Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 7ce236fcd6fd45b0441a2d49acb2ceb2de2e8a47^! / . / arch
commit7ce236fcd6fd45b0441a2d49acb2ceb2de2e8a47[log] [tgz]
authorCatalin Marinas <catalin.marinas@arm.com>Thu Apr 30 17:06:09 2009 +0100
committerRussell King <rmk+kernel@arm.linux.org.uk>Thu Apr 30 20:12:50 2009 +0100
tree1f092413fbe0c91350e7861638dec7bb475c8435
parent9cba3ccc8fe77b67aff2db8f5827d7cb752ce11f [diff]
[ARM] 5487/1: ARM errata: Stale prediction on replaced interworking branch

This patch adds the workaround for the 430973 Cortex-A8 (r1p0..r1p2)
erratum. The BTAC/BTB is now flushed at every context switch.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index e28a76bd..84e4816 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig

@@ -749,6 +749,22 @@
 	  It does not affect the MPCore. This option enables the ARM Ltd.
 	  recommended workaround.
 
+config ARM_ERRATA_430973
+	bool "ARM errata: Stale prediction on replaced interworking branch"
+	depends on CPU_V7
+	help
+	  This option enables the workaround for the 430973 Cortex-A8
+	  (r1p0..r1p2) erratum. If a code sequence containing an ARM/Thumb
+	  interworking branch is replaced with another code sequence at the
+	  same virtual address, whether due to self-modifying code or virtual
+	  to physical address re-mapping, Cortex-A8 does not recover from the
+	  stale interworking branch prediction. This results in Cortex-A8
+	  executing the new code sequence in the incorrect ARM or Thumb state.
+	  The workaround enables the BTB/BTAC operations by setting ACTLR.IBE
+	  and also flushes the branch target cache at every context switch.
+	  Note that setting specific bits in the ACTLR register may not be
+	  available in non-secure mode.
+
 endmenu
 
 source "arch/arm/common/Kconfig"

diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
index d1ebec4..fc81159 100644
--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S

@@ -95,6 +95,9 @@
 	mov	r2, #0
 	ldr	r1, [r1, #MM_CONTEXT_ID]	@ get mm->context.id
 	orr	r0, r0, #TTB_FLAGS
+#ifdef CONFIG_ARM_ERRATA_430973
+	mcr	p15, 0, r2, c7, c5, 6		@ flush BTAC/BTB
+#endif
 	mcr	p15, 0, r2, c13, c0, 1		@ set reserved context ID
 	isb
 1:	mcr	p15, 0, r0, c2, c0, 0		@ set TTB 0
@@ -180,6 +183,11 @@
 	stmia	r12, {r0-r5, r7, r9, r11, lr}
 	bl	v7_flush_dcache_all
 	ldmia	r12, {r0-r5, r7, r9, r11, lr}
+#ifdef CONFIG_ARM_ERRATA_430973
+	mrc	p15, 0, r10, c1, c0, 1		@ read aux control register
+	orr	r10, r10, #(1 << 6)		@ set IBE to 1
+	mcr	p15, 0, r10, c1, c0, 1		@ write aux control register
+#endif
 	mov	r10, #0
 #ifdef HARVARD_CACHE
 	mcr	p15, 0, r10, c7, c5, 0		@ I+BTB cache invalidate