1 /* 2 * linux/arch/arm/mm/fault.c 3 * 4 * Copyright (C) 1995 Linus Torvalds 5 * Modifications for ARM processor (c) 1995-2004 Russell King 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 #include <linux/config.h> 12 #include <linux/module.h> 13 #include <linux/signal.h> 14 #include <linux/ptrace.h> 15 #include <linux/mm.h> 16 #include <linux/init.h> 17 18 #include <asm/system.h> 19 #include <asm/pgtable.h> 20 #include <asm/tlbflush.h> 21 #include <asm/uaccess.h> 22 23 #include "fault.h" 24 25 /* 26 * This is useful to dump out the page tables associated with 27 * 'addr' in mm 'mm'. 28 */ 29 void show_pte(struct mm_struct *mm, unsigned long addr) 30 { 31 pgd_t *pgd; 32 33 if (!mm) 34 mm = &init_mm; 35 36 printk(KERN_ALERT "pgd = %p\n", mm->pgd); 37 pgd = pgd_offset(mm, addr); 38 printk(KERN_ALERT "[%08lx] *pgd=%08lx", addr, pgd_val(*pgd)); 39 40 do { 41 pmd_t *pmd; 42 pte_t *pte; 43 44 if (pgd_none(*pgd)) 45 break; 46 47 if (pgd_bad(*pgd)) { 48 printk("(bad)"); 49 break; 50 } 51 52 pmd = pmd_offset(pgd, addr); 53 #if PTRS_PER_PMD != 1 54 printk(", *pmd=%08lx", pmd_val(*pmd)); 55 #endif 56 57 if (pmd_none(*pmd)) 58 break; 59 60 if (pmd_bad(*pmd)) { 61 printk("(bad)"); 62 break; 63 } 64 65 #ifndef CONFIG_HIGHMEM 66 /* We must not map this if we have highmem enabled */ 67 pte = pte_offset_map(pmd, addr); 68 printk(", *pte=%08lx", pte_val(*pte)); 69 printk(", *ppte=%08lx", pte_val(pte[-PTRS_PER_PTE])); 70 pte_unmap(pte); 71 #endif 72 } while(0); 73 74 printk("\n"); 75 } 76 77 /* 78 * Oops. The kernel tried to access some page that wasn't present. 79 */ 80 static void 81 __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 82 struct pt_regs *regs) 83 { 84 /* 85 * Are we prepared to handle this kernel fault? 86 */ 87 if (fixup_exception(regs)) 88 return; 89 90 /* 91 * No handler, we'll have to terminate things with extreme prejudice. 92 */ 93 bust_spinlocks(1); 94 printk(KERN_ALERT 95 "Unable to handle kernel %s at virtual address %08lx\n", 96 (addr < PAGE_SIZE) ? "NULL pointer dereference" : 97 "paging request", addr); 98 99 show_pte(mm, addr); 100 die("Oops", regs, fsr); 101 bust_spinlocks(0); 102 do_exit(SIGKILL); 103 } 104 105 /* 106 * Something tried to access memory that isn't in our memory map.. 107 * User mode accesses just cause a SIGSEGV 108 */ 109 static void 110 __do_user_fault(struct task_struct *tsk, unsigned long addr, 111 unsigned int fsr, unsigned int sig, int code, 112 struct pt_regs *regs) 113 { 114 struct siginfo si; 115 116 #ifdef CONFIG_DEBUG_USER 117 if (user_debug & UDBG_SEGV) { 118 printk(KERN_DEBUG "%s: unhandled page fault (%d) at 0x%08lx, code 0x%03x\n", 119 tsk->comm, sig, addr, fsr); 120 show_pte(tsk->mm, addr); 121 show_regs(regs); 122 } 123 #endif 124 125 tsk->thread.address = addr; 126 tsk->thread.error_code = fsr; 127 tsk->thread.trap_no = 14; 128 si.si_signo = sig; 129 si.si_errno = 0; 130 si.si_code = code; 131 si.si_addr = (void __user *)addr; 132 force_sig_info(sig, &si, tsk); 133 } 134 135 void 136 do_bad_area(struct task_struct *tsk, struct mm_struct *mm, unsigned long addr, 137 unsigned int fsr, struct pt_regs *regs) 138 { 139 /* 140 * If we are in kernel mode at this point, we 141 * have no context to handle this fault with. 142 */ 143 if (user_mode(regs)) 144 __do_user_fault(tsk, addr, fsr, SIGSEGV, SEGV_MAPERR, regs); 145 else 146 __do_kernel_fault(mm, addr, fsr, regs); 147 } 148 149 #define VM_FAULT_BADMAP (-20) 150 #define VM_FAULT_BADACCESS (-21) 151 152 static int 153 __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, 154 struct task_struct *tsk) 155 { 156 struct vm_area_struct *vma; 157 int fault, mask; 158 159 vma = find_vma(mm, addr); 160 fault = VM_FAULT_BADMAP; 161 if (!vma) 162 goto out; 163 if (vma->vm_start > addr) 164 goto check_stack; 165 166 /* 167 * Ok, we have a good vm_area for this 168 * memory access, so we can handle it. 169 */ 170 good_area: 171 if (fsr & (1 << 11)) /* write? */ 172 mask = VM_WRITE; 173 else 174 mask = VM_READ|VM_EXEC; 175 176 fault = VM_FAULT_BADACCESS; 177 if (!(vma->vm_flags & mask)) 178 goto out; 179 180 /* 181 * If for any reason at all we couldn't handle 182 * the fault, make sure we exit gracefully rather 183 * than endlessly redo the fault. 184 */ 185 survive: 186 fault = handle_mm_fault(mm, vma, addr & PAGE_MASK, fsr & (1 << 11)); 187 188 /* 189 * Handle the "normal" cases first - successful and sigbus 190 */ 191 switch (fault) { 192 case VM_FAULT_MAJOR: 193 tsk->maj_flt++; 194 return fault; 195 case VM_FAULT_MINOR: 196 tsk->min_flt++; 197 case VM_FAULT_SIGBUS: 198 return fault; 199 } 200 201 if (tsk->pid != 1) 202 goto out; 203 204 /* 205 * If we are out of memory for pid1, sleep for a while and retry 206 */ 207 up_read(&mm->mmap_sem); 208 yield(); 209 down_read(&mm->mmap_sem); 210 goto survive; 211 212 check_stack: 213 if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr)) 214 goto good_area; 215 out: 216 return fault; 217 } 218 219 static int 220 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 221 { 222 struct task_struct *tsk; 223 struct mm_struct *mm; 224 int fault, sig, code; 225 226 tsk = current; 227 mm = tsk->mm; 228 229 /* 230 * If we're in an interrupt or have no user 231 * context, we must not take the fault.. 232 */ 233 if (in_interrupt() || !mm) 234 goto no_context; 235 236 /* 237 * As per x86, we may deadlock here. However, since the kernel only 238 * validly references user space from well defined areas of the code, 239 * we can bug out early if this is from code which shouldn't. 240 */ 241 if (!down_read_trylock(&mm->mmap_sem)) { 242 if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) 243 goto no_context; 244 down_read(&mm->mmap_sem); 245 } 246 247 fault = __do_page_fault(mm, addr, fsr, tsk); 248 up_read(&mm->mmap_sem); 249 250 /* 251 * Handle the "normal" case first - VM_FAULT_MAJOR / VM_FAULT_MINOR 252 */ 253 if (fault >= VM_FAULT_MINOR) 254 return 0; 255 256 /* 257 * If we are in kernel mode at this point, we 258 * have no context to handle this fault with. 259 */ 260 if (!user_mode(regs)) 261 goto no_context; 262 263 switch (fault) { 264 case VM_FAULT_OOM: 265 /* 266 * We ran out of memory, or some other thing 267 * happened to us that made us unable to handle 268 * the page fault gracefully. 269 */ 270 printk("VM: killing process %s\n", tsk->comm); 271 do_exit(SIGKILL); 272 return 0; 273 274 case VM_FAULT_SIGBUS: 275 /* 276 * We had some memory, but were unable to 277 * successfully fix up this page fault. 278 */ 279 sig = SIGBUS; 280 code = BUS_ADRERR; 281 break; 282 283 default: 284 /* 285 * Something tried to access memory that 286 * isn't in our memory map.. 287 */ 288 sig = SIGSEGV; 289 code = fault == VM_FAULT_BADACCESS ? 290 SEGV_ACCERR : SEGV_MAPERR; 291 break; 292 } 293 294 __do_user_fault(tsk, addr, fsr, sig, code, regs); 295 return 0; 296 297 no_context: 298 __do_kernel_fault(mm, addr, fsr, regs); 299 return 0; 300 } 301 302 /* 303 * First Level Translation Fault Handler 304 * 305 * We enter here because the first level page table doesn't contain 306 * a valid entry for the address. 307 * 308 * If the address is in kernel space (>= TASK_SIZE), then we are 309 * probably faulting in the vmalloc() area. 310 * 311 * If the init_task's first level page tables contains the relevant 312 * entry, we copy the it to this task. If not, we send the process 313 * a signal, fixup the exception, or oops the kernel. 314 * 315 * NOTE! We MUST NOT take any locks for this case. We may be in an 316 * interrupt or a critical region, and should only copy the information 317 * from the master page table, nothing more. 318 */ 319 static int 320 do_translation_fault(unsigned long addr, unsigned int fsr, 321 struct pt_regs *regs) 322 { 323 struct task_struct *tsk; 324 unsigned int index; 325 pgd_t *pgd, *pgd_k; 326 pmd_t *pmd, *pmd_k; 327 328 if (addr < TASK_SIZE) 329 return do_page_fault(addr, fsr, regs); 330 331 index = pgd_index(addr); 332 333 /* 334 * FIXME: CP15 C1 is write only on ARMv3 architectures. 335 */ 336 pgd = cpu_get_pgd() + index; 337 pgd_k = init_mm.pgd + index; 338 339 if (pgd_none(*pgd_k)) 340 goto bad_area; 341 342 if (!pgd_present(*pgd)) 343 set_pgd(pgd, *pgd_k); 344 345 pmd_k = pmd_offset(pgd_k, addr); 346 pmd = pmd_offset(pgd, addr); 347 348 if (pmd_none(*pmd_k)) 349 goto bad_area; 350 351 copy_pmd(pmd, pmd_k); 352 return 0; 353 354 bad_area: 355 tsk = current; 356 357 do_bad_area(tsk, tsk->active_mm, addr, fsr, regs); 358 return 0; 359 } 360 361 /* 362 * Some section permission faults need to be handled gracefully. 363 * They can happen due to a __{get,put}_user during an oops. 364 */ 365 static int 366 do_sect_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 367 { 368 struct task_struct *tsk = current; 369 do_bad_area(tsk, tsk->active_mm, addr, fsr, regs); 370 return 0; 371 } 372 373 /* 374 * This abort handler always returns "fault". 375 */ 376 static int 377 do_bad(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 378 { 379 return 1; 380 } 381 382 static struct fsr_info { 383 int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs); 384 int sig; 385 int code; 386 const char *name; 387 } fsr_info[] = { 388 /* 389 * The following are the standard ARMv3 and ARMv4 aborts. ARMv5 390 * defines these to be "precise" aborts. 391 */ 392 { do_bad, SIGSEGV, 0, "vector exception" }, 393 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 394 { do_bad, SIGKILL, 0, "terminal exception" }, 395 { do_bad, SIGILL, BUS_ADRALN, "alignment exception" }, 396 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 397 { do_translation_fault, SIGSEGV, SEGV_MAPERR, "section translation fault" }, 398 { do_bad, SIGBUS, 0, "external abort on linefetch" }, 399 { do_page_fault, SIGSEGV, SEGV_MAPERR, "page translation fault" }, 400 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 401 { do_bad, SIGSEGV, SEGV_ACCERR, "section domain fault" }, 402 { do_bad, SIGBUS, 0, "external abort on non-linefetch" }, 403 { do_bad, SIGSEGV, SEGV_ACCERR, "page domain fault" }, 404 { do_bad, SIGBUS, 0, "external abort on translation" }, 405 { do_sect_fault, SIGSEGV, SEGV_ACCERR, "section permission fault" }, 406 { do_bad, SIGBUS, 0, "external abort on translation" }, 407 { do_page_fault, SIGSEGV, SEGV_ACCERR, "page permission fault" }, 408 /* 409 * The following are "imprecise" aborts, which are signalled by bit 410 * 10 of the FSR, and may not be recoverable. These are only 411 * supported if the CPU abort handler supports bit 10. 412 */ 413 { do_bad, SIGBUS, 0, "unknown 16" }, 414 { do_bad, SIGBUS, 0, "unknown 17" }, 415 { do_bad, SIGBUS, 0, "unknown 18" }, 416 { do_bad, SIGBUS, 0, "unknown 19" }, 417 { do_bad, SIGBUS, 0, "lock abort" }, /* xscale */ 418 { do_bad, SIGBUS, 0, "unknown 21" }, 419 { do_bad, SIGBUS, BUS_OBJERR, "imprecise external abort" }, /* xscale */ 420 { do_bad, SIGBUS, 0, "unknown 23" }, 421 { do_bad, SIGBUS, 0, "dcache parity error" }, /* xscale */ 422 { do_bad, SIGBUS, 0, "unknown 25" }, 423 { do_bad, SIGBUS, 0, "unknown 26" }, 424 { do_bad, SIGBUS, 0, "unknown 27" }, 425 { do_bad, SIGBUS, 0, "unknown 28" }, 426 { do_bad, SIGBUS, 0, "unknown 29" }, 427 { do_bad, SIGBUS, 0, "unknown 30" }, 428 { do_bad, SIGBUS, 0, "unknown 31" } 429 }; 430 431 void __init 432 hook_fault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *), 433 int sig, const char *name) 434 { 435 if (nr >= 0 && nr < ARRAY_SIZE(fsr_info)) { 436 fsr_info[nr].fn = fn; 437 fsr_info[nr].sig = sig; 438 fsr_info[nr].name = name; 439 } 440 } 441 442 /* 443 * Dispatch a data abort to the relevant handler. 444 */ 445 asmlinkage void 446 do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) 447 { 448 const struct fsr_info *inf = fsr_info + (fsr & 15) + ((fsr & (1 << 10)) >> 6); 449 struct siginfo info; 450 451 if (!inf->fn(addr, fsr, regs)) 452 return; 453 454 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", 455 inf->name, fsr, addr); 456 457 info.si_signo = inf->sig; 458 info.si_errno = 0; 459 info.si_code = inf->code; 460 info.si_addr = (void __user *)addr; 461 notify_die("", regs, &info, fsr, 0); 462 } 463 464 asmlinkage void 465 do_PrefetchAbort(unsigned long addr, struct pt_regs *regs) 466 { 467 do_translation_fault(addr, 0, regs); 468 } 469 470