xref: /openbmc/linux/arch/microblaze/mm/fault.c (revision e8e0929d) 
1 /*
2  *  arch/microblaze/mm/fault.c
3  *
4  *    Copyright (C) 2007 Xilinx, Inc.  All rights reserved.
5  *
6  *  Derived from "arch/ppc/mm/fault.c"
7  *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
8  *
9  *  Derived from "arch/i386/mm/fault.c"
10  *    Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
11  *
12  *  Modified by Cort Dougan and Paul Mackerras.
13  *
14  * This file is subject to the terms and conditions of the GNU General
15  * Public License.  See the file COPYING in the main directory of this
16  * archive for more details.
17  *
18  */
19 
20 #include <linux/module.h>
21 #include <linux/signal.h>
22 #include <linux/sched.h>
23 #include <linux/kernel.h>
24 #include <linux/errno.h>
25 #include <linux/string.h>
26 #include <linux/types.h>
27 #include <linux/ptrace.h>
28 #include <linux/mman.h>
29 #include <linux/mm.h>
30 #include <linux/interrupt.h>
31 
32 #include <asm/page.h>
33 #include <asm/pgtable.h>
34 #include <asm/mmu.h>
35 #include <asm/mmu_context.h>
36 #include <asm/system.h>
37 #include <linux/uaccess.h>
38 #include <asm/exceptions.h>
39 
40 #if defined(CONFIG_KGDB)
41 int debugger_kernel_faults = 1;
42 #endif
43 
44 static unsigned long pte_misses;	/* updated by do_page_fault() */
45 static unsigned long pte_errors;	/* updated by do_page_fault() */
46 
47 /*
48  * Check whether the instruction at regs->pc is a store using
49  * an update addressing form which will update r1.
50  */
51 static int store_updates_sp(struct pt_regs *regs)
52 {
53 	unsigned int inst;
54 
55 	if (get_user(inst, (unsigned int *)regs->pc))
56 		return 0;
57 	/* check for 1 in the rD field */
58 	if (((inst >> 21) & 0x1f) != 1)
59 		return 0;
60 	/* check for store opcodes */
61 	if ((inst & 0xd0000000) == 0xd0000000)
62 		return 1;
63 	return 0;
64 }
65 
66 
67 /*
68  * bad_page_fault is called when we have a bad access from the kernel.
69  * It is called from do_page_fault above and from some of the procedures
70  * in traps.c.
71  */
72 void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
73 {
74 	const struct exception_table_entry *fixup;
75 /* MS: no context */
76 	/* Are we prepared to handle this fault?  */
77 	fixup = search_exception_tables(regs->pc);
78 	if (fixup) {
79 		regs->pc = fixup->fixup;
80 		return;
81 	}
82 
83 	/* kernel has accessed a bad area */
84 #if defined(CONFIG_KGDB)
85 	if (debugger_kernel_faults)
86 		debugger(regs);
87 #endif
88 	die("kernel access of bad area", regs, sig);
89 }
90 
91 /*
92  * The error_code parameter is ESR for a data fault,
93  * 0 for an instruction fault.
94  */
95 void do_page_fault(struct pt_regs *regs, unsigned long address,
96 		   unsigned long error_code)
97 {
98 	struct vm_area_struct *vma;
99 	struct mm_struct *mm = current->mm;
100 	siginfo_t info;
101 	int code = SEGV_MAPERR;
102 	int is_write = error_code & ESR_S;
103 	int fault;
104 
105 	regs->ear = address;
106 	regs->esr = error_code;
107 
108 	/* On a kernel SLB miss we can only check for a valid exception entry */
109 	if (kernel_mode(regs) && (address >= TASK_SIZE)) {
110 		printk(KERN_WARNING "kernel task_size exceed");
111 		_exception(SIGSEGV, regs, code, address);
112 	}
113 
114 	/* for instr TLB miss and instr storage exception ESR_S is undefined */
115 	if ((error_code & 0x13) == 0x13 || (error_code & 0x11) == 0x11)
116 		is_write = 0;
117 
118 #if defined(CONFIG_KGDB)
119 	if (debugger_fault_handler && regs->trap == 0x300) {
120 		debugger_fault_handler(regs);
121 		return;
122 	}
123 #endif /* CONFIG_KGDB */
124 
125 	if (in_atomic() || !mm) {
126 		if (kernel_mode(regs))
127 			goto bad_area_nosemaphore;
128 
129 		/* in_atomic() in user mode is really bad,
130 		   as is current->mm == NULL. */
131 		printk(KERN_EMERG "Page fault in user mode with "
132 		       "in_atomic(), mm = %p\n", mm);
133 		printk(KERN_EMERG "r15 = %lx  MSR = %lx\n",
134 		       regs->r15, regs->msr);
135 		die("Weird page fault", regs, SIGSEGV);
136 	}
137 
138 	/* When running in the kernel we expect faults to occur only to
139 	 * addresses in user space.  All other faults represent errors in the
140 	 * kernel and should generate an OOPS.  Unfortunately, in the case of an
141 	 * erroneous fault occurring in a code path which already holds mmap_sem
142 	 * we will deadlock attempting to validate the fault against the
143 	 * address space.  Luckily the kernel only validly references user
144 	 * space from well defined areas of code, which are listed in the
145 	 * exceptions table.
146 	 *
147 	 * As the vast majority of faults will be valid we will only perform
148 	 * the source reference check when there is a possibility of a deadlock.
149 	 * Attempt to lock the address space, if we cannot we then validate the
150 	 * source.  If this is invalid we can skip the address space check,
151 	 * thus avoiding the deadlock.
152 	 */
153 	if (!down_read_trylock(&mm->mmap_sem)) {
154 		if (kernel_mode(regs) && !search_exception_tables(regs->pc))
155 			goto bad_area_nosemaphore;
156 
157 		down_read(&mm->mmap_sem);
158 	}
159 
160 	vma = find_vma(mm, address);
161 	if (!vma)
162 		goto bad_area;
163 
164 	if (vma->vm_start <= address)
165 		goto good_area;
166 
167 	if (!(vma->vm_flags & VM_GROWSDOWN))
168 		goto bad_area;
169 
170 	if (!is_write)
171 		goto bad_area;
172 
173 	/*
174 	 * N.B. The ABI allows programs to access up to
175 	 * a few hundred bytes below the stack pointer (TBD).
176 	 * The kernel signal delivery code writes up to about 1.5kB
177 	 * below the stack pointer (r1) before decrementing it.
178 	 * The exec code can write slightly over 640kB to the stack
179 	 * before setting the user r1.  Thus we allow the stack to
180 	 * expand to 1MB without further checks.
181 	 */
182 	if (address + 0x100000 < vma->vm_end) {
183 
184 		/* get user regs even if this fault is in kernel mode */
185 		struct pt_regs *uregs = current->thread.regs;
186 		if (uregs == NULL)
187 			goto bad_area;
188 
189 		/*
190 		 * A user-mode access to an address a long way below
191 		 * the stack pointer is only valid if the instruction
192 		 * is one which would update the stack pointer to the
193 		 * address accessed if the instruction completed,
194 		 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
195 		 * (or the byte, halfword, float or double forms).
196 		 *
197 		 * If we don't check this then any write to the area
198 		 * between the last mapped region and the stack will
199 		 * expand the stack rather than segfaulting.
200 		 */
201 		if (address + 2048 < uregs->r1
202 			&& (kernel_mode(regs) || !store_updates_sp(regs)))
203 				goto bad_area;
204 	}
205 	if (expand_stack(vma, address))
206 		goto bad_area;
207 
208 good_area:
209 	code = SEGV_ACCERR;
210 
211 	/* a write */
212 	if (is_write) {
213 		if (!(vma->vm_flags & VM_WRITE))
214 			goto bad_area;
215 	/* a read */
216 	} else {
217 		/* protection fault */
218 		if (error_code & 0x08000000)
219 			goto bad_area;
220 		if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
221 			goto bad_area;
222 	}
223 
224 	/*
225 	 * If for any reason at all we couldn't handle the fault,
226 	 * make sure we exit gracefully rather than endlessly redo
227 	 * the fault.
228 	 */
229 survive:
230 	fault = handle_mm_fault(mm, vma, address, is_write ? FAULT_FLAG_WRITE : 0);
231 	if (unlikely(fault & VM_FAULT_ERROR)) {
232 		if (fault & VM_FAULT_OOM)
233 			goto out_of_memory;
234 		else if (fault & VM_FAULT_SIGBUS)
235 			goto do_sigbus;
236 		BUG();
237 	}
238 	if (fault & VM_FAULT_MAJOR)
239 		current->maj_flt++;
240 	else
241 		current->min_flt++;
242 	up_read(&mm->mmap_sem);
243 	/*
244 	 * keep track of tlb+htab misses that are good addrs but
245 	 * just need pte's created via handle_mm_fault()
246 	 * -- Cort
247 	 */
248 	pte_misses++;
249 	return;
250 
251 bad_area:
252 	up_read(&mm->mmap_sem);
253 
254 bad_area_nosemaphore:
255 	pte_errors++;
256 
257 	/* User mode accesses cause a SIGSEGV */
258 	if (user_mode(regs)) {
259 		_exception(SIGSEGV, regs, code, address);
260 /*		info.si_signo = SIGSEGV;
261 		info.si_errno = 0;
262 		info.si_code = code;
263 		info.si_addr = (void *) address;
264 		force_sig_info(SIGSEGV, &info, current);*/
265 		return;
266 	}
267 
268 	bad_page_fault(regs, address, SIGSEGV);
269 	return;
270 
271 /*
272  * We ran out of memory, or some other thing happened to us that made
273  * us unable to handle the page fault gracefully.
274  */
275 out_of_memory:
276 	if (current->pid == 1) {
277 		yield();
278 		down_read(&mm->mmap_sem);
279 		goto survive;
280 	}
281 	up_read(&mm->mmap_sem);
282 	printk(KERN_WARNING "VM: killing process %s\n", current->comm);
283 	if (user_mode(regs))
284 		do_exit(SIGKILL);
285 	bad_page_fault(regs, address, SIGKILL);
286 	return;
287 
288 do_sigbus:
289 	up_read(&mm->mmap_sem);
290 	if (user_mode(regs)) {
291 		info.si_signo = SIGBUS;
292 		info.si_errno = 0;
293 		info.si_code = BUS_ADRERR;
294 		info.si_addr = (void __user *)address;
295 		force_sig_info(SIGBUS, &info, current);
296 		return;
297 	}
298 	bad_page_fault(regs, address, SIGBUS);
299 }
300