Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
fault.c
Go to the documentation of this file.
1 /*
2  * arch/cris/mm/fault.c
3  *
4  * Copyright (C) 2000-2010 Axis Communications AB
5  */
6 
7 #include <linux/mm.h>
8 #include <linux/interrupt.h>
9 #include <linux/module.h>
10 #include <linux/wait.h>
11 #include <asm/uaccess.h>
12 #include <arch/system.h>
13 
14 extern int find_fixup_code(struct pt_regs *);
15 extern void die_if_kernel(const char *, struct pt_regs *, long);
16 extern void show_registers(struct pt_regs *regs);
17 
18 /* debug of low-level TLB reload */
19 #undef DEBUG
20 
21 #ifdef DEBUG
22 #define D(x) x
23 #else
24 #define D(x)
25 #endif
26 
27 /* debug of higher-level faults */
28 #define DPG(x)
29 
30 /* current active page directory */
31 
34 
35 /*
36  * This routine handles page faults. It determines the address,
37  * and the problem, and then passes it off to one of the appropriate
38  * routines.
39  *
40  * Notice that the address we're given is aligned to the page the fault
41  * occurred in, since we only get the PFN in R_MMU_CAUSE not the complete
42  * address.
43  *
44  * error_code:
45  * bit 0 == 0 means no page found, 1 means protection fault
46  * bit 1 == 0 means read, 1 means write
47  *
48  * If this routine detects a bad access, it returns 1, otherwise it
49  * returns 0.
50  */
51 
52 asmlinkage void
53 do_page_fault(unsigned long address, struct pt_regs *regs,
54  int protection, int writeaccess)
55 {
56  struct task_struct *tsk;
57  struct mm_struct *mm;
58  struct vm_area_struct * vma;
60  int fault;
61  unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE |
62  ((writeaccess & 1) ? FAULT_FLAG_WRITE : 0);
63 
65  "Page fault for %lX on %X at %lX, prot %d write %d\n",
66  address, smp_processor_id(), instruction_pointer(regs),
67  protection, writeaccess));
68 
69  tsk = current;
70 
71  /*
72  * We fault-in kernel-space virtual memory on-demand. The
73  * 'reference' page table is init_mm.pgd.
74  *
75  * NOTE! We MUST NOT take any locks for this case. We may
76  * be in an interrupt or a critical region, and should
77  * only copy the information from the master page table,
78  * nothing more.
79  *
80  * NOTE2: This is done so that, when updating the vmalloc
81  * mappings we don't have to walk all processes pgdirs and
82  * add the high mappings all at once. Instead we do it as they
83  * are used. However vmalloc'ed page entries have the PAGE_GLOBAL
84  * bit set so sometimes the TLB can use a lingering entry.
85  *
86  * This verifies that the fault happens in kernel space
87  * and that the fault was not a protection error (error_code & 1).
88  */
89 
90  if (address >= VMALLOC_START &&
91  !protection &&
92  !user_mode(regs))
93  goto vmalloc_fault;
94 
95  /* When stack execution is not allowed we store the signal
96  * trampolines in the reserved cris_signal_return_page.
97  * Handle this in the exact same way as vmalloc (we know
98  * that the mapping is there and is valid so no need to
99  * call handle_mm_fault).
100  */
102  address == cris_signal_return_page &&
103  !protection && user_mode(regs))
104  goto vmalloc_fault;
105 
106  /* we can and should enable interrupts at this point */
108 
109  mm = tsk->mm;
110  info.si_code = SEGV_MAPERR;
111 
112  /*
113  * If we're in an interrupt or "atomic" operation or have no
114  * user context, we must not take the fault.
115  */
116 
117  if (in_atomic() || !mm)
118  goto no_context;
119 
120 retry:
121  down_read(&mm->mmap_sem);
122  vma = find_vma(mm, address);
123  if (!vma)
124  goto bad_area;
125  if (vma->vm_start <= address)
126  goto good_area;
127  if (!(vma->vm_flags & VM_GROWSDOWN))
128  goto bad_area;
129  if (user_mode(regs)) {
130  /*
131  * accessing the stack below usp is always a bug.
132  * we get page-aligned addresses so we can only check
133  * if we're within a page from usp, but that might be
134  * enough to catch brutal errors at least.
135  */
136  if (address + PAGE_SIZE < rdusp())
137  goto bad_area;
138  }
139  if (expand_stack(vma, address))
140  goto bad_area;
141 
142  /*
143  * Ok, we have a good vm_area for this memory access, so
144  * we can handle it..
145  */
146 
147  good_area:
148  info.si_code = SEGV_ACCERR;
149 
150  /* first do some preliminary protection checks */
151 
152  if (writeaccess == 2){
153  if (!(vma->vm_flags & VM_EXEC))
154  goto bad_area;
155  } else if (writeaccess == 1) {
156  if (!(vma->vm_flags & VM_WRITE))
157  goto bad_area;
158  } else {
159  if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
160  goto bad_area;
161  }
162 
163  /*
164  * If for any reason at all we couldn't handle the fault,
165  * make sure we exit gracefully rather than endlessly redo
166  * the fault.
167  */
168 
169  fault = handle_mm_fault(mm, vma, address, flags);
170 
171  if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current))
172  return;
173 
174  if (unlikely(fault & VM_FAULT_ERROR)) {
175  if (fault & VM_FAULT_OOM)
176  goto out_of_memory;
177  else if (fault & VM_FAULT_SIGBUS)
178  goto do_sigbus;
179  BUG();
180  }
181 
182  if (flags & FAULT_FLAG_ALLOW_RETRY) {
183  if (fault & VM_FAULT_MAJOR)
184  tsk->maj_flt++;
185  else
186  tsk->min_flt++;
187  if (fault & VM_FAULT_RETRY) {
188  flags &= ~FAULT_FLAG_ALLOW_RETRY;
189  flags |= FAULT_FLAG_TRIED;
190 
191  /*
192  * No need to up_read(&mm->mmap_sem) as we would
193  * have already released it in __lock_page_or_retry
194  * in mm/filemap.c.
195  */
196 
197  goto retry;
198  }
199  }
200 
201  up_read(&mm->mmap_sem);
202  return;
203 
204  /*
205  * Something tried to access memory that isn't in our memory map..
206  * Fix it, but check if it's kernel or user first..
207  */
208 
209  bad_area:
210  up_read(&mm->mmap_sem);
211 
212  bad_area_nosemaphore:
213  DPG(show_registers(regs));
214 
215  /* User mode accesses just cause a SIGSEGV */
216 
217  if (user_mode(regs)) {
218  printk(KERN_NOTICE "%s (pid %d) segfaults for page "
219  "address %08lx at pc %08lx\n",
220  tsk->comm, tsk->pid,
221  address, instruction_pointer(regs));
222 
223  /* With DPG on, we've already dumped registers above. */
224  DPG(if (0))
225  show_registers(regs);
226 
227 #ifdef CONFIG_NO_SEGFAULT_TERMINATION
229  wait_event_interruptible(wq, 0 == 1);
230 #else
231  info.si_signo = SIGSEGV;
232  info.si_errno = 0;
233  /* info.si_code has been set above */
234  info.si_addr = (void *)address;
235  force_sig_info(SIGSEGV, &info, tsk);
236 #endif
237  return;
238  }
239 
240  no_context:
241 
242  /* Are we prepared to handle this kernel fault?
243  *
244  * (The kernel has valid exception-points in the source
245  * when it accesses user-memory. When it fails in one
246  * of those points, we find it in a table and do a jump
247  * to some fixup code that loads an appropriate error
248  * code)
249  */
250 
251  if (find_fixup_code(regs))
252  return;
253 
254  /*
255  * Oops. The kernel tried to access some bad page. We'll have to
256  * terminate things with extreme prejudice.
257  */
258 
259  if (!oops_in_progress) {
260  oops_in_progress = 1;
261  if ((unsigned long) (address) < PAGE_SIZE)
262  printk(KERN_ALERT "Unable to handle kernel NULL "
263  "pointer dereference");
264  else
265  printk(KERN_ALERT "Unable to handle kernel access"
266  " at virtual address %08lx\n", address);
267 
268  die_if_kernel("Oops", regs, (writeaccess << 1) | protection);
269  oops_in_progress = 0;
270  }
271 
272  do_exit(SIGKILL);
273 
274  /*
275  * We ran out of memory, or some other thing happened to us that made
276  * us unable to handle the page fault gracefully.
277  */
278 
280  up_read(&mm->mmap_sem);
281  if (!user_mode(regs))
282  goto no_context;
284  return;
285 
286  do_sigbus:
287  up_read(&mm->mmap_sem);
288 
289  /*
290  * Send a sigbus, regardless of whether we were in kernel
291  * or user mode.
292  */
293  info.si_signo = SIGBUS;
294  info.si_errno = 0;
295  info.si_code = BUS_ADRERR;
296  info.si_addr = (void *)address;
297  force_sig_info(SIGBUS, &info, tsk);
298 
299  /* Kernel mode? Handle exceptions or die */
300  if (!user_mode(regs))
301  goto no_context;
302  return;
303 
304 vmalloc_fault:
305  {
306  /*
307  * Synchronize this task's top level page-table
308  * with the 'reference' page table.
309  *
310  * Use current_pgd instead of tsk->active_mm->pgd
311  * since the latter might be unavailable if this
312  * code is executed in a misfortunately run irq
313  * (like inside schedule() between switch_mm and
314  * switch_to...).
315  */
316 
317  int offset = pgd_index(address);
318  pgd_t *pgd, *pgd_k;
319  pud_t *pud, *pud_k;
320  pmd_t *pmd, *pmd_k;
321  pte_t *pte_k;
322 
323  pgd = (pgd_t *)per_cpu(current_pgd, smp_processor_id()) + offset;
324  pgd_k = init_mm.pgd + offset;
325 
326  /* Since we're two-level, we don't need to do both
327  * set_pgd and set_pmd (they do the same thing). If
328  * we go three-level at some point, do the right thing
329  * with pgd_present and set_pgd here.
330  *
331  * Also, since the vmalloc area is global, we don't
332  * need to copy individual PTE's, it is enough to
333  * copy the pgd pointer into the pte page of the
334  * root task. If that is there, we'll find our pte if
335  * it exists.
336  */
337 
338  pud = pud_offset(pgd, address);
339  pud_k = pud_offset(pgd_k, address);
340  if (!pud_present(*pud_k))
341  goto no_context;
342 
343  pmd = pmd_offset(pud, address);
344  pmd_k = pmd_offset(pud_k, address);
345 
346  if (!pmd_present(*pmd_k))
347  goto bad_area_nosemaphore;
348 
349  set_pmd(pmd, *pmd_k);
350 
351  /* Make sure the actual PTE exists as well to
352  * catch kernel vmalloc-area accesses to non-mapped
353  * addresses. If we don't do this, this will just
354  * silently loop forever.
355  */
356 
357  pte_k = pte_offset_kernel(pmd_k, address);
358  if (!pte_present(*pte_k))
359  goto no_context;
360 
361  return;
362  }
363 }
364 
365 /* Find fixup code. */
366 int
368 {
369  const struct exception_table_entry *fixup;
370  /* in case of delay slot fault (v32) */
371  unsigned long ip = (instruction_pointer(regs) & ~0x1);
372 
373  fixup = search_exception_tables(ip);
374  if (fixup != 0) {
375  /* Adjust the instruction pointer in the stackframe. */
376  instruction_pointer(regs) = fixup->fixup;
377  arch_fixup(regs);
378  return 1;
379  }
380 
381  return 0;
382 }