86f40622af
When enable LPAE and big-endian in a hisilicon board, while specify mem=384M mem=512M@7680M, will get bad page state: Freeing unused kernel memory: 180K (c0466000 - c0493000) BUG: Bad page state in process init pfn:fa442 page:c7749840 count:0 mapcount:-1 mapping: (null) index:0x0 page flags: 0x40000400(reserved) Modules linked in: CPU: 0 PID: 1 Comm: init Not tainted 3.10.27+ #66 [<c000f5f0>] (unwind_backtrace+0x0/0x11c) from [<c000cbc4>] (show_stack+0x10/0x14) [<c000cbc4>] (show_stack+0x10/0x14) from [<c009e448>] (bad_page+0xd4/0x104) [<c009e448>] (bad_page+0xd4/0x104) from [<c009e520>] (free_pages_prepare+0xa8/0x14c) [<c009e520>] (free_pages_prepare+0xa8/0x14c) from [<c009f8ec>] (free_hot_cold_page+0x18/0xf0) [<c009f8ec>] (free_hot_cold_page+0x18/0xf0) from [<c00b5444>] (handle_pte_fault+0xcf4/0xdc8) [<c00b5444>] (handle_pte_fault+0xcf4/0xdc8) from [<c00b6458>] (handle_mm_fault+0xf4/0x120) [<c00b6458>] (handle_mm_fault+0xf4/0x120) from [<c0013754>] (do_page_fault+0xfc/0x354) [<c0013754>] (do_page_fault+0xfc/0x354) from [<c0008400>] (do_DataAbort+0x2c/0x90) [<c0008400>] (do_DataAbort+0x2c/0x90) from [<c0008fb4>] (__dabt_usr+0x34/0x40) The bad pfn:fa442 is not system memory(mem=384M mem=512M@7680M), after debugging, I find in page fault handler, will get wrong pfn from pte just after set pte, as follow: do_anonymous_page() { ... set_pte_at(mm, address, page_table, entry); //debug code pfn = pte_pfn(entry); pr_info("pfn:0x%lx, pte:0x%llxn", pfn, pte_val(entry)); //read out the pte just set new_pte = pte_offset_map(pmd, address); new_pfn = pte_pfn(*new_pte); pr_info("new pfn:0x%lx, new pte:0x%llxn", pfn, pte_val(entry)); ... } pfn: 0x1fa4f5, pte:0xc00001fa4f575f new_pfn:0xfa4f5, new_pte:0xc00000fa4f5f5f //new pfn/pte is wrong. The bug is happened in cpu_v7_set_pte_ext(ptep, pte): An LPAE PTE is a 64bit quantity, passed to cpu_v7_set_pte_ext in the r2 and r3 registers. On an LE kernel, r2 contains the LSB of the PTE, and r3 the MSB. On a BE kernel, the assignment is reversed. Unfortunately, the current code always assumes the LE case, leading to corruption of the PTE when clearing/setting bits. This patch fixes this issue much like it has been done already in the cpu_v7_switch_mm case. CC stable <stable@vger.kernel.org> Signed-off-by: Jianguo Wu <wujianguo@huawei.com> Acked-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
161 lines
4.6 KiB
ArmAsm
161 lines
4.6 KiB
ArmAsm
/*
|
|
* arch/arm/mm/proc-v7-3level.S
|
|
*
|
|
* Copyright (C) 2001 Deep Blue Solutions Ltd.
|
|
* Copyright (C) 2011 ARM Ltd.
|
|
* Author: Catalin Marinas <catalin.marinas@arm.com>
|
|
* based on arch/arm/mm/proc-v7-2level.S
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
|
|
#define TTB_IRGN_NC (0 << 8)
|
|
#define TTB_IRGN_WBWA (1 << 8)
|
|
#define TTB_IRGN_WT (2 << 8)
|
|
#define TTB_IRGN_WB (3 << 8)
|
|
#define TTB_RGN_NC (0 << 10)
|
|
#define TTB_RGN_OC_WBWA (1 << 10)
|
|
#define TTB_RGN_OC_WT (2 << 10)
|
|
#define TTB_RGN_OC_WB (3 << 10)
|
|
#define TTB_S (3 << 12)
|
|
#define TTB_EAE (1 << 31)
|
|
|
|
/* PTWs cacheable, inner WB not shareable, outer WB not shareable */
|
|
#define TTB_FLAGS_UP (TTB_IRGN_WB|TTB_RGN_OC_WB)
|
|
#define PMD_FLAGS_UP (PMD_SECT_WB)
|
|
|
|
/* PTWs cacheable, inner WBWA shareable, outer WBWA not shareable */
|
|
#define TTB_FLAGS_SMP (TTB_IRGN_WBWA|TTB_S|TTB_RGN_OC_WBWA)
|
|
#define PMD_FLAGS_SMP (PMD_SECT_WBWA|PMD_SECT_S)
|
|
|
|
#ifndef __ARMEB__
|
|
# define rpgdl r0
|
|
# define rpgdh r1
|
|
#else
|
|
# define rpgdl r1
|
|
# define rpgdh r0
|
|
#endif
|
|
|
|
/*
|
|
* cpu_v7_switch_mm(pgd_phys, tsk)
|
|
*
|
|
* Set the translation table base pointer to be pgd_phys (physical address of
|
|
* the new TTB).
|
|
*/
|
|
ENTRY(cpu_v7_switch_mm)
|
|
#ifdef CONFIG_MMU
|
|
mmid r2, r2
|
|
asid r2, r2
|
|
orr rpgdh, rpgdh, r2, lsl #(48 - 32) @ upper 32-bits of pgd
|
|
mcrr p15, 0, rpgdl, rpgdh, c2 @ set TTB 0
|
|
isb
|
|
#endif
|
|
mov pc, lr
|
|
ENDPROC(cpu_v7_switch_mm)
|
|
|
|
#ifdef __ARMEB__
|
|
#define rl r3
|
|
#define rh r2
|
|
#else
|
|
#define rl r2
|
|
#define rh r3
|
|
#endif
|
|
|
|
/*
|
|
* cpu_v7_set_pte_ext(ptep, pte)
|
|
*
|
|
* Set a level 2 translation table entry.
|
|
* - ptep - pointer to level 3 translation table entry
|
|
* - pte - PTE value to store (64-bit in r2 and r3)
|
|
*/
|
|
ENTRY(cpu_v7_set_pte_ext)
|
|
#ifdef CONFIG_MMU
|
|
tst rl, #L_PTE_VALID
|
|
beq 1f
|
|
tst rh, #1 << (57 - 32) @ L_PTE_NONE
|
|
bicne rl, #L_PTE_VALID
|
|
bne 1f
|
|
tst rh, #1 << (55 - 32) @ L_PTE_DIRTY
|
|
orreq rl, #L_PTE_RDONLY
|
|
1: strd r2, r3, [r0]
|
|
ALT_SMP(W(nop))
|
|
ALT_UP (mcr p15, 0, r0, c7, c10, 1) @ flush_pte
|
|
#endif
|
|
mov pc, lr
|
|
ENDPROC(cpu_v7_set_pte_ext)
|
|
|
|
/*
|
|
* Memory region attributes for LPAE (defined in pgtable-3level.h):
|
|
*
|
|
* n = AttrIndx[2:0]
|
|
*
|
|
* n MAIR
|
|
* UNCACHED 000 00000000
|
|
* BUFFERABLE 001 01000100
|
|
* DEV_WC 001 01000100
|
|
* WRITETHROUGH 010 10101010
|
|
* WRITEBACK 011 11101110
|
|
* DEV_CACHED 011 11101110
|
|
* DEV_SHARED 100 00000100
|
|
* DEV_NONSHARED 100 00000100
|
|
* unused 101
|
|
* unused 110
|
|
* WRITEALLOC 111 11111111
|
|
*/
|
|
.equ PRRR, 0xeeaa4400 @ MAIR0
|
|
.equ NMRR, 0xff000004 @ MAIR1
|
|
|
|
/*
|
|
* Macro for setting up the TTBRx and TTBCR registers.
|
|
* - \ttbr1 updated.
|
|
*/
|
|
.macro v7_ttb_setup, zero, ttbr0, ttbr1, tmp
|
|
ldr \tmp, =swapper_pg_dir @ swapper_pg_dir virtual address
|
|
mov \tmp, \tmp, lsr #ARCH_PGD_SHIFT
|
|
cmp \ttbr1, \tmp @ PHYS_OFFSET > PAGE_OFFSET?
|
|
mrc p15, 0, \tmp, c2, c0, 2 @ TTB control register
|
|
orr \tmp, \tmp, #TTB_EAE
|
|
ALT_SMP(orr \tmp, \tmp, #TTB_FLAGS_SMP)
|
|
ALT_UP(orr \tmp, \tmp, #TTB_FLAGS_UP)
|
|
ALT_SMP(orr \tmp, \tmp, #TTB_FLAGS_SMP << 16)
|
|
ALT_UP(orr \tmp, \tmp, #TTB_FLAGS_UP << 16)
|
|
/*
|
|
* Only use split TTBRs if PHYS_OFFSET <= PAGE_OFFSET (cmp above),
|
|
* otherwise booting secondary CPUs would end up using TTBR1 for the
|
|
* identity mapping set up in TTBR0.
|
|
*/
|
|
orrls \tmp, \tmp, #TTBR1_SIZE @ TTBCR.T1SZ
|
|
mcr p15, 0, \tmp, c2, c0, 2 @ TTBCR
|
|
mov \tmp, \ttbr1, lsr #(32 - ARCH_PGD_SHIFT) @ upper bits
|
|
mov \ttbr1, \ttbr1, lsl #ARCH_PGD_SHIFT @ lower bits
|
|
addls \ttbr1, \ttbr1, #TTBR1_OFFSET
|
|
mcrr p15, 1, \ttbr1, \zero, c2 @ load TTBR1
|
|
mov \tmp, \ttbr0, lsr #(32 - ARCH_PGD_SHIFT) @ upper bits
|
|
mov \ttbr0, \ttbr0, lsl #ARCH_PGD_SHIFT @ lower bits
|
|
mcrr p15, 0, \ttbr0, \zero, c2 @ load TTBR0
|
|
mcrr p15, 1, \ttbr1, \zero, c2 @ load TTBR1
|
|
mcrr p15, 0, \ttbr0, \zero, c2 @ load TTBR0
|
|
.endm
|
|
|
|
/*
|
|
* AT
|
|
* TFR EV X F IHD LR S
|
|
* .EEE ..EE PUI. .TAT 4RVI ZWRS BLDP WCAM
|
|
* rxxx rrxx xxx0 0101 xxxx xxxx x111 xxxx < forced
|
|
* 11 0 110 1 0011 1100 .111 1101 < we want
|
|
*/
|
|
.align 2
|
|
.type v7_crval, #object
|
|
v7_crval:
|
|
crval clear=0x0120c302, mmuset=0x30c23c7d, ucset=0x00c01c7c
|