mips/mm/fault.c

0001 /*
0002  * This file is subject to the terms and conditions of the GNU General Public
0003  * License.  See the file "COPYING" in the main directory of this archive
0004  * for more details.
0005  *
0006  * Copyright (C) 1995 - 2000 by Ralf Baechle
0007  */
0008 #include <linux/context_tracking.h>
0009 #include <linux/signal.h>
0010 #include <linux/sched.h>
0011 #include <linux/interrupt.h>
0012 #include <linux/kernel.h>
0013 #include <linux/errno.h>
0014 #include <linux/string.h>
0015 #include <linux/types.h>
0016 #include <linux/ptrace.h>
0017 #include <linux/ratelimit.h>
0018 #include <linux/mman.h>
0019 #include <linux/mm.h>
0020 #include <linux/smp.h>
0021 #include <linux/kprobes.h>
0022 #include <linux/perf_event.h>
0023 #include <linux/uaccess.h>
0024
0025 #include <asm/branch.h>
0026 #include <asm/mmu_context.h>
0027 #include <asm/ptrace.h>
0028 #include <asm/highmem.h>        /* For VMALLOC_END */
0029 #include <linux/kdebug.h>
0030
0031 int show_unhandled_signals = 1;
0032
0033 /*
0034  * This routine handles page faults.  It determines the address,
0035  * and the problem, and then passes it off to one of the appropriate
0036  * routines.
0037  */
0038 static void __do_page_fault(struct pt_regs *regs, unsigned long write,
0039     unsigned long address)
0040 {
0041     struct vm_area_struct * vma = NULL;
0042     struct task_struct *tsk = current;
0043     struct mm_struct *mm = tsk->mm;
0044     const int field = sizeof(unsigned long) * 2;
0045     int si_code;
0046     vm_fault_t fault;
0047     unsigned int flags = FAULT_FLAG_DEFAULT;
0048
0049     static DEFINE_RATELIMIT_STATE(ratelimit_state, 5 * HZ, 10);
0050
0051 #if 0
0052     printk("Cpu%d[%s:%d:%0*lx:%ld:%0*lx]\n", raw_smp_processor_id(),
0053            current->comm, current->pid, field, address, write,
0054            field, regs->cp0_epc);
0055 #endif
0056
0057 #ifdef CONFIG_KPROBES
0058     /*
0059      * This is to notify the fault handler of the kprobes.
0060      */
0061     if (notify_die(DIE_PAGE_FAULT, "page fault", regs, -1,
0062                current->thread.trap_nr, SIGSEGV) == NOTIFY_STOP)
0063         return;
0064 #endif
0065
0066     si_code = SEGV_MAPERR;
0067
0068     /*
0069      * We fault-in kernel-space virtual memory on-demand. The
0070      * 'reference' page table is init_mm.pgd.
0071      *
0072      * NOTE! We MUST NOT take any locks for this case. We may
0073      * be in an interrupt or a critical region, and should
0074      * only copy the information from the master page table,
0075      * nothing more.
0076      */
0077 #ifdef CONFIG_64BIT
0078 # define VMALLOC_FAULT_TARGET no_context
0079 #else
0080 # define VMALLOC_FAULT_TARGET vmalloc_fault
0081 #endif
0082
0083     if (unlikely(address >= VMALLOC_START && address <= VMALLOC_END))
0084         goto VMALLOC_FAULT_TARGET;
0085 #ifdef MODULE_START
0086     if (unlikely(address >= MODULE_START && address < MODULE_END))
0087         goto VMALLOC_FAULT_TARGET;
0088 #endif
0089
0090     /*
0091      * If we're in an interrupt or have no user
0092      * context, we must not take the fault..
0093      */
0094     if (faulthandler_disabled() || !mm)
0095         goto bad_area_nosemaphore;
0096
0097     if (user_mode(regs))
0098         flags |= FAULT_FLAG_USER;
0099
0100     perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
0101 retry:
0102     mmap_read_lock(mm);
0103     vma = find_vma(mm, address);
0104     if (!vma)
0105         goto bad_area;
0106     if (vma->vm_start <= address)
0107         goto good_area;
0108     if (!(vma->vm_flags & VM_GROWSDOWN))
0109         goto bad_area;
0110     if (expand_stack(vma, address))
0111         goto bad_area;
0112 /*
0113  * Ok, we have a good vm_area for this memory access, so
0114  * we can handle it..
0115  */
0116 good_area:
0117     si_code = SEGV_ACCERR;
0118
0119     if (write) {
0120         if (!(vma->vm_flags & VM_WRITE))
0121             goto bad_area;
0122         flags |= FAULT_FLAG_WRITE;
0123     } else {
0124         if (cpu_has_rixi) {
0125             if (address == regs->cp0_epc && !(vma->vm_flags & VM_EXEC)) {
0126 #if 0
0127                 pr_notice("Cpu%d[%s:%d:%0*lx:%ld:%0*lx] XI violation\n",
0128                       raw_smp_processor_id(),
0129                       current->comm, current->pid,
0130                       field, address, write,
0131                       field, regs->cp0_epc);
0132 #endif
0133                 goto bad_area;
0134             }
0135             if (!(vma->vm_flags & VM_READ) &&
0136                 exception_epc(regs) != address) {
0137 #if 0
0138                 pr_notice("Cpu%d[%s:%d:%0*lx:%ld:%0*lx] RI violation\n",
0139                       raw_smp_processor_id(),
0140                       current->comm, current->pid,
0141                       field, address, write,
0142                       field, regs->cp0_epc);
0143 #endif
0144                 goto bad_area;
0145             }
0146         } else {
0147             if (unlikely(!vma_is_accessible(vma)))
0148                 goto bad_area;
0149         }
0150     }
0151
0152     /*
0153      * If for any reason at all we couldn't handle the fault,
0154      * make sure we exit gracefully rather than endlessly redo
0155      * the fault.
0156      */
0157     fault = handle_mm_fault(vma, address, flags, regs);
0158
0159     if (fault_signal_pending(fault, regs)) {
0160         if (!user_mode(regs))
0161             goto no_context;
0162         return;
0163     }
0164
0165     /* The fault is fully completed (including releasing mmap lock) */
0166     if (fault & VM_FAULT_COMPLETED)
0167         return;
0168
0169     if (unlikely(fault & VM_FAULT_ERROR)) {
0170         if (fault & VM_FAULT_OOM)
0171             goto out_of_memory;
0172         else if (fault & VM_FAULT_SIGSEGV)
0173             goto bad_area;
0174         else if (fault & VM_FAULT_SIGBUS)
0175             goto do_sigbus;
0176         BUG();
0177     }
0178
0179     if (fault & VM_FAULT_RETRY) {
0180         flags |= FAULT_FLAG_TRIED;
0181
0182         /*
0183          * No need to mmap_read_unlock(mm) as we would
0184          * have already released it in __lock_page_or_retry
0185          * in mm/filemap.c.
0186          */
0187
0188         goto retry;
0189     }
0190
0191     mmap_read_unlock(mm);
0192     return;
0193
0194 /*
0195  * Something tried to access memory that isn't in our memory map..
0196  * Fix it, but check if it's kernel or user first..
0197  */
0198 bad_area:
0199     mmap_read_unlock(mm);
0200
0201 bad_area_nosemaphore:
0202     /* User mode accesses just cause a SIGSEGV */
0203     if (user_mode(regs)) {
0204         tsk->thread.cp0_badvaddr = address;
0205         tsk->thread.error_code = write;
0206         if (show_unhandled_signals &&
0207             unhandled_signal(tsk, SIGSEGV) &&
0208             __ratelimit(&ratelimit_state)) {
0209             pr_info("do_page_fault(): sending SIGSEGV to %s for invalid %s %0*lx\n",
0210                 tsk->comm,
0211                 write ? "write access to" : "read access from",
0212                 field, address);
0213             pr_info("epc = %0*lx in", field,
0214                 (unsigned long) regs->cp0_epc);
0215             print_vma_addr(KERN_CONT " ", regs->cp0_epc);
0216             pr_cont("\n");
0217             pr_info("ra  = %0*lx in", field,
0218                 (unsigned long) regs->regs[31]);
0219             print_vma_addr(KERN_CONT " ", regs->regs[31]);
0220             pr_cont("\n");
0221         }
0222         current->thread.trap_nr = (regs->cp0_cause >> 2) & 0x1f;
0223         force_sig_fault(SIGSEGV, si_code, (void __user *)address);
0224         return;
0225     }
0226
0227 no_context:
0228     /* Are we prepared to handle this kernel fault?  */
0229     if (fixup_exception(regs)) {
0230         current->thread.cp0_baduaddr = address;
0231         return;
0232     }
0233
0234     /*
0235      * Oops. The kernel tried to access some bad page. We'll have to
0236      * terminate things with extreme prejudice.
0237      */
0238     bust_spinlocks(1);
0239
0240     printk(KERN_ALERT "CPU %d Unable to handle kernel paging request at "
0241            "virtual address %0*lx, epc == %0*lx, ra == %0*lx\n",
0242            raw_smp_processor_id(), field, address, field, regs->cp0_epc,
0243            field,  regs->regs[31]);
0244     die("Oops", regs);
0245
0246 out_of_memory:
0247     /*
0248      * We ran out of memory, call the OOM killer, and return the userspace
0249      * (which will retry the fault, or kill us if we got oom-killed).
0250      */
0251     mmap_read_unlock(mm);
0252     if (!user_mode(regs))
0253         goto no_context;
0254     pagefault_out_of_memory();
0255     return;
0256
0257 do_sigbus:
0258     mmap_read_unlock(mm);
0259
0260     /* Kernel mode? Handle exceptions or die */
0261     if (!user_mode(regs))
0262         goto no_context;
0263
0264     /*
0265      * Send a sigbus, regardless of whether we were in kernel
0266      * or user mode.
0267      */
0268 #if 0
0269     printk("do_page_fault() #3: sending SIGBUS to %s for "
0270            "invalid %s\n%0*lx (epc == %0*lx, ra == %0*lx)\n",
0271            tsk->comm,
0272            write ? "write access to" : "read access from",
0273            field, address,
0274            field, (unsigned long) regs->cp0_epc,
0275            field, (unsigned long) regs->regs[31]);
0276 #endif
0277     current->thread.trap_nr = (regs->cp0_cause >> 2) & 0x1f;
0278     tsk->thread.cp0_badvaddr = address;
0279     force_sig_fault(SIGBUS, BUS_ADRERR, (void __user *)address);
0280
0281     return;
0282 #ifndef CONFIG_64BIT
0283 vmalloc_fault:
0284     {
0285         /*
0286          * Synchronize this task's top level page-table
0287          * with the 'reference' page table.
0288          *
0289          * Do _not_ use "tsk" here. We might be inside
0290          * an interrupt in the middle of a task switch..
0291          */
0292         int offset = pgd_index(address);
0293         pgd_t *pgd, *pgd_k;
0294         p4d_t *p4d, *p4d_k;
0295         pud_t *pud, *pud_k;
0296         pmd_t *pmd, *pmd_k;
0297         pte_t *pte_k;
0298
0299         pgd = (pgd_t *) pgd_current[raw_smp_processor_id()] + offset;
0300         pgd_k = init_mm.pgd + offset;
0301
0302         if (!pgd_present(*pgd_k))
0303             goto no_context;
0304         set_pgd(pgd, *pgd_k);
0305
0306         p4d = p4d_offset(pgd, address);
0307         p4d_k = p4d_offset(pgd_k, address);
0308         if (!p4d_present(*p4d_k))
0309             goto no_context;
0310
0311         pud = pud_offset(p4d, address);
0312         pud_k = pud_offset(p4d_k, address);
0313         if (!pud_present(*pud_k))
0314             goto no_context;
0315
0316         pmd = pmd_offset(pud, address);
0317         pmd_k = pmd_offset(pud_k, address);
0318         if (!pmd_present(*pmd_k))
0319             goto no_context;
0320         set_pmd(pmd, *pmd_k);
0321
0322         pte_k = pte_offset_kernel(pmd_k, address);
0323         if (!pte_present(*pte_k))
0324             goto no_context;
0325         return;
0326     }
0327 #endif
0328 }
0329 NOKPROBE_SYMBOL(__do_page_fault);
0330
0331 asmlinkage void do_page_fault(struct pt_regs *regs,
0332     unsigned long write, unsigned long address)
0333 {
0334     enum ctx_state prev_state;
0335
0336     prev_state = exception_enter();
0337     __do_page_fault(regs, write, address);
0338     exception_exit(prev_state);
0339 }
0340 NOKPROBE_SYMBOL(do_page_fault);