Visible to Intel only — GUID: suc1423149084495
Ixiasoft
Visible to Intel only — GUID: suc1423149084495
Ixiasoft
4.1.7. 794072: A Short Loop Including DMB Instruction Might Cause a Denial of Service When the Other Processor Executes a CP15 Broadcast Operation
Description
A processor that continuously executes a short loop containing a DMB instruction might prevent a CP15 operation broadcast by the other processor making further progress, causing a denial of service.
This erratum requires the following conditions:
- A dual core device with the processors working in SMP mode (ACTLR.SMP=1).
- One of the processors continuously executes a short loop containing at least one DMB instruction.
- The other processor executes a CP15 maintenance operation that is broadcast, meaning that this processor has enabled the broadcasting of CP15 operations (ACTLR.FW=1).
For this erratum to occur, the short loop containing the DMB instruction must meet both of the following additional conditions:
- No more than 10 instructions other than the DMB are executed between each DMB.
- No non-conditional Load or Store, or conditional Load or Store that pass the condition code check, are executed between each DMB.
When all the conditions for this erratum are met, the short loop creates a continuous stream of DMB instructions that may cause a denial of service by preventing the processor executing the short loop from executing the received broadcast CP15 operation. As a result, the processor that originally executed the broadcast CP15 operation is stalled until the execution of the loop is interrupted.
Note that because the process issuing the CP15 broadcast operation cannot complete operation, it cannot enter any debug mode and cannot take any interrupt. If the processor executing the short loop also cannot be interrupted, for example if it has disabled its interrupts, or if no interrupts are routed to this processor, this erratum might cause a system livelock.
Impact
This erratum might create performance issues, or in the worst case it might cause a system livelock if the processor executing the DMB is in an infinite loop that cannot be interrupted.
Workaround
This erratum can be worked around by setting bit[4] of the undocumented Diagnostic Control Register to 1. This register is encoded as CP15 c15 0 c0 1.
This bit can be written in the secure state only, with the following read-modify-write code sequence:
MRC p15,0,rt,c15,c0,1 ORR rt,rt,#0x10 MCR p15,0,rt,c15,c0,1
When it is set, this bit causes the DMB instruction to be decoded and executed like a DSB. Using this software workaround is not expected to have any impact on the overall performance of the processor on a typical code base.
Other workarounds are also available for this erratum, to either prevent or interrupt the continuous stream of DMB instructions that causes the deadlock. Examples include:
- Inserting a non-conditional Load or Store instruction in the loop between each DMB.
- Inserting additional instructions in the loop, such as NOPs, to avoid the processor seeing back to back DMB instructions.
- Making the processor that is executing the short loop take regular interrupts.
Category
Category 3