diff options
author | David S. Miller <davem@davemloft.net> | 2016-07-27 17:50:26 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-07-27 17:50:26 -0700 |
commit | 4f6deb8cbab532a8d7250bc09234c1795ecb5e2c (patch) | |
tree | 96a786e93f7da67cec53197cd148da61789b5ea4 /arch/sparc/kernel/dtlb_prot.S | |
parent | 8448cefe499a45222430ebbcabcd9e26369895c3 (diff) |
sparc: Don't leak context bits into thread->fault_address
On pre-Niagara systems, we fetch the fault address on data TLB
exceptions from the TLB_TAG_ACCESS register. But this register also
contains the context ID assosciated with the fault in the low 13 bits
of the register value.
This propagates into current_thread_info()->fault_address and can
cause trouble later on.
So clear the low 13-bits out of the TLB_TAG_ACCESS value in the cases
where it matters.
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc/kernel/dtlb_prot.S')
-rw-r--r-- | arch/sparc/kernel/dtlb_prot.S | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S index d668ca149e64..4087a62f96b0 100644 --- a/arch/sparc/kernel/dtlb_prot.S +++ b/arch/sparc/kernel/dtlb_prot.S @@ -25,13 +25,13 @@ /* PROT ** ICACHE line 2: More real fault processing */ ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5 + srlx %g5, PAGE_SHIFT, %g5 + sllx %g5, PAGE_SHIFT, %g5 ! Clear context ID bits bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4 ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault nop nop - nop - nop /* PROT ** ICACHE line 3: Unused... */ nop |