On Tue, Nov 05, 2002 at 02:45:47PM +0100, Carsten Langgaard wrote:
> The problem is the prefetches in the memcpy function in the kernel.
> There is spread a number of PREF instructions in the memcpy function,
> but there is no check if we are prefetching out-side the areas we are
> copying to/from. This is extremely dangerous because we might prefetch
> out-side the physical memory area, causing e.g. a bus error or something
> even more nasty.
> I recently found something even nastier, it could also hit a DMA buffer
> region, and thereby break the PCI DMA flushing scheme.
> For example if the kernel is doing a memcpy from an area that's next to
> a DMA buffer area, we could end up in a situation where, we are
> data into the cache from a memory location that is used for DMA transfer
> and owned by the device, but the DMA transfer has not yet completed.
> We then end up in a situation, where the memory and cache is out of sync
> and the cache is containing some old data.
> So we definitely need to do something about the prefetches in the memcpy
> function. We can either get rid of all the prefetches or make sure we
> don't prefetch out side the "memcpy" area.
We could fix the prefetch into DMA buffer problem with an extra flush but
that's going to be expensive, I rather think we should avoid prefetches.
As Kevin explained KSEG1 is a loophole in the spec so we can't really say
what the behaviour of memcpy will be in KSEG1.
So I think the fix will have to be:
- Avoid prefetching beyond the end of the copy area in memcpy and memmove.
- Introduce a second variant of memcpy that never does prefetching. This
one will be safe to use in KSEG1 / uncached XKPHYS also and will be used
for memcpy_fromio, memcpy_toio and friends.