On Thu, 25 Apr 2024, Michael Schmitz wrote:
I've just tested this on a Motorola 68040 and I got an oops in
__generic_copy_to_user(). It appears that we need more entries in the
exception table. (I also tested in QEMU and it did not oops.)
I'm a bit puzzled about the location of the fault.
The values of faddr and a0 from the exception frame indicate that the
transfer leading up to the fault was a longword transfer. Both ssw and
wbs2 suggest the same. Yet we don't take the fault on the longword
moves, but apparently on the word moves right after.
That can't be right either - d1 is 1 so the word moves would have been
skipped. It appears that we only take the movesl fault the next time any
bus cycle is initiated on 040 (the moveb at 0x46454c).
Seems so.
That's different from how the 030 faulted in the same situation. I
expect we'll have to add exception table entries on the movew and moveb
instructions, too. I'll do that next.
This oops indicates that we are going to need the final NOP that was
in the first version of your patch. My test program seems inadequate
to show that it is safe to omit that NOP -- we would need a test which
doesn't jump over the MOVES.B.
We'd need a test using any number of longword moves expected to succeed,
followed by a byte move which is expected to fault. The current test
would attempt to do a byte move, but faults during the longword moves.
This requires running the test program in a directory whose absolute
path is a multiple of four characters long, and setting the start
address for the getcwd test accordingly, so the newline at the end of
the string is the single byte left to copy. Does that make sense?
Yes (I take it you meant NUL instead of LF). But my concern was that the
test program passes a pointer like 0xc0029000 - 1. That means the final
byte will land on a word that already faulted. I'll need to add a new test
that passes a pointer like 0xc0029000 - 5.
Incidentally - what is the path this tests is run in? Any path longer
than five characters (including the newline) would have to had looped
back to the first movel, and faulted there?
It was /tmp.
As you said before - we'd need to know a lot more about
microarchitectural details here.
It's hard to be certain. We just have to experiment until we find
something that works on the CPUs we can test.
