On Thu, 2008-08-14 at 07:11 -0600, Rocky Craig wrote:
> From: Rocky Craig <[EMAIL PROTECTED]>
>
> The apparent intent of "flush_tlbs" is to invalidate TLB entries that
> might match in the address range 0 to 0x00400000. A loop counter is
> set up at the high value and decremented by page size. However, the
> loop is only done once as the sense of the conditional branch at the
> loop end does not match the setup/decrement.
>
> Signed-off-by: Rocky Craig <[EMAIL PROTECTED]>
> ---
>
> Source is from 2.6.27 development, but the bug appears as far back as 2.4.0.
> The small user-space program below demonstrates the loop behavior. It was
> compiled via crosstool gcc 3.4.5 / glibc 2.3.6 for an MPC8347 target.
Heh nice, that's a bug as old as the port I would say :-)
Ben.
> int main()
> {
> long endval; // 16(r31)
>
> __asm__ __volatile__(
> " lis 10,0x40\n"
> "1: addic. 10,10,-0x1000\n"
> " bgt 1b\n"
> " stw 10,16(31)\n"); // endval
>
> printf("end value = 0x%08lx\n", endval);
> }
>
> This might win the prize for "Smallest actual code patch ever".
>
> --- a/arch/powerpc/kernel/head_32.S.orig 2008-07-24 19:25:09.000000000
> -0600
> +++ a/arch/powerpc/kernel/head_32.S 2008-07-24 19:25:22.000000000 -0600
> @@ -1155,7 +1155,7 @@ flush_tlbs:
> lis r10, 0x40
> 1: addic. r10, r10, -0x1000
> tlbie r10
> - blt 1b
> + bgt 1b
> sync
> blr
>
>
>
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev
