Fix bug in mips3_proc_trampoline: SR wasn't disabled on entry, allowing an
interrupt to sneak in after EXL had been set; the interrupt EPC was stale as PC isn't saved if EXL is set, causing the eret to return to the wrong place and leading to kernel-mode TLB misses on user addresses. The bug was discovered by the japanese NetBSD/*mips folks and the same fix was found independently by shinohara-san (shin@netbsd.org).
This commit is contained in:
rafal
parent
d2cede024b
commit
e9ad38e77d
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: locore_mips3.S,v 1.69 2001/06/11 23:52:39 thorpej Exp $ */
|
/* $NetBSD: locore_mips3.S,v 1.70 2001/07/24 23:13:33 rafal Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 Jonathan Stone (hereinafter referred to as the author)
|
* Copyright (c) 1997 Jonathan Stone (hereinafter referred to as the author)
|
||||||
@ -2127,6 +2127,16 @@ LEAF(mips3_proc_trampoline)
|
|||||||
jal ra, s0
|
jal ra, s0
|
||||||
move a0, s1
|
move a0, s1
|
||||||
.set noat
|
.set noat
|
||||||
|
#
|
||||||
|
# Make sure to disable interrupts here, as otherwise
|
||||||
|
# we can take an interrupt *after* EXL is set, and
|
||||||
|
# end up returning to a bogus PC since the PC is not
|
||||||
|
# saved if EXL=1.
|
||||||
|
#
|
||||||
|
mtc0 zero, MIPS_COP_0_STATUS # disable int
|
||||||
|
nop # 3 op delay
|
||||||
|
nop
|
||||||
|
nop
|
||||||
li a0, MIPS_SR_EXL # set exception level
|
li a0, MIPS_SR_EXL # set exception level
|
||||||
mtc0 a0, MIPS_COP_0_STATUS
|
mtc0 a0, MIPS_COP_0_STATUS
|
||||||
nop
|
nop
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user