1 /* 2 * linux/arch/arm/mm/fault.c 3 * 4 * Copyright (C) 1995 Linus Torvalds 5 * Modifications for ARM processor (c) 1995-2004 Russell King 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 #include <linux/module.h> 12 #include <linux/signal.h> 13 #include <linux/mm.h> 14 #include <linux/init.h> 15 #include <linux/kprobes.h> 16 17 #include <asm/system.h> 18 #include <asm/pgtable.h> 19 #include <asm/tlbflush.h> 20 #include <asm/uaccess.h> 21 22 #include "fault.h" 23 24 25 #ifdef CONFIG_KPROBES 26 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr) 27 { 28 int ret = 0; 29 30 if (!user_mode(regs)) { 31 /* kprobe_running() needs smp_processor_id() */ 32 preempt_disable(); 33 if (kprobe_running() && kprobe_fault_handler(regs, fsr)) 34 ret = 1; 35 preempt_enable(); 36 } 37 38 return ret; 39 } 40 #else 41 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr) 42 { 43 return 0; 44 } 45 #endif 46 47 /* 48 * This is useful to dump out the page tables associated with 49 * 'addr' in mm 'mm'. 50 */ 51 void show_pte(struct mm_struct *mm, unsigned long addr) 52 { 53 pgd_t *pgd; 54 55 if (!mm) 56 mm = &init_mm; 57 58 printk(KERN_ALERT "pgd = %p\n", mm->pgd); 59 pgd = pgd_offset(mm, addr); 60 printk(KERN_ALERT "[%08lx] *pgd=%08lx", addr, pgd_val(*pgd)); 61 62 do { 63 pmd_t *pmd; 64 pte_t *pte; 65 66 if (pgd_none(*pgd)) 67 break; 68 69 if (pgd_bad(*pgd)) { 70 printk("(bad)"); 71 break; 72 } 73 74 pmd = pmd_offset(pgd, addr); 75 #if PTRS_PER_PMD != 1 76 printk(", *pmd=%08lx", pmd_val(*pmd)); 77 #endif 78 79 if (pmd_none(*pmd)) 80 break; 81 82 if (pmd_bad(*pmd)) { 83 printk("(bad)"); 84 break; 85 } 86 87 #ifndef CONFIG_HIGHMEM 88 /* We must not map this if we have highmem enabled */ 89 pte = pte_offset_map(pmd, addr); 90 printk(", *pte=%08lx", pte_val(*pte)); 91 printk(", *ppte=%08lx", pte_val(pte[-PTRS_PER_PTE])); 92 pte_unmap(pte); 93 #endif 94 } while(0); 95 96 printk("\n"); 97 } 98 99 /* 100 * Oops. The kernel tried to access some page that wasn't present. 101 */ 102 static void 103 __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 104 struct pt_regs *regs) 105 { 106 /* 107 * Are we prepared to handle this kernel fault? 108 */ 109 if (fixup_exception(regs)) 110 return; 111 112 /* 113 * No handler, we'll have to terminate things with extreme prejudice. 114 */ 115 bust_spinlocks(1); 116 printk(KERN_ALERT 117 "Unable to handle kernel %s at virtual address %08lx\n", 118 (addr < PAGE_SIZE) ? "NULL pointer dereference" : 119 "paging request", addr); 120 121 show_pte(mm, addr); 122 die("Oops", regs, fsr); 123 bust_spinlocks(0); 124 do_exit(SIGKILL); 125 } 126 127 /* 128 * Something tried to access memory that isn't in our memory map.. 129 * User mode accesses just cause a SIGSEGV 130 */ 131 static void 132 __do_user_fault(struct task_struct *tsk, unsigned long addr, 133 unsigned int fsr, unsigned int sig, int code, 134 struct pt_regs *regs) 135 { 136 struct siginfo si; 137 138 #ifdef CONFIG_DEBUG_USER 139 if (user_debug & UDBG_SEGV) { 140 printk(KERN_DEBUG "%s: unhandled page fault (%d) at 0x%08lx, code 0x%03x\n", 141 tsk->comm, sig, addr, fsr); 142 show_pte(tsk->mm, addr); 143 show_regs(regs); 144 } 145 #endif 146 147 tsk->thread.address = addr; 148 tsk->thread.error_code = fsr; 149 tsk->thread.trap_no = 14; 150 si.si_signo = sig; 151 si.si_errno = 0; 152 si.si_code = code; 153 si.si_addr = (void __user *)addr; 154 force_sig_info(sig, &si, tsk); 155 } 156 157 void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 158 { 159 struct task_struct *tsk = current; 160 struct mm_struct *mm = tsk->active_mm; 161 162 /* 163 * If we are in kernel mode at this point, we 164 * have no context to handle this fault with. 165 */ 166 if (user_mode(regs)) 167 __do_user_fault(tsk, addr, fsr, SIGSEGV, SEGV_MAPERR, regs); 168 else 169 __do_kernel_fault(mm, addr, fsr, regs); 170 } 171 172 #define VM_FAULT_BADMAP 0x010000 173 #define VM_FAULT_BADACCESS 0x020000 174 175 static int 176 __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 177 struct task_struct *tsk) 178 { 179 struct vm_area_struct *vma; 180 int fault, mask; 181 182 vma = find_vma(mm, addr); 183 fault = VM_FAULT_BADMAP; 184 if (!vma) 185 goto out; 186 if (vma->vm_start > addr) 187 goto check_stack; 188 189 /* 190 * Ok, we have a good vm_area for this 191 * memory access, so we can handle it. 192 */ 193 good_area: 194 if (fsr & (1 << 11)) /* write? */ 195 mask = VM_WRITE; 196 else 197 mask = VM_READ|VM_EXEC|VM_WRITE; 198 199 fault = VM_FAULT_BADACCESS; 200 if (!(vma->vm_flags & mask)) 201 goto out; 202 203 /* 204 * If for any reason at all we couldn't handle 205 * the fault, make sure we exit gracefully rather 206 * than endlessly redo the fault. 207 */ 208 survive: 209 fault = handle_mm_fault(mm, vma, addr & PAGE_MASK, fsr & (1 << 11)); 210 if (unlikely(fault & VM_FAULT_ERROR)) { 211 if (fault & VM_FAULT_OOM) 212 goto out_of_memory; 213 else if (fault & VM_FAULT_SIGBUS) 214 return fault; 215 BUG(); 216 } 217 if (fault & VM_FAULT_MAJOR) 218 tsk->maj_flt++; 219 else 220 tsk->min_flt++; 221 return fault; 222 223 out_of_memory: 224 if (!is_global_init(tsk)) 225 goto out; 226 227 /* 228 * If we are out of memory for pid1, sleep for a while and retry 229 */ 230 up_read(&mm->mmap_sem); 231 yield(); 232 down_read(&mm->mmap_sem); 233 goto survive; 234 235 check_stack: 236 if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr)) 237 goto good_area; 238 out: 239 return fault; 240 } 241 242 static int __kprobes 243 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 244 { 245 struct task_struct *tsk; 246 struct mm_struct *mm; 247 int fault, sig, code; 248 249 if (notify_page_fault(regs, fsr)) 250 return 0; 251 252 tsk = current; 253 mm = tsk->mm; 254 255 /* 256 * If we're in an interrupt or have no user 257 * context, we must not take the fault.. 258 */ 259 if (in_atomic() || !mm) 260 goto no_context; 261 262 /* 263 * As per x86, we may deadlock here. However, since the kernel only 264 * validly references user space from well defined areas of the code, 265 * we can bug out early if this is from code which shouldn't. 266 */ 267 if (!down_read_trylock(&mm->mmap_sem)) { 268 if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) 269 goto no_context; 270 down_read(&mm->mmap_sem); 271 } 272 273 fault = __do_page_fault(mm, addr, fsr, tsk); 274 up_read(&mm->mmap_sem); 275 276 /* 277 * Handle the "normal" case first - VM_FAULT_MAJOR / VM_FAULT_MINOR 278 */ 279 if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) 280 return 0; 281 282 /* 283 * If we are in kernel mode at this point, we 284 * have no context to handle this fault with. 285 */ 286 if (!user_mode(regs)) 287 goto no_context; 288 289 if (fault & VM_FAULT_OOM) { 290 /* 291 * We ran out of memory, or some other thing 292 * happened to us that made us unable to handle 293 * the page fault gracefully. 294 */ 295 printk("VM: killing process %s\n", tsk->comm); 296 do_group_exit(SIGKILL); 297 return 0; 298 } 299 if (fault & VM_FAULT_SIGBUS) { 300 /* 301 * We had some memory, but were unable to 302 * successfully fix up this page fault. 303 */ 304 sig = SIGBUS; 305 code = BUS_ADRERR; 306 } else { 307 /* 308 * Something tried to access memory that 309 * isn't in our memory map.. 310 */ 311 sig = SIGSEGV; 312 code = fault == VM_FAULT_BADACCESS ? 313 SEGV_ACCERR : SEGV_MAPERR; 314 } 315 316 __do_user_fault(tsk, addr, fsr, sig, code, regs); 317 return 0; 318 319 no_context: 320 __do_kernel_fault(mm, addr, fsr, regs); 321 return 0; 322 } 323 324 /* 325 * First Level Translation Fault Handler 326 * 327 * We enter here because the first level page table doesn't contain 328 * a valid entry for the address. 329 * 330 * If the address is in kernel space (>= TASK_SIZE), then we are 331 * probably faulting in the vmalloc() area. 332 * 333 * If the init_task's first level page tables contains the relevant 334 * entry, we copy the it to this task. If not, we send the process 335 * a signal, fixup the exception, or oops the kernel. 336 * 337 * NOTE! We MUST NOT take any locks for this case. We may be in an 338 * interrupt or a critical region, and should only copy the information 339 * from the master page table, nothing more. 340 */ 341 static int __kprobes 342 do_translation_fault(unsigned long addr, unsigned int fsr, 343 struct pt_regs *regs) 344 { 345 unsigned int index; 346 pgd_t *pgd, *pgd_k; 347 pmd_t *pmd, *pmd_k; 348 349 if (addr < TASK_SIZE) 350 return do_page_fault(addr, fsr, regs); 351 352 index = pgd_index(addr); 353 354 /* 355 * FIXME: CP15 C1 is write only on ARMv3 architectures. 356 */ 357 pgd = cpu_get_pgd() + index; 358 pgd_k = init_mm.pgd + index; 359 360 if (pgd_none(*pgd_k)) 361 goto bad_area; 362 363 if (!pgd_present(*pgd)) 364 set_pgd(pgd, *pgd_k); 365 366 pmd_k = pmd_offset(pgd_k, addr); 367 pmd = pmd_offset(pgd, addr); 368 369 if (pmd_none(*pmd_k)) 370 goto bad_area; 371 372 copy_pmd(pmd, pmd_k); 373 return 0; 374 375 bad_area: 376 do_bad_area(addr, fsr, regs); 377 return 0; 378 } 379 380 /* 381 * Some section permission faults need to be handled gracefully. 382 * They can happen due to a __{get,put}_user during an oops. 383 */ 384 static int 385 do_sect_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 386 { 387 do_bad_area(addr, fsr, regs); 388 return 0; 389 } 390 391 /* 392 * This abort handler always returns "fault". 393 */ 394 static int 395 do_bad(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 396 { 397 return 1; 398 } 399 400 static struct fsr_info { 401 int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs); 402 int sig; 403 int code; 404 const char *name; 405 } fsr_info[] = { 406 /* 407 * The following are the standard ARMv3 and ARMv4 aborts. ARMv5 408 * defines these to be "precise" aborts. 409 */ 410 { do_bad, SIGSEGV, 0, "vector exception" }, 411 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 412 { do_bad, SIGKILL, 0, "terminal exception" }, 413 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 414 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 415 { do_translation_fault, SIGSEGV, SEGV_MAPERR, "section translation fault" }, 416 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 417 { do_page_fault, SIGSEGV, SEGV_MAPERR, "page translation fault" }, 418 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 419 { do_bad, SIGSEGV, SEGV_ACCERR, "section domain fault" }, 420 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 421 { do_bad, SIGSEGV, SEGV_ACCERR, "page domain fault" }, 422 { do_bad, SIGBUS, 0, "external abort on translation" }, 423 { do_sect_fault, SIGSEGV, SEGV_ACCERR, "section permission fault" }, 424 { do_bad, SIGBUS, 0, "external abort on translation" }, 425 { do_page_fault, SIGSEGV, SEGV_ACCERR, "page permission fault" }, 426 /* 427 * The following are "imprecise" aborts, which are signalled by bit 428 * 10 of the FSR, and may not be recoverable. These are only 429 * supported if the CPU abort handler supports bit 10. 430 */ 431 { do_bad, SIGBUS, 0, "unknown 16" }, 432 { do_bad, SIGBUS, 0, "unknown 17" }, 433 { do_bad, SIGBUS, 0, "unknown 18" }, 434 { do_bad, SIGBUS, 0, "unknown 19" }, 435 { do_bad, SIGBUS, 0, "lock abort" }, /* xscale */ 436 { do_bad, SIGBUS, 0, "unknown 21" }, 437 { do_bad, SIGBUS, BUS_OBJERR, "imprecise external abort" }, /* xscale */ 438 { do_bad, SIGBUS, 0, "unknown 23" }, 439 { do_bad, SIGBUS, 0, "dcache parity error" }, /* xscale */ 440 { do_bad, SIGBUS, 0, "unknown 25" }, 441 { do_bad, SIGBUS, 0, "unknown 26" }, 442 { do_bad, SIGBUS, 0, "unknown 27" }, 443 { do_bad, SIGBUS, 0, "unknown 28" }, 444 { do_bad, SIGBUS, 0, "unknown 29" }, 445 { do_bad, SIGBUS, 0, "unknown 30" }, 446 { do_bad, SIGBUS, 0, "unknown 31" } 447 }; 448 449 void __init 450 hook_fault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *), 451 int sig, const char *name) 452 { 453 if (nr >= 0 && nr < ARRAY_SIZE(fsr_info)) { 454 fsr_info[nr].fn = fn; 455 fsr_info[nr].sig = sig; 456 fsr_info[nr].name = name; 457 } 458 } 459 460 /* 461 * Dispatch a data abort to the relevant handler. 462 */ 463 asmlinkage void __exception 464 do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 465 { 466 const struct fsr_info *inf = fsr_info + (fsr & 15) + ((fsr & (1 << 10)) >> 6); 467 struct siginfo info; 468 469 if (!inf->fn(addr, fsr, regs)) 470 return; 471 472 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", 473 inf->name, fsr, addr); 474 475 info.si_signo = inf->sig; 476 info.si_errno = 0; 477 info.si_code = inf->code; 478 info.si_addr = (void __user *)addr; 479 arm_notify_die("", regs, &info, fsr, 0); 480 } 481 482 asmlinkage void __exception 483 do_PrefetchAbort(unsigned long addr, struct pt_regs *regs) 484 { 485 do_translation_fault(addr, 0, regs); 486 } 487 488