1 /* 2 * linux/arch/arm/mm/fault.c 3 * 4 * Copyright (C) 1995 Linus Torvalds 5 * Modifications for ARM processor (c) 1995-2004 Russell King 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 #include <linux/module.h> 12 #include <linux/signal.h> 13 #include <linux/mm.h> 14 #include <linux/init.h> 15 16 #include <asm/system.h> 17 #include <asm/pgtable.h> 18 #include <asm/tlbflush.h> 19 #include <asm/uaccess.h> 20 21 #include "fault.h" 22 23 /* 24 * This is useful to dump out the page tables associated with 25 * 'addr' in mm 'mm'. 26 */ 27 void show_pte(struct mm_struct *mm, unsigned long addr) 28 { 29 pgd_t *pgd; 30 31 if (!mm) 32 mm = &init_mm; 33 34 printk(KERN_ALERT "pgd = %p\n", mm->pgd); 35 pgd = pgd_offset(mm, addr); 36 printk(KERN_ALERT "[%08lx] *pgd=%08lx", addr, pgd_val(*pgd)); 37 38 do { 39 pmd_t *pmd; 40 pte_t *pte; 41 42 if (pgd_none(*pgd)) 43 break; 44 45 if (pgd_bad(*pgd)) { 46 printk("(bad)"); 47 break; 48 } 49 50 pmd = pmd_offset(pgd, addr); 51 #if PTRS_PER_PMD != 1 52 printk(", *pmd=%08lx", pmd_val(*pmd)); 53 #endif 54 55 if (pmd_none(*pmd)) 56 break; 57 58 if (pmd_bad(*pmd)) { 59 printk("(bad)"); 60 break; 61 } 62 63 #ifndef CONFIG_HIGHMEM 64 /* We must not map this if we have highmem enabled */ 65 pte = pte_offset_map(pmd, addr); 66 printk(", *pte=%08lx", pte_val(*pte)); 67 printk(", *ppte=%08lx", pte_val(pte[-PTRS_PER_PTE])); 68 pte_unmap(pte); 69 #endif 70 } while(0); 71 72 printk("\n"); 73 } 74 75 /* 76 * Oops. The kernel tried to access some page that wasn't present. 77 */ 78 static void 79 __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 80 struct pt_regs *regs) 81 { 82 /* 83 * Are we prepared to handle this kernel fault? 84 */ 85 if (fixup_exception(regs)) 86 return; 87 88 /* 89 * No handler, we'll have to terminate things with extreme prejudice. 90 */ 91 bust_spinlocks(1); 92 printk(KERN_ALERT 93 "Unable to handle kernel %s at virtual address %08lx\n", 94 (addr < PAGE_SIZE) ? "NULL pointer dereference" : 95 "paging request", addr); 96 97 show_pte(mm, addr); 98 die("Oops", regs, fsr); 99 bust_spinlocks(0); 100 do_exit(SIGKILL); 101 } 102 103 /* 104 * Something tried to access memory that isn't in our memory map.. 105 * User mode accesses just cause a SIGSEGV 106 */ 107 static void 108 __do_user_fault(struct task_struct *tsk, unsigned long addr, 109 unsigned int fsr, unsigned int sig, int code, 110 struct pt_regs *regs) 111 { 112 struct siginfo si; 113 114 #ifdef CONFIG_DEBUG_USER 115 if (user_debug & UDBG_SEGV) { 116 printk(KERN_DEBUG "%s: unhandled page fault (%d) at 0x%08lx, code 0x%03x\n", 117 tsk->comm, sig, addr, fsr); 118 show_pte(tsk->mm, addr); 119 show_regs(regs); 120 } 121 #endif 122 123 tsk->thread.address = addr; 124 tsk->thread.error_code = fsr; 125 tsk->thread.trap_no = 14; 126 si.si_signo = sig; 127 si.si_errno = 0; 128 si.si_code = code; 129 si.si_addr = (void __user *)addr; 130 force_sig_info(sig, &si, tsk); 131 } 132 133 void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 134 { 135 struct task_struct *tsk = current; 136 struct mm_struct *mm = tsk->active_mm; 137 138 /* 139 * If we are in kernel mode at this point, we 140 * have no context to handle this fault with. 141 */ 142 if (user_mode(regs)) 143 __do_user_fault(tsk, addr, fsr, SIGSEGV, SEGV_MAPERR, regs); 144 else 145 __do_kernel_fault(mm, addr, fsr, regs); 146 } 147 148 #define VM_FAULT_BADMAP 0x010000 149 #define VM_FAULT_BADACCESS 0x020000 150 151 static int 152 __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 153 struct task_struct *tsk) 154 { 155 struct vm_area_struct *vma; 156 int fault, mask; 157 158 vma = find_vma(mm, addr); 159 fault = VM_FAULT_BADMAP; 160 if (!vma) 161 goto out; 162 if (vma->vm_start > addr) 163 goto check_stack; 164 165 /* 166 * Ok, we have a good vm_area for this 167 * memory access, so we can handle it. 168 */ 169 good_area: 170 if (fsr & (1 << 11)) /* write? */ 171 mask = VM_WRITE; 172 else 173 mask = VM_READ|VM_EXEC|VM_WRITE; 174 175 fault = VM_FAULT_BADACCESS; 176 if (!(vma->vm_flags & mask)) 177 goto out; 178 179 /* 180 * If for any reason at all we couldn't handle 181 * the fault, make sure we exit gracefully rather 182 * than endlessly redo the fault. 183 */ 184 survive: 185 fault = handle_mm_fault(mm, vma, addr & PAGE_MASK, fsr & (1 << 11)); 186 if (unlikely(fault & VM_FAULT_ERROR)) { 187 if (fault & VM_FAULT_OOM) 188 goto out_of_memory; 189 else if (fault & VM_FAULT_SIGBUS) 190 return fault; 191 BUG(); 192 } 193 if (fault & VM_FAULT_MAJOR) 194 tsk->maj_flt++; 195 else 196 tsk->min_flt++; 197 return fault; 198 199 out_of_memory: 200 if (!is_init(tsk)) 201 goto out; 202 203 /* 204 * If we are out of memory for pid1, sleep for a while and retry 205 */ 206 up_read(&mm->mmap_sem); 207 yield(); 208 down_read(&mm->mmap_sem); 209 goto survive; 210 211 check_stack: 212 if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr)) 213 goto good_area; 214 out: 215 return fault; 216 } 217 218 static int 219 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 220 { 221 struct task_struct *tsk; 222 struct mm_struct *mm; 223 int fault, sig, code; 224 225 tsk = current; 226 mm = tsk->mm; 227 228 /* 229 * If we're in an interrupt or have no user 230 * context, we must not take the fault.. 231 */ 232 if (in_atomic() || !mm) 233 goto no_context; 234 235 /* 236 * As per x86, we may deadlock here. However, since the kernel only 237 * validly references user space from well defined areas of the code, 238 * we can bug out early if this is from code which shouldn't. 239 */ 240 if (!down_read_trylock(&mm->mmap_sem)) { 241 if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) 242 goto no_context; 243 down_read(&mm->mmap_sem); 244 } 245 246 fault = __do_page_fault(mm, addr, fsr, tsk); 247 up_read(&mm->mmap_sem); 248 249 /* 250 * Handle the "normal" case first - VM_FAULT_MAJOR / VM_FAULT_MINOR 251 */ 252 if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) 253 return 0; 254 255 /* 256 * If we are in kernel mode at this point, we 257 * have no context to handle this fault with. 258 */ 259 if (!user_mode(regs)) 260 goto no_context; 261 262 if (fault & VM_FAULT_OOM) { 263 /* 264 * We ran out of memory, or some other thing 265 * happened to us that made us unable to handle 266 * the page fault gracefully. 267 */ 268 printk("VM: killing process %s\n", tsk->comm); 269 do_exit(SIGKILL); 270 return 0; 271 } 272 if (fault & VM_FAULT_SIGBUS) { 273 /* 274 * We had some memory, but were unable to 275 * successfully fix up this page fault. 276 */ 277 sig = SIGBUS; 278 code = BUS_ADRERR; 279 } else { 280 /* 281 * Something tried to access memory that 282 * isn't in our memory map.. 283 */ 284 sig = SIGSEGV; 285 code = fault == VM_FAULT_BADACCESS ? 286 SEGV_ACCERR : SEGV_MAPERR; 287 } 288 289 __do_user_fault(tsk, addr, fsr, sig, code, regs); 290 return 0; 291 292 no_context: 293 __do_kernel_fault(mm, addr, fsr, regs); 294 return 0; 295 } 296 297 /* 298 * First Level Translation Fault Handler 299 * 300 * We enter here because the first level page table doesn't contain 301 * a valid entry for the address. 302 * 303 * If the address is in kernel space (>= TASK_SIZE), then we are 304 * probably faulting in the vmalloc() area. 305 * 306 * If the init_task's first level page tables contains the relevant 307 * entry, we copy the it to this task. If not, we send the process 308 * a signal, fixup the exception, or oops the kernel. 309 * 310 * NOTE! We MUST NOT take any locks for this case. We may be in an 311 * interrupt or a critical region, and should only copy the information 312 * from the master page table, nothing more. 313 */ 314 static int 315 do_translation_fault(unsigned long addr, unsigned int fsr, 316 struct pt_regs *regs) 317 { 318 unsigned int index; 319 pgd_t *pgd, *pgd_k; 320 pmd_t *pmd, *pmd_k; 321 322 if (addr < TASK_SIZE) 323 return do_page_fault(addr, fsr, regs); 324 325 index = pgd_index(addr); 326 327 /* 328 * FIXME: CP15 C1 is write only on ARMv3 architectures. 329 */ 330 pgd = cpu_get_pgd() + index; 331 pgd_k = init_mm.pgd + index; 332 333 if (pgd_none(*pgd_k)) 334 goto bad_area; 335 336 if (!pgd_present(*pgd)) 337 set_pgd(pgd, *pgd_k); 338 339 pmd_k = pmd_offset(pgd_k, addr); 340 pmd = pmd_offset(pgd, addr); 341 342 if (pmd_none(*pmd_k)) 343 goto bad_area; 344 345 copy_pmd(pmd, pmd_k); 346 return 0; 347 348 bad_area: 349 do_bad_area(addr, fsr, regs); 350 return 0; 351 } 352 353 /* 354 * Some section permission faults need to be handled gracefully. 355 * They can happen due to a __{get,put}_user during an oops. 356 */ 357 static int 358 do_sect_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 359 { 360 do_bad_area(addr, fsr, regs); 361 return 0; 362 } 363 364 /* 365 * This abort handler always returns "fault". 366 */ 367 static int 368 do_bad(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 369 { 370 return 1; 371 } 372 373 static struct fsr_info { 374 int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs); 375 int sig; 376 int code; 377 const char *name; 378 } fsr_info[] = { 379 /* 380 * The following are the standard ARMv3 and ARMv4 aborts. ARMv5 381 * defines these to be "precise" aborts. 382 */ 383 { do_bad, SIGSEGV, 0, "vector exception" }, 384 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 385 { do_bad, SIGKILL, 0, "terminal exception" }, 386 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 387 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 388 { do_translation_fault, SIGSEGV, SEGV_MAPERR, "section translation fault" }, 389 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 390 { do_page_fault, SIGSEGV, SEGV_MAPERR, "page translation fault" }, 391 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 392 { do_bad, SIGSEGV, SEGV_ACCERR, "section domain fault" }, 393 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 394 { do_bad, SIGSEGV, SEGV_ACCERR, "page domain fault" }, 395 { do_bad, SIGBUS, 0, "external abort on translation" }, 396 { do_sect_fault, SIGSEGV, SEGV_ACCERR, "section permission fault" }, 397 { do_bad, SIGBUS, 0, "external abort on translation" }, 398 { do_page_fault, SIGSEGV, SEGV_ACCERR, "page permission fault" }, 399 /* 400 * The following are "imprecise" aborts, which are signalled by bit 401 * 10 of the FSR, and may not be recoverable. These are only 402 * supported if the CPU abort handler supports bit 10. 403 */ 404 { do_bad, SIGBUS, 0, "unknown 16" }, 405 { do_bad, SIGBUS, 0, "unknown 17" }, 406 { do_bad, SIGBUS, 0, "unknown 18" }, 407 { do_bad, SIGBUS, 0, "unknown 19" }, 408 { do_bad, SIGBUS, 0, "lock abort" }, /* xscale */ 409 { do_bad, SIGBUS, 0, "unknown 21" }, 410 { do_bad, SIGBUS, BUS_OBJERR, "imprecise external abort" }, /* xscale */ 411 { do_bad, SIGBUS, 0, "unknown 23" }, 412 { do_bad, SIGBUS, 0, "dcache parity error" }, /* xscale */ 413 { do_bad, SIGBUS, 0, "unknown 25" }, 414 { do_bad, SIGBUS, 0, "unknown 26" }, 415 { do_bad, SIGBUS, 0, "unknown 27" }, 416 { do_bad, SIGBUS, 0, "unknown 28" }, 417 { do_bad, SIGBUS, 0, "unknown 29" }, 418 { do_bad, SIGBUS, 0, "unknown 30" }, 419 { do_bad, SIGBUS, 0, "unknown 31" } 420 }; 421 422 void __init 423 hook_fault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *), 424 int sig, const char *name) 425 { 426 if (nr >= 0 && nr < ARRAY_SIZE(fsr_info)) { 427 fsr_info[nr].fn = fn; 428 fsr_info[nr].sig = sig; 429 fsr_info[nr].name = name; 430 } 431 } 432 433 /* 434 * Dispatch a data abort to the relevant handler. 435 */ 436 asmlinkage void __exception 437 do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 438 { 439 const struct fsr_info *inf = fsr_info + (fsr & 15) + ((fsr & (1 << 10)) >> 6); 440 struct siginfo info; 441 442 if (!inf->fn(addr, fsr, regs)) 443 return; 444 445 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", 446 inf->name, fsr, addr); 447 448 info.si_signo = inf->sig; 449 info.si_errno = 0; 450 info.si_code = inf->code; 451 info.si_addr = (void __user *)addr; 452 arm_notify_die("", regs, &info, fsr, 0); 453 } 454 455 asmlinkage void __exception 456 do_PrefetchAbort(unsigned long addr, struct pt_regs *regs) 457 { 458 do_translation_fault(addr, 0, regs); 459 } 460 461