2 * linux/arch/arm/mm/fault.c
4 * Copyright (C) 1995 Linus Torvalds
5 * Modifications for ARM processor (c) 1995-2004 Russell King
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 #include <linux/module.h>
12 #include <linux/signal.h>
14 #include <linux/hardirq.h>
15 #include <linux/init.h>
16 #include <linux/kprobes.h>
17 #include <linux/uaccess.h>
18 #include <linux/page-flags.h>
19 #include <linux/sched.h>
20 #include <linux/highmem.h>
21 #include <linux/perf_event.h>
23 #include <asm/exception.h>
24 #include <asm/system.h>
25 #include <asm/pgtable.h>
26 #include <asm/tlbflush.h>
33 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr)
37 if (!user_mode(regs)) {
38 /* kprobe_running() needs smp_processor_id() */
40 if (kprobe_running() && kprobe_fault_handler(regs, fsr))
48 static inline int notify_page_fault(struct pt_regs *regs, unsigned int fsr)
55 * This is useful to dump out the page tables associated with
58 void show_pte(struct mm_struct *mm, unsigned long addr)
65 printk(KERN_ALERT "pgd = %p\n", mm->pgd);
66 pgd = pgd_offset(mm, addr);
67 printk(KERN_ALERT "[%08lx] *pgd=%08llx",
68 addr, (long long)pgd_val(*pgd));
83 pud = pud_offset(pgd, addr);
84 if (PTRS_PER_PUD != 1)
85 printk(", *pud=%08llx", (long long)pud_val(*pud));
95 pmd = pmd_offset(pud, addr);
96 if (PTRS_PER_PMD != 1)
97 printk(", *pmd=%08llx", (long long)pmd_val(*pmd));
107 /* We must not map this if we have highmem enabled */
108 if (PageHighMem(pfn_to_page(pmd_val(*pmd) >> PAGE_SHIFT)))
111 pte = pte_offset_map(pmd, addr);
112 printk(", *pte=%08llx", (long long)pte_val(*pte));
113 #ifndef CONFIG_ARM_LPAE
114 printk(", *ppte=%08llx",
115 (long long)pte_val(pte[PTE_HWTABLE_PTRS]));
122 #else /* CONFIG_MMU */
123 void show_pte(struct mm_struct *mm, unsigned long addr)
125 #endif /* CONFIG_MMU */
128 * Oops. The kernel tried to access some page that wasn't present.
131 __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
132 struct pt_regs *regs)
135 * Are we prepared to handle this kernel fault?
137 if (fixup_exception(regs))
141 * No handler, we'll have to terminate things with extreme prejudice.
145 "Unable to handle kernel %s at virtual address %08lx\n",
146 (addr < PAGE_SIZE) ? "NULL pointer dereference" :
147 "paging request", addr);
150 die("Oops", regs, fsr);
155 #ifdef CONFIG_DEBUG_USER
157 print_user_faulter_location(const char *name, struct pt_regs *regs)
159 struct mm_struct *mm = current->mm;
160 struct vm_area_struct *vma;
161 char *p, *t, buf[128];
163 printk(KERN_DEBUG "%s: pc=%08lx",
169 vma = find_vma(mm, regs->ARM_pc);
170 if (!vma || !vma->vm_file)
173 p = d_path(&vma->vm_file->f_path, buf, sizeof(buf));
181 printk(KERN_CONT " (%s+%lx)", p, regs->ARM_pc - vma->vm_start);
184 printk(KERN_CONT ", lr=%08lx\n", regs->ARM_lr);
189 * Something tried to access memory that isn't in our memory map..
190 * User mode accesses just cause a SIGSEGV
193 __do_user_fault(struct task_struct *tsk, unsigned long addr,
194 unsigned int fsr, unsigned int sig, int code,
195 struct pt_regs *regs)
199 #ifdef CONFIG_DEBUG_USER
200 if (user_debug & (UDBG_SEGV | UDBG_SEGV_SHORT)) {
201 printk(KERN_DEBUG "%s: unhandled page fault (%d) at 0x%08lx, code 0x%03x (%s)\n",
202 tsk->comm, sig, addr, fsr,
203 (fsr & FSR_WRITE) ? "write" : "read");
204 print_user_faulter_location(tsk->comm, regs);
206 if (user_debug & UDBG_SEGV) {
207 show_pte(tsk->mm, addr);
212 tsk->thread.address = addr;
213 tsk->thread.error_code = fsr;
214 tsk->thread.trap_no = 14;
218 si.si_addr = (void __user *)addr;
219 force_sig_info(sig, &si, tsk);
222 void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
224 struct task_struct *tsk = current;
225 struct mm_struct *mm = tsk->active_mm;
228 * If we are in kernel mode at this point, we
229 * have no context to handle this fault with.
232 __do_user_fault(tsk, addr, fsr, SIGSEGV, SEGV_MAPERR, regs);
234 __do_kernel_fault(mm, addr, fsr, regs);
238 #define VM_FAULT_BADMAP 0x010000
239 #define VM_FAULT_BADACCESS 0x020000
242 * Check that the permissions on the VMA allow for the fault which occurred.
243 * If we encountered a write fault, we must have write permission, otherwise
244 * we allow any permission.
246 static inline bool access_error(unsigned int fsr, struct vm_area_struct *vma)
248 unsigned int mask = VM_READ | VM_WRITE | VM_EXEC;
252 if (fsr & FSR_LNX_PF)
255 return vma->vm_flags & mask ? false : true;
259 __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
260 struct task_struct *tsk)
262 struct vm_area_struct *vma;
265 vma = find_vma(mm, addr);
266 fault = VM_FAULT_BADMAP;
269 if (unlikely(vma->vm_start > addr))
273 * Ok, we have a good vm_area for this
274 * memory access, so we can handle it.
277 if (access_error(fsr, vma)) {
278 fault = VM_FAULT_BADACCESS;
283 * If for any reason at all we couldn't handle the fault, make
284 * sure we exit gracefully rather than endlessly redo the fault.
286 fault = handle_mm_fault(mm, vma, addr & PAGE_MASK, (fsr & FSR_WRITE) ? FAULT_FLAG_WRITE : 0);
287 if (unlikely(fault & VM_FAULT_ERROR))
289 if (fault & VM_FAULT_MAJOR)
296 /* Don't allow expansion below FIRST_USER_ADDRESS */
297 if (vma->vm_flags & VM_GROWSDOWN &&
298 addr >= FIRST_USER_ADDRESS && !expand_stack(vma, addr))
305 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
307 struct task_struct *tsk;
308 struct mm_struct *mm;
309 int fault, sig, code;
311 if (notify_page_fault(regs, fsr))
317 /* Enable interrupts if they were enabled in the parent context. */
318 if (interrupts_enabled(regs))
322 * If we're in an interrupt or have no user
323 * context, we must not take the fault..
325 if (in_atomic() || !mm)
329 * As per x86, we may deadlock here. However, since the kernel only
330 * validly references user space from well defined areas of the code,
331 * we can bug out early if this is from code which shouldn't.
333 if (!down_read_trylock(&mm->mmap_sem)) {
334 if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc))
336 down_read(&mm->mmap_sem);
339 * The above down_read_trylock() might have succeeded in
340 * which case, we'll have missed the might_sleep() from
344 #ifdef CONFIG_DEBUG_VM
345 if (!user_mode(regs) &&
346 !search_exception_tables(regs->ARM_pc))
351 fault = __do_page_fault(mm, addr, fsr, tsk);
352 up_read(&mm->mmap_sem);
354 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);
355 if (fault & VM_FAULT_MAJOR)
356 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, regs, addr);
357 else if (fault & VM_FAULT_MINOR)
358 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, addr);
361 * Handle the "normal" case first - VM_FAULT_MAJOR / VM_FAULT_MINOR
363 if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS))))
366 if (fault & VM_FAULT_OOM) {
368 * We ran out of memory, call the OOM killer, and return to
369 * userspace (which will retry the fault, or kill us if we
372 pagefault_out_of_memory();
377 * If we are in kernel mode at this point, we
378 * have no context to handle this fault with.
380 if (!user_mode(regs))
383 if (fault & VM_FAULT_SIGBUS) {
385 * We had some memory, but were unable to
386 * successfully fix up this page fault.
392 * Something tried to access memory that
393 * isn't in our memory map..
396 code = fault == VM_FAULT_BADACCESS ?
397 SEGV_ACCERR : SEGV_MAPERR;
400 __do_user_fault(tsk, addr, fsr, sig, code, regs);
404 __do_kernel_fault(mm, addr, fsr, regs);
407 #else /* CONFIG_MMU */
409 do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
413 #endif /* CONFIG_MMU */
416 * First Level Translation Fault Handler
418 * We enter here because the first level page table doesn't contain
419 * a valid entry for the address.
421 * If the address is in kernel space (>= TASK_SIZE), then we are
422 * probably faulting in the vmalloc() area.
424 * If the init_task's first level page tables contains the relevant
425 * entry, we copy the it to this task. If not, we send the process
426 * a signal, fixup the exception, or oops the kernel.
428 * NOTE! We MUST NOT take any locks for this case. We may be in an
429 * interrupt or a critical region, and should only copy the information
430 * from the master page table, nothing more.
434 do_translation_fault(unsigned long addr, unsigned int fsr,
435 struct pt_regs *regs)
442 if (addr < TASK_SIZE)
443 return do_page_fault(addr, fsr, regs);
448 index = pgd_index(addr);
451 * FIXME: CP15 C1 is write only on ARMv3 architectures.
453 pgd = cpu_get_pgd() + index;
454 pgd_k = init_mm.pgd + index;
456 if (pgd_none(*pgd_k))
458 if (!pgd_present(*pgd))
459 set_pgd(pgd, *pgd_k);
461 pud = pud_offset(pgd, addr);
462 pud_k = pud_offset(pgd_k, addr);
464 if (pud_none(*pud_k))
466 if (!pud_present(*pud))
467 set_pud(pud, *pud_k);
469 pmd = pmd_offset(pud, addr);
470 pmd_k = pmd_offset(pud_k, addr);
472 #ifdef CONFIG_ARM_LPAE
474 * Only one hardware entry per PMD with LPAE.
479 * On ARM one Linux PGD entry contains two hardware entries (see page
480 * tables layout in pgtable.h). We normally guarantee that we always
481 * fill both L1 entries. But create_mapping() doesn't follow the rule.
482 * It can create inidividual L1 entries, so here we have to call
483 * pmd_none() check for the entry really corresponded to address, not
484 * for the first of pair.
486 index = (addr >> SECTION_SHIFT) & 1;
488 if (pmd_none(pmd_k[index]))
491 copy_pmd(pmd, pmd_k);
495 do_bad_area(addr, fsr, regs);
498 #else /* CONFIG_MMU */
500 do_translation_fault(unsigned long addr, unsigned int fsr,
501 struct pt_regs *regs)
505 #endif /* CONFIG_MMU */
508 * This abort handler always returns "fault".
511 do_bad(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
517 int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
524 #ifdef CONFIG_ARM_LPAE
525 #include "fsr-3level.c"
527 #include "fsr-2level.c"
531 hook_fault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *),
532 int sig, int code, const char *name)
534 if (nr < 0 || nr >= ARRAY_SIZE(fsr_info))
537 fsr_info[nr].fn = fn;
538 fsr_info[nr].sig = sig;
539 fsr_info[nr].code = code;
540 fsr_info[nr].name = name;
544 * Dispatch a data abort to the relevant handler.
546 asmlinkage void __exception
547 do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
549 const struct fsr_info *inf = fsr_info + fsr_fs(fsr);
552 if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
555 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
556 inf->name, fsr, addr);
558 info.si_signo = inf->sig;
560 info.si_code = inf->code;
561 info.si_addr = (void __user *)addr;
562 arm_notify_die("", regs, &info, fsr, 0);
566 hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *),
567 int sig, int code, const char *name)
569 if (nr < 0 || nr >= ARRAY_SIZE(ifsr_info))
572 ifsr_info[nr].fn = fn;
573 ifsr_info[nr].sig = sig;
574 ifsr_info[nr].code = code;
575 ifsr_info[nr].name = name;
578 asmlinkage void __exception
579 do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
581 const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
584 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs))
587 printk(KERN_ALERT "Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n",
588 inf->name, ifsr, addr);
590 info.si_signo = inf->sig;
592 info.si_code = inf->code;
593 info.si_addr = (void __user *)addr;
594 arm_notify_die("", regs, &info, ifsr, 0);
597 #ifndef CONFIG_ARM_LPAE
598 static int __init exceptions_init(void)
600 if (cpu_architecture() >= CPU_ARCH_ARMv6) {
601 hook_fault_code(4, do_translation_fault, SIGSEGV, SEGV_MAPERR,
602 "I-cache maintenance fault");
605 if (cpu_architecture() >= CPU_ARCH_ARMv7) {
607 * TODO: Access flag faults introduced in ARMv6K.
608 * Runtime check for 'K' extension is needed
610 hook_fault_code(3, do_bad, SIGSEGV, SEGV_MAPERR,
611 "section access flag fault");
612 hook_fault_code(6, do_bad, SIGSEGV, SEGV_MAPERR,
613 "section access flag fault");
619 arch_initcall(exceptions_init);
git.openpandora.org / pandora-kernel.git / blob