1 /* 2 * linux/arch/arm/mm/fault.c 3 * 4 * Copyright (C) 1995 Linus Torvalds 5 * Modifications for ARM processor (c) 1995-2004 Russell King 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 #include <linux/module.h> 12 #include <linux/signal.h> 13 #include <linux/mm.h> 14 #include <linux/hardirq.h> 15 #include <linux/init.h> 16 #include <linux/kprobes.h> 17 #include <linux/uaccess.h> 18 #include <linux/page-flags.h> 19 #include <linux/sched.h> 20 #include <linux/highmem.h> 21 22 #include <asm/system.h> 23 #include <asm/pgtable.h> 24 #include <asm/tlbflush.h> 25 26 #include "fault.h" 27 28 #ifdef CONFIG_MMU 29 30 #ifdef CONFIG_KPROBES 31 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr) 32 { 33 int ret = 0; 34 35 if (!user_mode(regs)) { 36 /* kprobe_running() needs smp_processor_id() */ 37 preempt_disable(); 38 if (kprobe_running() && kprobe_fault_handler(regs, fsr)) 39 ret = 1; 40 preempt_enable(); 41 } 42 43 return ret; 44 } 45 #else 46 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr) 47 { 48 return 0; 49 } 50 #endif 51 52 /* 53 * This is useful to dump out the page tables associated with 54 * 'addr' in mm 'mm'. 55 */ 56 void show_pte(struct mm_struct *mm, unsigned long addr) 57 { 58 pgd_t *pgd; 59 60 if (!mm) 61 mm = &init_mm; 62 63 printk(KERN_ALERT "pgd = %p\n", mm->pgd); 64 pgd = pgd_offset(mm, addr); 65 printk(KERN_ALERT "[%08lx] *pgd=%08lx", addr, pgd_val(*pgd)); 66 67 do { 68 pmd_t *pmd; 69 pte_t *pte; 70 71 if (pgd_none(*pgd)) 72 break; 73 74 if (pgd_bad(*pgd)) { 75 printk("(bad)"); 76 break; 77 } 78 79 pmd = pmd_offset(pgd, addr); 80 if (PTRS_PER_PMD != 1) 81 printk(", *pmd=%08lx", pmd_val(*pmd)); 82 83 if (pmd_none(*pmd)) 84 break; 85 86 if (pmd_bad(*pmd)) { 87 printk("(bad)"); 88 break; 89 } 90 91 /* We must not map this if we have highmem enabled */ 92 if (PageHighMem(pfn_to_page(pmd_val(*pmd) >> PAGE_SHIFT))) 93 break; 94 95 pte = pte_offset_map(pmd, addr); 96 printk(", *pte=%08lx", pte_val(*pte)); 97 printk(", *ppte=%08lx", pte_val(pte[-PTRS_PER_PTE])); 98 pte_unmap(pte); 99 } while(0); 100 101 printk("\n"); 102 } 103 #else /* CONFIG_MMU */ 104 void show_pte(struct mm_struct *mm, unsigned long addr) 105 { } 106 #endif /* CONFIG_MMU */ 107 108 /* 109 * Oops. The kernel tried to access some page that wasn't present. 110 */ 111 static void 112 __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 113 struct pt_regs *regs) 114 { 115 /* 116 * Are we prepared to handle this kernel fault? 117 */ 118 if (fixup_exception(regs)) 119 return; 120 121 /* 122 * No handler, we'll have to terminate things with extreme prejudice. 123 */ 124 bust_spinlocks(1); 125 printk(KERN_ALERT 126 "Unable to handle kernel %s at virtual address %08lx\n", 127 (addr < PAGE_SIZE) ? "NULL pointer dereference" : 128 "paging request", addr); 129 130 show_pte(mm, addr); 131 die("Oops", regs, fsr); 132 bust_spinlocks(0); 133 do_exit(SIGKILL); 134 } 135 136 /* 137 * Something tried to access memory that isn't in our memory map.. 138 * User mode accesses just cause a SIGSEGV 139 */ 140 static void 141 __do_user_fault(struct task_struct *tsk, unsigned long addr, 142 unsigned int fsr, unsigned int sig, int code, 143 struct pt_regs *regs) 144 { 145 struct siginfo si; 146 147 #ifdef CONFIG_DEBUG_USER 148 if (user_debug & UDBG_SEGV) { 149 printk(KERN_DEBUG "%s: unhandled page fault (%d) at 0x%08lx, code 0x%03x\n", 150 tsk->comm, sig, addr, fsr); 151 show_pte(tsk->mm, addr); 152 show_regs(regs); 153 } 154 #endif 155 156 tsk->thread.address = addr; 157 tsk->thread.error_code = fsr; 158 tsk->thread.trap_no = 14; 159 si.si_signo = sig; 160 si.si_errno = 0; 161 si.si_code = code; 162 si.si_addr = (void __user *)addr; 163 force_sig_info(sig, &si, tsk); 164 } 165 166 void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 167 { 168 struct task_struct *tsk = current; 169 struct mm_struct *mm = tsk->active_mm; 170 171 /* 172 * If we are in kernel mode at this point, we 173 * have no context to handle this fault with. 174 */ 175 if (user_mode(regs)) 176 __do_user_fault(tsk, addr, fsr, SIGSEGV, SEGV_MAPERR, regs); 177 else 178 __do_kernel_fault(mm, addr, fsr, regs); 179 } 180 181 #ifdef CONFIG_MMU 182 #define VM_FAULT_BADMAP 0x010000 183 #define VM_FAULT_BADACCESS 0x020000 184 185 static int 186 __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 187 struct task_struct *tsk) 188 { 189 struct vm_area_struct *vma; 190 int fault, mask; 191 192 vma = find_vma(mm, addr); 193 fault = VM_FAULT_BADMAP; 194 if (!vma) 195 goto out; 196 if (vma->vm_start > addr) 197 goto check_stack; 198 199 /* 200 * Ok, we have a good vm_area for this 201 * memory access, so we can handle it. 202 */ 203 good_area: 204 if (fsr & (1 << 11)) /* write? */ 205 mask = VM_WRITE; 206 else 207 mask = VM_READ|VM_EXEC|VM_WRITE; 208 209 fault = VM_FAULT_BADACCESS; 210 if (!(vma->vm_flags & mask)) 211 goto out; 212 213 /* 214 * If for any reason at all we couldn't handle 215 * the fault, make sure we exit gracefully rather 216 * than endlessly redo the fault. 217 */ 218 survive: 219 fault = handle_mm_fault(mm, vma, addr & PAGE_MASK, (fsr & (1 << 11)) ? FAULT_FLAG_WRITE : 0); 220 if (unlikely(fault & VM_FAULT_ERROR)) { 221 if (fault & VM_FAULT_OOM) 222 goto out_of_memory; 223 else if (fault & VM_FAULT_SIGBUS) 224 return fault; 225 BUG(); 226 } 227 if (fault & VM_FAULT_MAJOR) 228 tsk->maj_flt++; 229 else 230 tsk->min_flt++; 231 return fault; 232 233 out_of_memory: 234 if (!is_global_init(tsk)) 235 goto out; 236 237 /* 238 * If we are out of memory for pid1, sleep for a while and retry 239 */ 240 up_read(&mm->mmap_sem); 241 yield(); 242 down_read(&mm->mmap_sem); 243 goto survive; 244 245 check_stack: 246 if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr)) 247 goto good_area; 248 out: 249 return fault; 250 } 251 252 static int __kprobes 253 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 254 { 255 struct task_struct *tsk; 256 struct mm_struct *mm; 257 int fault, sig, code; 258 259 if (notify_page_fault(regs, fsr)) 260 return 0; 261 262 tsk = current; 263 mm = tsk->mm; 264 265 /* 266 * If we're in an interrupt or have no user 267 * context, we must not take the fault.. 268 */ 269 if (in_atomic() || !mm) 270 goto no_context; 271 272 /* 273 * As per x86, we may deadlock here. However, since the kernel only 274 * validly references user space from well defined areas of the code, 275 * we can bug out early if this is from code which shouldn't. 276 */ 277 if (!down_read_trylock(&mm->mmap_sem)) { 278 if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) 279 goto no_context; 280 down_read(&mm->mmap_sem); 281 } 282 283 fault = __do_page_fault(mm, addr, fsr, tsk); 284 up_read(&mm->mmap_sem); 285 286 /* 287 * Handle the "normal" case first - VM_FAULT_MAJOR / VM_FAULT_MINOR 288 */ 289 if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) 290 return 0; 291 292 /* 293 * If we are in kernel mode at this point, we 294 * have no context to handle this fault with. 295 */ 296 if (!user_mode(regs)) 297 goto no_context; 298 299 if (fault & VM_FAULT_OOM) { 300 /* 301 * We ran out of memory, or some other thing 302 * happened to us that made us unable to handle 303 * the page fault gracefully. 304 */ 305 printk("VM: killing process %s\n", tsk->comm); 306 do_group_exit(SIGKILL); 307 return 0; 308 } 309 if (fault & VM_FAULT_SIGBUS) { 310 /* 311 * We had some memory, but were unable to 312 * successfully fix up this page fault. 313 */ 314 sig = SIGBUS; 315 code = BUS_ADRERR; 316 } else { 317 /* 318 * Something tried to access memory that 319 * isn't in our memory map.. 320 */ 321 sig = SIGSEGV; 322 code = fault == VM_FAULT_BADACCESS ? 323 SEGV_ACCERR : SEGV_MAPERR; 324 } 325 326 __do_user_fault(tsk, addr, fsr, sig, code, regs); 327 return 0; 328 329 no_context: 330 __do_kernel_fault(mm, addr, fsr, regs); 331 return 0; 332 } 333 #else /* CONFIG_MMU */ 334 static int 335 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 336 { 337 return 0; 338 } 339 #endif /* CONFIG_MMU */ 340 341 /* 342 * First Level Translation Fault Handler 343 * 344 * We enter here because the first level page table doesn't contain 345 * a valid entry for the address. 346 * 347 * If the address is in kernel space (>= TASK_SIZE), then we are 348 * probably faulting in the vmalloc() area. 349 * 350 * If the init_task's first level page tables contains the relevant 351 * entry, we copy the it to this task. If not, we send the process 352 * a signal, fixup the exception, or oops the kernel. 353 * 354 * NOTE! We MUST NOT take any locks for this case. We may be in an 355 * interrupt or a critical region, and should only copy the information 356 * from the master page table, nothing more. 357 */ 358 #ifdef CONFIG_MMU 359 static int __kprobes 360 do_translation_fault(unsigned long addr, unsigned int fsr, 361 struct pt_regs *regs) 362 { 363 unsigned int index; 364 pgd_t *pgd, *pgd_k; 365 pmd_t *pmd, *pmd_k; 366 367 if (addr < TASK_SIZE) 368 return do_page_fault(addr, fsr, regs); 369 370 index = pgd_index(addr); 371 372 /* 373 * FIXME: CP15 C1 is write only on ARMv3 architectures. 374 */ 375 pgd = cpu_get_pgd() + index; 376 pgd_k = init_mm.pgd + index; 377 378 if (pgd_none(*pgd_k)) 379 goto bad_area; 380 381 if (!pgd_present(*pgd)) 382 set_pgd(pgd, *pgd_k); 383 384 pmd_k = pmd_offset(pgd_k, addr); 385 pmd = pmd_offset(pgd, addr); 386 387 if (pmd_none(*pmd_k)) 388 goto bad_area; 389 390 copy_pmd(pmd, pmd_k); 391 return 0; 392 393 bad_area: 394 do_bad_area(addr, fsr, regs); 395 return 0; 396 } 397 #else /* CONFIG_MMU */ 398 static int 399 do_translation_fault(unsigned long addr, unsigned int fsr, 400 struct pt_regs *regs) 401 { 402 return 0; 403 } 404 #endif /* CONFIG_MMU */ 405 406 /* 407 * Some section permission faults need to be handled gracefully. 408 * They can happen due to a __{get,put}_user during an oops. 409 */ 410 static int 411 do_sect_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 412 { 413 do_bad_area(addr, fsr, regs); 414 return 0; 415 } 416 417 /* 418 * This abort handler always returns "fault". 419 */ 420 static int 421 do_bad(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 422 { 423 return 1; 424 } 425 426 static struct fsr_info { 427 int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs); 428 int sig; 429 int code; 430 const char *name; 431 } fsr_info[] = { 432 /* 433 * The following are the standard ARMv3 and ARMv4 aborts. ARMv5 434 * defines these to be "precise" aborts. 435 */ 436 { do_bad, SIGSEGV, 0, "vector exception" }, 437 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 438 { do_bad, SIGKILL, 0, "terminal exception" }, 439 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 440 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 441 { do_translation_fault, SIGSEGV, SEGV_MAPERR, "section translation fault" }, 442 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 443 { do_page_fault, SIGSEGV, SEGV_MAPERR, "page translation fault" }, 444 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 445 { do_bad, SIGSEGV, SEGV_ACCERR, "section domain fault" }, 446 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 447 { do_bad, SIGSEGV, SEGV_ACCERR, "page domain fault" }, 448 { do_bad, SIGBUS, 0, "external abort on translation" }, 449 { do_sect_fault, SIGSEGV, SEGV_ACCERR, "section permission fault" }, 450 { do_bad, SIGBUS, 0, "external abort on translation" }, 451 { do_page_fault, SIGSEGV, SEGV_ACCERR, "page permission fault" }, 452 /* 453 * The following are "imprecise" aborts, which are signalled by bit 454 * 10 of the FSR, and may not be recoverable. These are only 455 * supported if the CPU abort handler supports bit 10. 456 */ 457 { do_bad, SIGBUS, 0, "unknown 16" }, 458 { do_bad, SIGBUS, 0, "unknown 17" }, 459 { do_bad, SIGBUS, 0, "unknown 18" }, 460 { do_bad, SIGBUS, 0, "unknown 19" }, 461 { do_bad, SIGBUS, 0, "lock abort" }, /* xscale */ 462 { do_bad, SIGBUS, 0, "unknown 21" }, 463 { do_bad, SIGBUS, BUS_OBJERR, "imprecise external abort" }, /* xscale */ 464 { do_bad, SIGBUS, 0, "unknown 23" }, 465 { do_bad, SIGBUS, 0, "dcache parity error" }, /* xscale */ 466 { do_bad, SIGBUS, 0, "unknown 25" }, 467 { do_bad, SIGBUS, 0, "unknown 26" }, 468 { do_bad, SIGBUS, 0, "unknown 27" }, 469 { do_bad, SIGBUS, 0, "unknown 28" }, 470 { do_bad, SIGBUS, 0, "unknown 29" }, 471 { do_bad, SIGBUS, 0, "unknown 30" }, 472 { do_bad, SIGBUS, 0, "unknown 31" } 473 }; 474 475 void __init 476 hook_fault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *), 477 int sig, const char *name) 478 { 479 if (nr >= 0 && nr < ARRAY_SIZE(fsr_info)) { 480 fsr_info[nr].fn = fn; 481 fsr_info[nr].sig = sig; 482 fsr_info[nr].name = name; 483 } 484 } 485 486 /* 487 * Dispatch a data abort to the relevant handler. 488 */ 489 asmlinkage void __exception 490 do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 491 { 492 const struct fsr_info *inf = fsr_info + (fsr & 15) + ((fsr & (1 << 10)) >> 6); 493 struct siginfo info; 494 495 if (!inf->fn(addr, fsr, regs)) 496 return; 497 498 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", 499 inf->name, fsr, addr); 500 501 info.si_signo = inf->sig; 502 info.si_errno = 0; 503 info.si_code = inf->code; 504 info.si_addr = (void __user *)addr; 505 arm_notify_die("", regs, &info, fsr, 0); 506 } 507 508 asmlinkage void __exception 509 do_PrefetchAbort(unsigned long addr, struct pt_regs *regs) 510 { 511 do_translation_fault(addr, 0, regs); 512 } 513 514