag Access register.
Therefore, the original miss may not read this register, but
it has to receive its value as an argument. The argument
value is saved in the trap table when it is guaranteed that
the nested TLB miss will not occur.

Location:

kernel/arch/sparc64

Files:

• include/mm/tlb.h (modified) (1 diff)
• include/trap/mmu.h (modified) (2 diffs)
• src/mm/tlb.c (modified) (5 diffs)

kernel/arch/sparc64/include/mm/tlb.h

@@ -429 +429 @@
 }
 
-extern void fast_instruction_access_mmu_miss(int n, istate_t *istate);
-extern void fast_data_access_mmu_miss(int n, istate_t *istate);
-extern void fast_data_access_protection(int n, istate_t *istate);
+extern void fast_instruction_access_mmu_miss(unative_t unused, istate_t *istate);
+extern void fast_data_access_mmu_miss(tlb_tag_access_reg_t tag, istate_t *istate);
+extern void fast_data_access_protection(tlb_tag_access_reg_t tag , istate_t *istate);
 
 extern void dtlb_insert_mapping(uintptr_t page, uintptr_t frame, int pagesize, bool locked, bool cacheable);

kernel/arch/sparc64/include/trap/mmu.h

@@ -130 +130 @@
 .endif
 
+        /*
+         * Switch from the MM globals.
+         */
         wrpr %g0, PSTATE_PRIV_BIT | PSTATE_AG_BIT, %pstate
+
+        /*
+         * Read the Tag Access register for the higher-level handler.
+         * This is necessary to survive nested DTLB misses.
+         */     
+        mov VA_DMMU_TAG_ACCESS, %g2
+        ldxa [%g2] ASI_DMMU, %g2
+
+        /*
+         * g2 will be passed as an argument to fast_data_access_mmu_miss().
+         */
         PREEMPTIBLE_HANDLER fast_data_access_mmu_miss
 .endm
@@ -143 +157 @@
 .endif
 
+        /*
+         * Switch from the MM globals.
+         */
         wrpr %g0, PSTATE_PRIV_BIT | PSTATE_AG_BIT, %pstate
+
+        /*
+         * Read the Tag Access register for the higher-level handler.
+         * This is necessary to survive nested DTLB misses.
+         */     
+        mov VA_DMMU_TAG_ACCESS, %g2
+        ldxa [%g2] ASI_DMMU, %g2
+
+        /*
+         * g2 will be passed as an argument to fast_data_access_mmu_miss().
+         */
         PREEMPTIBLE_HANDLER fast_data_access_protection
 .endm

kernel/arch/sparc64/src/mm/tlb.c

@@ -199 +199 @@
 
 /** ITLB miss handler. */
-void fast_instruction_access_mmu_miss(int n, istate_t *istate)
+void fast_instruction_access_mmu_miss(unative_t unused, istate_t *istate)
 {
         uintptr_t va = ALIGN_DOWN(istate->tpc, PAGE_SIZE);
@@ -235 +235 @@
  * Note that some faults (e.g. kernel faults) were already resolved by the
  * low-level, assembly language part of the fast_data_access_mmu_miss handler.
- */
-void fast_data_access_mmu_miss(int n, istate_t *istate)
-{
-        tlb_tag_access_reg_t tag;
+ *
+ * @param tag Content of the TLB Tag Access register as it existed when the
+ *    trap happened. This is to prevent confusion created by clobbered
+ *    Tag Access register during a nested DTLB miss.
+ * @param istate Interrupted state saved on the stack.
+ */
+void fast_data_access_mmu_miss(tlb_tag_access_reg_t tag, istate_t *istate)
+{
         uintptr_t va;
         index_t index;
         pte_t *t;
 
-        tag.value = dtlb_tag_access_read();
         va = ALIGN_DOWN((uint64_t) tag.vpn << MMU_PAGE_WIDTH, PAGE_SIZE);
         index = tag.vpn % MMU_PAGES_PER_PAGE;
@@ -283 +286 @@
 }
 
-/** DTLB protection fault handler. */
-void fast_data_access_protection(int n, istate_t *istate)
-{
-        tlb_tag_access_reg_t tag;
+/** DTLB protection fault handler.
+ *
+ * @param tag Content of the TLB Tag Access register as it existed when the
+ *    trap happened. This is to prevent confusion created by clobbered
+ *    Tag Access register during a nested DTLB miss.
+ * @param istate Interrupted state saved on the stack.
+ */
+void fast_data_access_protection(tlb_tag_access_reg_t tag, istate_t *istate)
+{
         uintptr_t va;
         index_t index;
         pte_t *t;
 
-        tag.value = dtlb_tag_access_read();
         va = ALIGN_DOWN((uint64_t) tag.vpn << MMU_PAGE_WIDTH, PAGE_SIZE);
         index = tag.vpn % MMU_PAGES_PER_PAGE;   /* 16K-page emulation */
@@ -372 +379 @@
 
         va = tag.vpn << MMU_PAGE_WIDTH;
-
-        fault_if_from_uspace(istate, "%s, Page=%p (ASID=%d)\n", str, va,
-            tag.context);
+        if (tag.context) {
+                fault_if_from_uspace(istate, "%s, Page=%p (ASID=%d)\n", str, va,
+                    tag.context);
+        }
         dump_istate(istate);
         printf("Faulting page: %p, ASID=%d\n", va, tag.context);
@@ -387 +395 @@
         va = tag.vpn << MMU_PAGE_WIDTH;
 
-        fault_if_from_uspace(istate, "%s, Page=%p (ASID=%d)\n", str, va,
-            tag.context);
+        if (tag.context) {
+                fault_if_from_uspace(istate, "%s, Page=%p (ASID=%d)\n", str, va,
+                    tag.context);
+        }
         printf("Faulting page: %p, ASID=%d\n", va, tag.context);
         dump_istate(istate);