1 2 3#include <linux/signal.h> 4#include <linux/sched.h> 5#include <linux/kernel.h> 6#include <linux/errno.h> 7#include <linux/string.h> 8#include <linux/types.h> 9#include <linux/ptrace.h> 10#include <linux/mman.h> 11#include <linux/mm.h> 12#include <linux/interrupt.h> 13 14#include <asm/system.h> 15#include <asm/segment.h> 16#include <asm/pgtable.h> 17#include <asm/uaccess.h> 18#include <asm/svinto.h> 19 20extern void die_if_kernel(const char *,struct pt_regs *,long); 21 22asmlinkage void do_invalid_op (struct pt_regs *, unsigned long); 23asmlinkage void do_page_fault(unsigned long address, struct pt_regs *regs, 24 int error_code); 25 26/* debug of low-level TLB reload */ 27#undef DEBUG 28 29#ifdef DEBUG 30#define D(x) x 31#else 32#define D(x) 33#endif 34 35/* debug of higher-level faults */ 36#define DPG(x) 37 38/* current active page directory */ 39 40volatile pgd_t *current_pgd; 41 42/* fast TLB-fill fault handler 43 * this is called from entry.S with interrupts disabled 44 */ 45 46void 47handle_mmu_bus_fault(struct pt_regs *regs) 48{ 49 int cause, select; 50#ifdef DEBUG 51 int index; 52 int page_id; 53 int acc, inv; 54#endif 55 int miss, we, writeac; 56 pmd_t *pmd; 57 pte_t pte; 58 int errcode; 59 unsigned long address; 60 61 cause = *R_MMU_CAUSE; 62 select = *R_TLB_SELECT; 63 64 address = cause & PAGE_MASK; /* get faulting address */ 65 66#ifdef DEBUG 67 page_id = IO_EXTRACT(R_MMU_CAUSE, page_id, cause); 68 acc = IO_EXTRACT(R_MMU_CAUSE, acc_excp, cause); 69 inv = IO_EXTRACT(R_MMU_CAUSE, inv_excp, cause); 70 index = IO_EXTRACT(R_TLB_SELECT, index, select); 71#endif 72 miss = IO_EXTRACT(R_MMU_CAUSE, miss_excp, cause); 73 we = IO_EXTRACT(R_MMU_CAUSE, we_excp, cause); 74 writeac = IO_EXTRACT(R_MMU_CAUSE, wr_rd, cause); 75 76 77 if(writeac) 78 regs->csrinstr &= ~(1 << 5); 79 80 /* Set errcode's R/W flag according to the mode which caused the 81 * fault 82 */ 83 84 errcode = writeac << 1; 85 86 D(printk("bus_fault from IRP 0x%lx: addr 0x%lx, miss %d, inv %d, we %d, acc %d, dx %d pid %d\n", 87 regs->irp, address, miss, inv, we, acc, index, page_id)); 88 89 /* for a miss, we need to reload the TLB entry */ 90 91 if (miss) { 92 /* see if the pte exists at all 93 * refer through current_pgd, dont use mm->pgd 94 */ 95 96 pmd = (pmd_t *)(current_pgd + pgd_index(address)); 97 if (pmd_none(*pmd)) 98 goto dofault; 99 if (pmd_bad(*pmd)) { 100 printk("bad pgdir entry 0x%lx at 0x%p\n", *(unsigned long*)pmd, pmd); 101 pmd_clear(pmd); 102 return; 103 } 104 pte = *pte_offset(pmd, address); 105 if (!pte_present(pte)) 106 goto dofault; 107 108#ifdef DEBUG 109 printk(" found pte %lx pg %p ", pte_val(pte), pte_page(pte)); 110 if (pte_val(pte) & _PAGE_SILENT_WRITE) 111 printk("Silent-W "); 112 if (pte_val(pte) & _PAGE_KERNEL) 113 printk("Kernel "); 114 if (pte_val(pte) & _PAGE_SILENT_READ) 115 printk("Silent-R "); 116 if (pte_val(pte) & _PAGE_GLOBAL) 117 printk("Global "); 118 if (pte_val(pte) & _PAGE_PRESENT) 119 printk("Present "); 120 if (pte_val(pte) & _PAGE_ACCESSED) 121 printk("Accessed "); 122 if (pte_val(pte) & _PAGE_MODIFIED) 123 printk("Modified "); 124 if (pte_val(pte) & _PAGE_READ) 125 printk("Readable "); 126 if (pte_val(pte) & _PAGE_WRITE) 127 printk("Writeable "); 128 printk("\n"); 129#endif 130 131 /* load up the chosen TLB entry 132 * this assumes the pte format is the same as the TLB_LO layout. 133 * 134 * the write to R_TLB_LO also writes the vpn and page_id fields from 135 * R_MMU_CAUSE, which we in this case obviously want to keep 136 */ 137 138 *R_TLB_LO = pte_val(pte); 139 140 return; 141 } 142 143 errcode = 1 | (we << 1); 144 145 dofault: 146 /* leave it to the MM system fault handler below */ 147 D(printk("do_page_fault %lx errcode %d\n", address, errcode)); 148 do_page_fault(address, regs, errcode); 149} 150 151/* 152 * This routine handles page faults. It determines the address, 153 * and the problem, and then passes it off to one of the appropriate 154 * routines. 155 * 156 * Notice that the address we're given is aligned to the page the fault 157 * occurred in, since we only get the PFN in R_MMU_CAUSE not the complete 158 * address. 159 * 160 * error_code: 161 * bit 0 == 0 means no page found, 1 means protection fault 162 * bit 1 == 0 means read, 1 means write 163 * 164 * If this routine detects a bad access, it returns 1, otherwise it 165 * returns 0. 166 */ 167 168asmlinkage void 169do_page_fault(unsigned long address, struct pt_regs *regs, 170 int error_code) 171{ 172 struct task_struct *tsk; 173 struct mm_struct *mm; 174 struct vm_area_struct * vma; 175 int writeaccess; 176 unsigned long fixup; 177 siginfo_t info; 178 179 tsk = current; 180 181 /* 182 * We fault-in kernel-space virtual memory on-demand. The 183 * 'reference' page table is init_mm.pgd. 184 * 185 * NOTE! We MUST NOT take any locks for this case. We may 186 * be in an interrupt or a critical region, and should 187 * only copy the information from the master page table, 188 * nothing more. 189 * 190 * NOTE2: This is done so that, when updating the vmalloc 191 * mappings we don't have to walk all processes pgdirs and 192 * add the high mappings all at once. Instead we do it as they 193 * are used. However vmalloc'ed page entries have the PAGE_GLOBAL 194 * bit set so sometimes the TLB can use a lingering entry. 195 * 196 * This verifies that the fault happens in kernel space 197 * and that the fault was not a protection error (error_code & 1). 198 */ 199 200 if (address >= VMALLOC_START && 201 !(error_code & 1) && 202 !user_mode(regs)) 203 goto vmalloc_fault; 204 205 /* we can and should enable interrupts at this point */ 206 sti(); 207 208 mm = tsk->mm; 209 writeaccess = error_code & 2; 210 info.si_code = SEGV_MAPERR; 211 212 /* 213 * If we're in an interrupt or have no user 214 * context, we must not take the fault.. 215 */ 216 217 if (in_interrupt() || !mm) 218 goto no_context; 219 220 down_read(&mm->mmap_sem); 221 vma = find_vma(mm, address); 222 if (!vma) 223 goto bad_area; 224 if (vma->vm_start <= address) 225 goto good_area; 226 if (!(vma->vm_flags & VM_GROWSDOWN)) 227 goto bad_area; 228 if (user_mode(regs)) { 229 /* 230 * accessing the stack below usp is always a bug. 231 * we get page-aligned addresses so we can only check 232 * if we're within a page from usp, but that might be 233 * enough to catch brutal errors at least. 234 */ 235 if (address + PAGE_SIZE < rdusp()) 236 goto bad_area; 237 } 238 if (expand_stack(vma, address)) 239 goto bad_area; 240 241 /* 242 * Ok, we have a good vm_area for this memory access, so 243 * we can handle it.. 244 */ 245 246 good_area: 247 info.si_code = SEGV_ACCERR; 248 249 /* first do some preliminary protection checks */ 250 251 if (writeaccess) { 252 if (!(vma->vm_flags & VM_WRITE)) 253 goto bad_area; 254 } else { 255 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) 256 goto bad_area; 257 } 258 259 /* 260 * If for any reason at all we couldn't handle the fault, 261 * make sure we exit gracefully rather than endlessly redo 262 * the fault. 263 */ 264 265 switch (handle_mm_fault(mm, vma, address, writeaccess)) { 266 case 1: 267 tsk->min_flt++; 268 break; 269 case 2: 270 tsk->maj_flt++; 271 break; 272 case 0: 273 goto do_sigbus; 274 default: 275 goto out_of_memory; 276 } 277 278 up_read(&mm->mmap_sem); 279 return; 280 281 /* 282 * Something tried to access memory that isn't in our memory map.. 283 * Fix it, but check if it's kernel or user first.. 284 */ 285 286 bad_area: 287 up_read(&mm->mmap_sem); 288 289 bad_area_nosemaphore: 290 DPG(show_registers(regs)); 291 292 /* User mode accesses just cause a SIGSEGV */ 293 294 if (user_mode(regs)) { 295 info.si_signo = SIGSEGV; 296 info.si_errno = 0; 297 /* info.si_code has been set above */ 298 info.si_addr = (void *)address; 299 force_sig_info(SIGSEGV, &info, tsk); 300 return; 301 } 302 303 no_context: 304 305 /* Are we prepared to handle this kernel fault? 306 * 307 * (The kernel has valid exception-points in the source 308 * when it acesses user-memory. When it fails in one 309 * of those points, we find it in a table and do a jump 310 * to some fixup code that loads an appropriate error 311 * code) 312 */ 313 314 if ((fixup = search_exception_table(regs->irp)) != 0) { 315 /* Adjust the instruction pointer in the stackframe */ 316 317 regs->irp = fixup; 318 319 /* We do not want to return by restoring the CPU-state 320 * anymore, so switch frame-types (see ptrace.h) 321 */ 322 323 regs->frametype = CRIS_FRAME_NORMAL; 324 325 D(printk("doing fixup to 0x%lx\n", fixup)); 326 return; 327 } 328 329 /* 330 * Oops. The kernel tried to access some bad page. We'll have to 331 * terminate things with extreme prejudice. 332 */ 333 334 if ((unsigned long) (address) < PAGE_SIZE) 335 printk(KERN_ALERT "Unable to handle kernel NULL pointer dereference"); 336 else 337 printk(KERN_ALERT "Unable to handle kernel access"); 338 printk(" at virtual address %08lx\n",address); 339 340 die_if_kernel("Oops", regs, error_code); 341 342 do_exit(SIGKILL); 343 344 /* 345 * We ran out of memory, or some other thing happened to us that made 346 * us unable to handle the page fault gracefully. 347 */ 348 349 out_of_memory: 350 up_read(&mm->mmap_sem); 351 printk("VM: killing process %s\n", tsk->comm); 352 if (user_mode(regs)) 353 do_exit(SIGKILL); 354 goto no_context; 355 356 do_sigbus: 357 up_read(&mm->mmap_sem); 358 359 /* 360 * Send a sigbus, regardless of whether we were in kernel 361 * or user mode. 362 */ 363 info.si_signo = SIGBUS; 364 info.si_errno = 0; 365 info.si_code = BUS_ADRERR; 366 info.si_addr = (void *)address; 367 force_sig_info(SIGBUS, &info, tsk); 368 369 /* Kernel mode? Handle exceptions or die */ 370 if (!user_mode(regs)) 371 goto no_context; 372 return; 373 374vmalloc_fault: 375 { 376 /* 377 * Synchronize this task's top level page-table 378 * with the 'reference' page table. 379 * 380 * Use current_pgd instead of tsk->active_mm->pgd 381 * since the latter might be unavailable if this 382 * code is executed in a misfortunately run irq 383 * (like inside schedule() between switch_mm and 384 * switch_to...). 385 */ 386 387 int offset = pgd_index(address); 388 pgd_t *pgd, *pgd_k; 389 pmd_t *pmd, *pmd_k; 390 pte_t *pte_k; 391 392 pgd = (pgd_t *)current_pgd + offset; 393 pgd_k = init_mm.pgd + offset; 394 395 /* Since we're two-level, we don't need to do both 396 * set_pgd and set_pmd (they do the same thing). If 397 * we go three-level at some point, do the right thing 398 * with pgd_present and set_pgd here. 399 * 400 * Also, since the vmalloc area is global, we don't 401 * need to copy individual PTE's, it is enough to 402 * copy the pgd pointer into the pte page of the 403 * root task. If that is there, we'll find our pte if 404 * it exists. 405 */ 406 407 pmd = pmd_offset(pgd, address); 408 pmd_k = pmd_offset(pgd_k, address); 409 410 if (!pmd_present(*pmd_k)) 411 goto bad_area_nosemaphore; 412 413 set_pmd(pmd, *pmd_k); 414 415 /* Make sure the actual PTE exists as well to 416 * catch kernel vmalloc-area accesses to non-mapped 417 * addresses. If we don't do this, this will just 418 * silently loop forever. 419 */ 420 421 pte_k = pte_offset(pmd_k, address); 422 if (!pte_present(*pte_k)) 423 goto no_context; 424 425 return; 426 } 427} 428