Re: [PATCH] ppc32 copy_to_user dcbt fixup

From: Danjel McGougan
Date: Sat Mar 13 2004 - 09:41:09 EST

Bryan Rittmeyer wrote:
copy_tofrom_user and copy_page use dcbt to prefetch source data [1].
Since at least 2.4.17, these functions have been prefetching
beyond the end of the source buffer, leading to two problems:

1. Subtly broken software cache coherency. If the area following src
was invalidate_dcache_range'd prior to submitting for DMA,
an out-of-bounds dcbt from copy_to_user of a separate slab object
may read in the area before DMA completion. When the DMA does complete,
data will not be loaded from RAM because stale data is already in cache.
Thus you get a corrupt network packet, bogus audio capture, etc.


I am no expert on the ppc arch, but in my humble opinion it seems strange to invalidate the dcache *before* the memory-writing DMA-transaction. The obvious solution is to invalidate the dcache *after* DMA completion. It seems hard to guarantee that nobody will touch the memory area in question during the DMA.

Just some clue-less comments from a linux-kernel lurker.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at