From owner-svn-src-head@FreeBSD.ORG Mon Oct 13 18:42:25 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8393106568B; Mon, 13 Oct 2008 18:42:25 +0000 (UTC) (envelope-from raj@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A6F498FC26; Mon, 13 Oct 2008 18:42:25 +0000 (UTC) (envelope-from raj@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id m9DIgPVn083454; Mon, 13 Oct 2008 18:42:25 GMT (envelope-from raj@svn.freebsd.org) Received: (from raj@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id m9DIgPkp083453; Mon, 13 Oct 2008 18:42:25 GMT (envelope-from raj@svn.freebsd.org) Message-Id: <200810131842.m9DIgPkp083453@svn.freebsd.org> From: Rafal Jaworowski Date: Mon, 13 Oct 2008 18:42:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r183836 - head/sys/arm/arm X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2008 18:42:25 -0000 Author: raj Date: Mon Oct 13 18:42:25 2008 New Revision: 183836 URL: http://svn.freebsd.org/changeset/base/183836 Log: Do not use cached page for temporary mapping in pmap_zero_page_generic() The physical page which we clear is accessed via additional temp kernel mapping for the period of zeroing operation. However in systems with virtual d-cache (most ARMs) when write-allocate feature is enabled, we can have modified but unflushed content pertaining to this physical page still in the d-cache due to its primary (pre-existing) mapping. In such scenario that cached content upon flush is likely to overwrite [portions of] the physical page we want to zero here.. This is a general problem with multiple virtual mappings covering the same physical page with write-allocate and virtual d-cache: there is inherent potential for corruptions of this kind, which are not easily resolved; it is best policy that such multiple mappings be not allowed. Obtained from: Marvell, Semihalf Modified: head/sys/arm/arm/pmap.c Modified: head/sys/arm/arm/pmap.c ============================================================================== --- head/sys/arm/arm/pmap.c Mon Oct 13 18:16:54 2008 (r183835) +++ head/sys/arm/arm/pmap.c Mon Oct 13 18:42:25 2008 (r183836) @@ -3850,21 +3850,19 @@ pmap_zero_page_generic(vm_paddr_t phys, mtx_lock(&cmtx); /* - * Hook in the page, zero it, and purge the cache for that - * zeroed page. Invalidate the TLB as needed. + * Hook in the page, zero it, invalidate the TLB as needed. + * + * Note the temporary zero-page mapping must be a non-cached page in + * ordert to work without corruption when write-allocate is enabled. */ - *cdst_pte = L2_S_PROTO | phys | - L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE) | pte_l2_s_cache_mode; - PTE_SYNC(cdst_pte); + *cdst_pte = L2_S_PROTO | phys | L2_S_PROT(PTE_KERNEL, VM_PROT_WRITE); cpu_tlb_flushD_SE(cdstp); cpu_cpwait(); - if (off || size != PAGE_SIZE) { + if (off || size != PAGE_SIZE) bzero((void *)(cdstp + off), size); - cpu_dcache_wbinv_range(cdstp + off, size); - } else { + else bzero_page(cdstp); - cpu_dcache_wbinv_range(cdstp, PAGE_SIZE); - } + mtx_unlock(&cmtx); #endif }