There is no hazard barrier between writes to c0_context and subsequent read accesses. This is a fairly theoretical hole as c0_context is only written on CPU bootup and other, unrelated code will almost certainly execute a hazard barrier somewhen between the write and read access. Even if not, the window is probably in the thousands of cycles so likely too large to actually consistute a pipeline hazard. Reported and initial patch by Chris Dearman <chris@xxxxxxxx>. Signed-off-by: Ralf Baechle <ralf@xxxxxxxxxxxxxx> arch/mips/include/asm/mmu_context.h | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h index ed331c2..6083db5 100644 --- a/arch/mips/include/asm/mmu_context.h +++ b/arch/mips/include/asm/mmu_context.h @@ -16,6 +16,7 @@ #include <linux/smp.h> #include <linux/slab.h> #include <asm/cacheflush.h> +#include <asm/hazards.h> #include <asm/tlbflush.h> #ifdef CONFIG_MIPS_MT_SMTC #include <asm/mipsmtregs.h> @@ -36,11 +37,13 @@ extern unsigned long pgd_current[]; #ifdef CONFIG_32BIT #define TLBMISS_HANDLER_SETUP() \ write_c0_context((unsigned long) smp_processor_id() << 25); \ + back_to_back_c0_hazard(); \ TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir) #endif #ifdef CONFIG_64BIT #define TLBMISS_HANDLER_SETUP() \ write_c0_context((unsigned long) smp_processor_id() << 26); \ + back_to_back_c0_hazard(); \ TLBMISS_HANDLER_SETUP_PGD(swapper_pg_dir) #endif
