From 9e3f544d792fd2ff7e31ca4a72e5194f1491ed14 Mon Sep 17 00:00:00 2001 From: Haavard Skinnemoen Date: Wed, 20 Aug 2008 15:46:24 +0200 Subject: [PATCH 1/2] avr32: Fix lockup after Java stack underflow in user mode When using the Java Extension Module hardware, a Java stack underflow or overflow trap may cause the system to enter an infinite exception loop. Although there's no kernel support for the Java hardware yet, we need to be able to recover from this situation and keep the system running. This patch adds code to detect and fixup this situation in the critical exception handler and terminate the faulting process. We may have to rethink how to handle this more gracefully when the necessary kernel support for hardware-accelerated Java is added. Reported-by: Guennadi Liakhovetski Signed-off-by: Haavard Skinnemoen --- arch/avr32/kernel/asm-offsets.c | 6 ++++ arch/avr32/kernel/entry-avr32b.S | 59 ++++++++++++++++++++++++++++++-- 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/arch/avr32/kernel/asm-offsets.c b/arch/avr32/kernel/asm-offsets.c index e4796c67a831..d6a8193a1d2f 100644 --- a/arch/avr32/kernel/asm-offsets.c +++ b/arch/avr32/kernel/asm-offsets.c @@ -4,6 +4,8 @@ * to extract and format the required data. */ +#include +#include #include #include @@ -17,4 +19,8 @@ void foo(void) OFFSET(TI_rar_saved, thread_info, rar_saved); OFFSET(TI_rsr_saved, thread_info, rsr_saved); OFFSET(TI_restart_block, thread_info, restart_block); + BLANK(); + OFFSET(TSK_active_mm, task_struct, active_mm); + BLANK(); + OFFSET(MM_pgd, mm_struct, pgd); } diff --git a/arch/avr32/kernel/entry-avr32b.S b/arch/avr32/kernel/entry-avr32b.S index 2b398cae110c..33d49377b8be 100644 --- a/arch/avr32/kernel/entry-avr32b.S +++ b/arch/avr32/kernel/entry-avr32b.S @@ -334,9 +334,64 @@ save_full_context_ex: /* Low-level exception handlers */ handle_critical: + /* + * AT32AP700x errata: + * + * After a Java stack overflow or underflow trap, any CPU + * memory access may cause erratic behavior. This will happen + * when the four least significant bits of the JOSP system + * register contains any value between 9 and 15 (inclusive). + * + * Possible workarounds: + * - Don't use the Java Extension Module + * - Ensure that the stack overflow and underflow trap + * handlers do not do any memory access or trigger any + * exceptions before the overflow/underflow condition is + * cleared (by incrementing or decrementing the JOSP) + * - Make sure that JOSP does not contain any problematic + * value before doing any exception or interrupt + * processing. + * - Set up a critical exception handler which writes a + * known-to-be-safe value, e.g. 4, to JOSP before doing + * any further processing. + * + * We'll use the last workaround for now since we cannot + * guarantee that user space processes don't use Java mode. + * Non-well-behaving userland will be terminated with extreme + * prejudice. + */ +#ifdef CONFIG_CPU_AT32AP700X + /* + * There's a chance we can't touch memory, so temporarily + * borrow PTBR to save the stack pointer while we fix things + * up... + */ + mtsr SYSREG_PTBR, sp + mov sp, 4 + mtsr SYSREG_JOSP, sp + mfsr sp, SYSREG_PTBR + sub pc, -2 + + /* Push most of pt_regs on stack. We'll do the rest later */ sub sp, 4 - stmts --sp, r0-lr - rcall save_full_context_ex + pushm r0-r12 + + /* PTBR mirrors current_thread_info()->task->active_mm->pgd */ + get_thread_info r0 + ld.w r1, r0[TI_task] + ld.w r2, r1[TSK_active_mm] + ld.w r3, r2[MM_pgd] + mtsr SYSREG_PTBR, r3 +#else + sub sp, 4 + pushm r0-r12 +#endif + sub r0, sp, -(14 * 4) + mov r1, lr + mfsr r2, SYSREG_RAR_EX + mfsr r3, SYSREG_RSR_EX + pushm r0-r3 + mfsr r12, SYSREG_ECR mov r11, sp rcall do_critical_exception From 84c4f2f21a8e6e6d4bdfff95bf5ddc7925df4e01 Mon Sep 17 00:00:00 2001 From: Humphrey Bucknell Date: Fri, 29 Aug 2008 16:27:00 +0100 Subject: [PATCH 2/2] avr32: pm_standby low-power ram bug fix The value stored into the SDRAMC LPR register should be the current value of the register with the Self-refresh value set in the lower bit field. The bug involved only the Self-refresh value being written to the register, thus over writing any low-power ram settings. Signed-off-by: Humphrey Bucknell Signed-off-by: Haavard Skinnemoen --- arch/avr32/mach-at32ap/pm-at32ap700x.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/avr32/mach-at32ap/pm-at32ap700x.S b/arch/avr32/mach-at32ap/pm-at32ap700x.S index 5be4de65b209..17503b0ed6c9 100644 --- a/arch/avr32/mach-at32ap/pm-at32ap700x.S +++ b/arch/avr32/mach-at32ap/pm-at32ap700x.S @@ -134,7 +134,7 @@ pm_standby: mov r11, SDRAMC_LPR_LPCB_SELF_RFR bfins r10, r11, 0, 2 /* LPCB <- self Refresh */ sync 0 /* flush write buffer */ - st.w r12[SDRAMC_LPR], r11 /* put SDRAM in self-refresh mode */ + st.w r12[SDRAMC_LPR], r10 /* put SDRAM in self-refresh mode */ ld.w r11, r12[SDRAMC_LPR] unmask_interrupts sleep CPU_SLEEP_FROZEN