From 5878fc936aebf592cca418ca50773cd578f7daf4 Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Tue, 23 Nov 2010 10:26:44 -0800 Subject: MIPS: Fix CP0 COUNTER clockevent race Consider the following test case: write_c0_compare(read_c0_count()); Even if the counter doesn't increment during execution, this might not generate an interrupt until the counter wraps around. The CPU may perform the comparison each time CP0 COUNT increments, not when CP0 COMPARE is written. If mips_next_event() is called with a very small delta, and CP0 COUNT increments during the calculation of "cnt += delta", it is possible that CP0 COMPARE will be written with the current value of CP0 COUNT. If this is detected, the function should return -ETIME, to indicate that the interrupt might not have actually gotten scheduled. Signed-off-by: Kevin Cernekee Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1836/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/cevt-r4k.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/mips/kernel/cevt-r4k.c') diff --git a/arch/mips/kernel/cevt-r4k.c b/arch/mips/kernel/cevt-r4k.c index 2f4d7a99bcc2..98c5a9737c14 100644 --- a/arch/mips/kernel/cevt-r4k.c +++ b/arch/mips/kernel/cevt-r4k.c @@ -32,7 +32,7 @@ static int mips_next_event(unsigned long delta, cnt = read_c0_count(); cnt += delta; write_c0_compare(cnt); - res = ((int)(read_c0_count() - cnt) > 0) ? -ETIME : 0; + res = ((int)(read_c0_count() - cnt) >= 0) ? -ETIME : 0; return res; } -- cgit v1.2.3