From acca4f4d9bd657e8bc7e1665ba5077465138f133 Mon Sep 17 00:00:00 2001 From: Paul Mundt Date: Mon, 10 Nov 2008 20:00:45 +0900 Subject: sh: Handle fixmap TLB eviction more coherently. There was a race in the kmap_coherent() implementation. While we guarded against preemption, there was nothing preventing eviction of the pre-faulted fixmap entry from the UTLB. Under certain workloads this would result in the fixmap entries used for cache colouring being evicted from the UTLB in the midst of a copy_page(). In addition to pre-faulting, we also make sure to preserve the PTEs in the kernel page table and introduce a cached PTE for kmap_coherent() usage. This follows a similar change on MIPS ("[MIPS] Fix aliasing bug in copy_to_user_page / copy_from_user_page"). Reported-by: Hideo Saito Reported-by: CHIKAMA Masaki Tested-by: Yoshihiro Shimoda Signed-off-by: Paul Mundt --- arch/sh/include/asm/pgtable.h | 6 ++++++ arch/sh/mm/init.c | 12 +++++++++--- arch/sh/mm/pg-sh4.c | 17 +++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) (limited to 'arch') diff --git a/arch/sh/include/asm/pgtable.h b/arch/sh/include/asm/pgtable.h index 52220d70a096..b517ae08b9c0 100644 --- a/arch/sh/include/asm/pgtable.h +++ b/arch/sh/include/asm/pgtable.h @@ -148,6 +148,12 @@ extern void paging_init(void); extern void page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd); +#if !defined(CONFIG_CACHE_OFF) && defined(CONFIG_CPU_SH4) && defined(CONFIG_MMU) +extern void kmap_coherent_init(void); +#else +#define kmap_coherent_init() do { } while (0) +#endif + #include #endif /* __ASM_SH_PGTABLE_H */ diff --git a/arch/sh/mm/init.c b/arch/sh/mm/init.c index 4abf00031dae..6cbef8caeb56 100644 --- a/arch/sh/mm/init.c +++ b/arch/sh/mm/init.c @@ -137,6 +137,7 @@ void __init page_table_range_init(unsigned long start, unsigned long end, void __init paging_init(void) { unsigned long max_zone_pfns[MAX_NR_ZONES]; + unsigned long vaddr; int nid; /* We don't need to map the kernel through the TLB, as @@ -148,10 +149,15 @@ void __init paging_init(void) * check for a null value. */ set_TTB(swapper_pg_dir); - /* Populate the relevant portions of swapper_pg_dir so that + /* + * Populate the relevant portions of swapper_pg_dir so that * we can use the fixmap entries without calling kmalloc. - * pte's will be filled in by __set_fixmap(). */ - page_table_range_init(FIXADDR_START, FIXADDR_TOP, swapper_pg_dir); + * pte's will be filled in by __set_fixmap(). + */ + vaddr = __fix_to_virt(__end_of_fixed_addresses - 1) & PMD_MASK; + page_table_range_init(vaddr, 0, swapper_pg_dir); + + kmap_coherent_init(); memset(max_zone_pfns, 0, sizeof(max_zone_pfns)); diff --git a/arch/sh/mm/pg-sh4.c b/arch/sh/mm/pg-sh4.c index 38870e0fc182..2fe14da1f839 100644 --- a/arch/sh/mm/pg-sh4.c +++ b/arch/sh/mm/pg-sh4.c @@ -7,6 +7,7 @@ * Released under the terms of the GNU GPL v2.0. */ #include +#include #include #include #include @@ -16,6 +17,20 @@ #define CACHE_ALIAS (current_cpu_data.dcache.alias_mask) +#define kmap_get_fixmap_pte(vaddr) \ + pte_offset_kernel(pmd_offset(pud_offset(pgd_offset_k(vaddr), (vaddr)), (vaddr)), (vaddr)) + +static pte_t *kmap_coherent_pte; + +void __init kmap_coherent_init(void) +{ + unsigned long vaddr; + + /* cache the first coherent kmap pte */ + vaddr = __fix_to_virt(FIX_CMAP_BEGIN); + kmap_coherent_pte = kmap_get_fixmap_pte(vaddr); +} + static inline void *kmap_coherent(struct page *page, unsigned long addr) { enum fixed_addresses idx; @@ -34,6 +49,8 @@ static inline void *kmap_coherent(struct page *page, unsigned long addr) update_mmu_cache(NULL, vaddr, pte); + set_pte(kmap_coherent_pte - (FIX_CMAP_END - idx), pte); + return (void *)vaddr; } -- cgit v1.2.3-55-g7522 From 51ee3d92bfb983790b9ed576c22f59d42adff329 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda Date: Tue, 11 Nov 2008 12:19:11 +0900 Subject: fix sci type for SH7723 This patch changes sci type of SH7723 from PORT_SCI to PORT_SCIFA. Signed-off-by: Yoshihiro Shimoda Signed-off-by: Paul Mundt --- arch/sh/kernel/cpu/sh4a/setup-sh7723.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'arch') diff --git a/arch/sh/kernel/cpu/sh4a/setup-sh7723.c b/arch/sh/kernel/cpu/sh4a/setup-sh7723.c index a7412cede534..6d9e6972cfc9 100644 --- a/arch/sh/kernel/cpu/sh4a/setup-sh7723.c +++ b/arch/sh/kernel/cpu/sh4a/setup-sh7723.c @@ -119,17 +119,17 @@ static struct plat_sci_port sci_platform_data[] = { },{ .mapbase = 0xa4e30000, .flags = UPF_BOOT_AUTOCONF, - .type = PORT_SCI, + .type = PORT_SCIFA, .irqs = { 56, 56, 56, 56 }, },{ .mapbase = 0xa4e40000, .flags = UPF_BOOT_AUTOCONF, - .type = PORT_SCI, + .type = PORT_SCIFA, .irqs = { 88, 88, 88, 88 }, },{ .mapbase = 0xa4e50000, .flags = UPF_BOOT_AUTOCONF, - .type = PORT_SCI, + .type = PORT_SCIFA, .irqs = { 109, 109, 109, 109 }, }, { .flags = 0, -- cgit v1.2.3-55-g7522 From 185aed75570fb4f78ef283dfa26cd9da5fa06a91 Mon Sep 17 00:00:00 2001 From: Paul Mundt Date: Wed, 12 Nov 2008 12:53:48 +0900 Subject: sh: Provide a sane valid_phys_addr_range() to prevent TLB reset with PMB. With the PMB enabled, only P1SEG and up are covered by the PMB mappings, meaning that situations where out-of-bounds physical addresses are read from will lead to TLB reset after the PMB miss, allowing for use cases like dd if=/dev/mem to reset the TLB. Fix this up to make sure the reference is between __MEMORY_START (phys) and __pa(high_memory). This is coherent across all variants of sh/sh64 with and without MMU, though the PMB bug itself is only applicable to SH-4A parts. Reported-by: Hideo Saito Signed-off-by: Paul Mundt --- arch/sh/include/asm/io.h | 4 ++++ arch/sh/mm/Makefile_32 | 2 +- arch/sh/mm/Makefile_64 | 2 +- arch/sh/mm/mmap.c | 31 +++++++++++++++++++++++++++++++ 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 arch/sh/mm/mmap.c (limited to 'arch') diff --git a/arch/sh/include/asm/io.h b/arch/sh/include/asm/io.h index 436c28539577..65eaae34e753 100644 --- a/arch/sh/include/asm/io.h +++ b/arch/sh/include/asm/io.h @@ -293,6 +293,10 @@ __ioremap_mode(unsigned long offset, unsigned long size, unsigned long flags) */ #define xlate_dev_kmem_ptr(p) p +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE +int valid_phys_addr_range(unsigned long addr, size_t size); +int valid_mmap_phys_addr_range(unsigned long pfn, size_t size); + #endif /* __KERNEL__ */ #endif /* __ASM_SH_IO_H */ diff --git a/arch/sh/mm/Makefile_32 b/arch/sh/mm/Makefile_32 index 70e0906023cc..f066e76da204 100644 --- a/arch/sh/mm/Makefile_32 +++ b/arch/sh/mm/Makefile_32 @@ -2,7 +2,7 @@ # Makefile for the Linux SuperH-specific parts of the memory manager. # -obj-y := init.o extable_32.o consistent.o +obj-y := init.o extable_32.o consistent.o mmap.o ifndef CONFIG_CACHE_OFF cache-$(CONFIG_CPU_SH2) := cache-sh2.o diff --git a/arch/sh/mm/Makefile_64 b/arch/sh/mm/Makefile_64 index 0d92a8a3ac9a..9481d0f54efd 100644 --- a/arch/sh/mm/Makefile_64 +++ b/arch/sh/mm/Makefile_64 @@ -2,7 +2,7 @@ # Makefile for the Linux SuperH-specific parts of the memory manager. # -obj-y := init.o consistent.o +obj-y := init.o consistent.o mmap.o mmu-y := tlb-nommu.o pg-nommu.o extable_32.o mmu-$(CONFIG_MMU) := fault_64.o ioremap_64.o tlbflush_64.o tlb-sh5.o \ diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c new file mode 100644 index 000000000000..1f3cc3d92d3d --- /dev/null +++ b/arch/sh/mm/mmap.c @@ -0,0 +1,31 @@ +/* + * arch/sh/mm/mmap.c + * + * Copyright (C) 2008 Paul Mundt + * + * This file is subject to the terms and conditions of the GNU General Public + * License. See the file "COPYING" in the main directory of this archive + * for more details. + */ +#include +#include +#include + +/* + * You really shouldn't be using read() or write() on /dev/mem. This + * might go away in the future. + */ +int valid_phys_addr_range(unsigned long addr, size_t count) +{ + if (addr < (PAGE_OFFSET + (PFN_START << PAGE_SHIFT))) + return 0; + if (addr + count > __pa(high_memory)) + return 0; + + return 1; +} + +int valid_mmap_phys_addr_range(unsigned long pfn, size_t size) +{ + return 1; +} -- cgit v1.2.3-55-g7522 From bfbedf787c6b77270679429caadb044b2d33c94c Mon Sep 17 00:00:00 2001 From: Magnus Damm Date: Thu, 13 Nov 2008 15:33:45 +0900 Subject: sh: early printk port type fix Add PORT_SCIF to unbreak the early printk code. Signed-off-by: Magnus Damm Signed-off-by: Paul Mundt --- arch/sh/kernel/early_printk.c | 1 + 1 file changed, 1 insertion(+) (limited to 'arch') diff --git a/arch/sh/kernel/early_printk.c b/arch/sh/kernel/early_printk.c index 6b7d166694e2..98a29a782301 100644 --- a/arch/sh/kernel/early_printk.c +++ b/arch/sh/kernel/early_printk.c @@ -75,6 +75,7 @@ static struct console bios_console = { #endif static struct uart_port scif_port = { + .type = PORT_SCIF, .mapbase = CONFIG_EARLY_SCIF_CONSOLE_PORT, .membase = (char __iomem *)CONFIG_EARLY_SCIF_CONSOLE_PORT, }; -- cgit v1.2.3-55-g7522 From 10840f034e2329150ce0e683e636ea13b268d333 Mon Sep 17 00:00:00 2001 From: Paul Mundt Date: Thu, 13 Nov 2008 15:38:02 +0900 Subject: sh: Don't factor in PAGE_OFFSET for valid_phys_addr_range() check. Signed-off-by: Paul Mundt --- arch/sh/mm/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch') diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c index 1f3cc3d92d3d..8837d511710a 100644 --- a/arch/sh/mm/mmap.c +++ b/arch/sh/mm/mmap.c @@ -17,7 +17,7 @@ */ int valid_phys_addr_range(unsigned long addr, size_t count) { - if (addr < (PAGE_OFFSET + (PFN_START << PAGE_SHIFT))) + if (addr < __MEMORY_START) return 0; if (addr + count > __pa(high_memory)) return 0; -- cgit v1.2.3-55-g7522 From 2cd0ebc83d771220eeddec91fd6d4cfefc2cc46e Mon Sep 17 00:00:00 2001 From: Francesco VIRLINZI Date: Wed, 15 Oct 2008 11:58:24 +0200 Subject: sh: Fixed the TMU0 reload value on resume This patch fixes the TMU0 interrupt frequency on suspend/resume. During the resume the kernel reprograms the TMU0.ClockEvent mode but if the mode is periodic than the TMU0.TCOR is updated with a random wrong value without taking care latest valid saved value. There was no problem with No_HZ system where TMU0.TCOR isn't used. Signed-off-by: Francesco M. Virlinzi Signed-off-by: Stuart Menefy Signed-off-by: Paul Mundt --- arch/sh/kernel/timers/timer-tmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch') diff --git a/arch/sh/kernel/timers/timer-tmu.c b/arch/sh/kernel/timers/timer-tmu.c index aaaf90d06b85..3c61ddd4d43e 100644 --- a/arch/sh/kernel/timers/timer-tmu.c +++ b/arch/sh/kernel/timers/timer-tmu.c @@ -120,7 +120,7 @@ static void tmu_set_mode(enum clock_event_mode mode, { switch (mode) { case CLOCK_EVT_MODE_PERIODIC: - ctrl_outl(ctrl_inl(TMU0_TCNT), TMU0_TCOR); + ctrl_outl(tmu_latest_interval[TMU0], TMU0_TCOR); break; case CLOCK_EVT_MODE_ONESHOT: ctrl_outl(0, TMU0_TCOR); -- cgit v1.2.3-55-g7522 From 5d52013cbb3d39bde9f5a6023193058eeb112e98 Mon Sep 17 00:00:00 2001 From: Stuart MENEFY Date: Fri, 10 Oct 2008 19:49:30 +0100 Subject: sh: __copy_user function can corrupt the stack in case of exception The __copy_user function can corrupt the stack in the case of a non-trivial length of data, and either of the first two move instructions cause an exception. This is because the fixup for these two instructions is mapped to the no_pop case, but these instructions execute after the stack is pushed. This change creates an explicit NO_POP exception mapping macro, and uses it for the two instructions executed in the trivial case where no stack pushes occur. More information at ST Linux bugzilla: https://bugzilla.stlinux.com/show_bug.cgi?id=4824 Signed-off-by: Dylan Reid Signed-off-by: Stuart Menefy Signed-off-by: Paul Mundt --- arch/sh/lib/copy_page.S | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'arch') diff --git a/arch/sh/lib/copy_page.S b/arch/sh/lib/copy_page.S index 5d12e657be34..43de7e8e4e17 100644 --- a/arch/sh/lib/copy_page.S +++ b/arch/sh/lib/copy_page.S @@ -80,6 +80,11 @@ ENTRY(copy_page) .section __ex_table, "a"; \ .long 9999b, 6000f ; \ .previous +#define EX_NO_POP(...) \ + 9999: __VA_ARGS__ ; \ + .section __ex_table, "a"; \ + .long 9999b, 6005f ; \ + .previous ENTRY(__copy_user) ! Check if small number of bytes mov #11,r0 @@ -139,9 +144,9 @@ EX( mov.b r1,@r4 ) bt 1f 2: -EX( mov.b @r5+,r0 ) +EX_NO_POP( mov.b @r5+,r0 ) dt r6 -EX( mov.b r0,@r4 ) +EX_NO_POP( mov.b r0,@r4 ) bf/s 2b add #1,r4 @@ -150,7 +155,7 @@ EX( mov.b r0,@r4 ) # Exception handler: .section .fixup, "ax" -6000: +6005: mov.l 8000f,r1 mov r3,r0 jmp @r1 -- cgit v1.2.3-55-g7522 From 272966c070237c8cb540fe67e06df51bc6ea9cc2 Mon Sep 17 00:00:00 2001 From: Paul Mundt Date: Thu, 13 Nov 2008 17:46:06 +0900 Subject: serial: sh-sci: Reorder the SCxTDR write after the TDxE clear. Under qemu there is a race between the TDxE read-and-clear and the SCxTDR write. While on hardware it can be gauranteed that the read-and-clear will happen prior to the character being written out, no such assumption can be made under emulation. As this path happens with IRQs off and the hardware itself doesn't care about the ordering, move the SCxTDR write until after the read-and-clear. Signed-off-by: Vladimir Prus Signed-off-by: Paul Mundt --- arch/sh/kernel/early_printk.c | 2 +- drivers/serial/sh-sci.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'arch') diff --git a/arch/sh/kernel/early_printk.c b/arch/sh/kernel/early_printk.c index 98a29a782301..a952dcf9999d 100644 --- a/arch/sh/kernel/early_printk.c +++ b/arch/sh/kernel/early_printk.c @@ -85,9 +85,9 @@ static void scif_sercon_putc(int c) while (((sci_in(&scif_port, SCFDR) & EPK_FIFO_BITS) >= EPK_FIFO_SIZE)) ; - sci_out(&scif_port, SCxTDR, c); sci_in(&scif_port, SCxSR); sci_out(&scif_port, SCxSR, 0xf3 & ~(0x20 | 0x40)); + sci_out(&scif_port, SCxTDR, c); while ((sci_in(&scif_port, SCxSR) & 0x40) == 0) ; diff --git a/drivers/serial/sh-sci.c b/drivers/serial/sh-sci.c index 518c0321e4d3..165fc010978c 100644 --- a/drivers/serial/sh-sci.c +++ b/drivers/serial/sh-sci.c @@ -144,9 +144,9 @@ static void put_char(struct uart_port *port, char c) status = sci_in(port, SCxSR); } while (!(status & SCxSR_TDxE(port))); - sci_out(port, SCxTDR, c); sci_in(port, SCxSR); /* Dummy read */ sci_out(port, SCxSR, SCxSR_TDxE_CLEAR(port)); + sci_out(port, SCxTDR, c); spin_unlock_irqrestore(&port->lock, flags); } -- cgit v1.2.3-55-g7522