fault.c revision 67ddb4052daac9d449caf2643ac365d42a04219a 
1/* MN10300 MMU Fault handler
2 *
3 * Copyright (C) 2007 Matsushita Electric Industrial Co., Ltd.
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Modified by David Howells (dhowells@redhat.com)
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public Licence
9 * as published by the Free Software Foundation; either version
10 * 2 of the Licence, or (at your option) any later version.
11 */
12
13#include <linux/signal.h>
14#include <linux/sched.h>
15#include <linux/kernel.h>
16#include <linux/errno.h>
17#include <linux/string.h>
18#include <linux/types.h>
19#include <linux/ptrace.h>
20#include <linux/mman.h>
21#include <linux/mm.h>
22#include <linux/smp.h>
23#include <linux/interrupt.h>
24#include <linux/init.h>
25#include <linux/vt_kern.h>		/* For unblank_screen() */
26
27#include <asm/system.h>
28#include <asm/uaccess.h>
29#include <asm/pgalloc.h>
30#include <asm/hardirq.h>
31#include <asm/cpu-regs.h>
32#include <asm/debugger.h>
33#include <asm/gdb-stub.h>
34
35/*
36 * Unlock any spinlocks which will prevent us from getting the
37 * message out
38 */
39void bust_spinlocks(int yes)
40{
41	if (yes) {
42		oops_in_progress = 1;
43	} else {
44		int loglevel_save = console_loglevel;
45#ifdef CONFIG_VT
46		unblank_screen();
47#endif
48		oops_in_progress = 0;
49		/*
50		 * OK, the message is on the console.  Now we call printk()
51		 * without oops_in_progress set so that printk will give klogd
52		 * a poke.  Hold onto your hats...
53		 */
54		console_loglevel = 15;	/* NMI oopser may have shut the console
55					 * up */
56		printk(" ");
57		console_loglevel = loglevel_save;
58	}
59}
60
61void do_BUG(const char *file, int line)
62{
63	bust_spinlocks(1);
64	printk(KERN_EMERG "------------[ cut here ]------------\n");
65	printk(KERN_EMERG "kernel BUG at %s:%d!\n", file, line);
66}
67
68#if 0
69static void print_pagetable_entries(pgd_t *pgdir, unsigned long address)
70{
71	pgd_t *pgd;
72	pmd_t *pmd;
73	pte_t *pte;
74
75	pgd = pgdir + __pgd_offset(address);
76	printk(KERN_DEBUG "pgd entry %p: %016Lx\n",
77	       pgd, (long long) pgd_val(*pgd));
78
79	if (!pgd_present(*pgd)) {
80		printk(KERN_DEBUG "... pgd not present!\n");
81		return;
82	}
83	pmd = pmd_offset(pgd, address);
84	printk(KERN_DEBUG "pmd entry %p: %016Lx\n",
85	       pmd, (long long)pmd_val(*pmd));
86
87	if (!pmd_present(*pmd)) {
88		printk(KERN_DEBUG "... pmd not present!\n");
89		return;
90	}
91	pte = pte_offset(pmd, address);
92	printk(KERN_DEBUG "pte entry %p: %016Lx\n",
93	       pte, (long long) pte_val(*pte));
94
95	if (!pte_present(*pte))
96		printk(KERN_DEBUG "... pte not present!\n");
97}
98#endif
99
100/*
101 * This routine handles page faults.  It determines the address,
102 * and the problem, and then passes it off to one of the appropriate
103 * routines.
104 *
105 * fault_code:
106 * - LSW: either MMUFCR_IFC or MMUFCR_DFC as appropriate
107 * - MSW: 0 if data access, 1 if instruction access
108 * - bit 0: TLB miss flag
109 * - bit 1: initial write
110 * - bit 2: page invalid
111 * - bit 3: protection violation
112 * - bit 4: accessor (0=user 1=kernel)
113 * - bit 5: 0=read 1=write
114 * - bit 6-8: page protection spec
115 * - bit 9: illegal address
116 * - bit 16: 0=data 1=ins
117 *
118 */
119asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long fault_code,
120			      unsigned long address)
121{
122	struct vm_area_struct *vma;
123	struct task_struct *tsk;
124	struct mm_struct *mm;
125	unsigned long page;
126	siginfo_t info;
127	int write, fault;
128
129#ifdef CONFIG_GDBSTUB
130	/* handle GDB stub causing a fault */
131	if (gdbstub_busy) {
132		gdbstub_exception(regs, TBR & TBR_INT_CODE);
133		return;
134	}
135#endif
136
137#if 0
138	printk(KERN_DEBUG "--- do_page_fault(%p,%s:%04lx,%08lx)\n",
139	       regs,
140	       fault_code & 0x10000 ? "ins" : "data",
141	       fault_code & 0xffff, address);
142#endif
143
144	tsk = current;
145
146	/*
147	 * We fault-in kernel-space virtual memory on-demand. The
148	 * 'reference' page table is init_mm.pgd.
149	 *
150	 * NOTE! We MUST NOT take any locks for this case. We may
151	 * be in an interrupt or a critical region, and should
152	 * only copy the information from the master page table,
153	 * nothing more.
154	 *
155	 * This verifies that the fault happens in kernel space
156	 * and that the fault was a page not present (invalid) error
157	 */
158	if (address >= VMALLOC_START && address < VMALLOC_END &&
159	    (fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_SR &&
160	    (fault_code & MMUFCR_xFC_PGINVAL) == MMUFCR_xFC_PGINVAL
161	    )
162		goto vmalloc_fault;
163
164	mm = tsk->mm;
165	info.si_code = SEGV_MAPERR;
166
167	/*
168	 * If we're in an interrupt or have no user
169	 * context, we must not take the fault..
170	 */
171	if (in_atomic() || !mm)
172		goto no_context;
173
174	down_read(&mm->mmap_sem);
175
176	vma = find_vma(mm, address);
177	if (!vma)
178		goto bad_area;
179	if (vma->vm_start <= address)
180		goto good_area;
181	if (!(vma->vm_flags & VM_GROWSDOWN))
182		goto bad_area;
183
184	if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) {
185		/* accessing the stack below the stack pointer is always a
186		 * bug */
187		if ((address & PAGE_MASK) + 2 * PAGE_SIZE < regs->sp) {
188#if 0
189			printk(KERN_WARNING
190			       "[%d] ### Access below stack @%lx (sp=%lx)\n",
191			       current->pid, address, regs->sp);
192			printk(KERN_WARNING
193			       "vma [%08x - %08x]\n",
194			       vma->vm_start, vma->vm_end);
195			show_registers(regs);
196			printk(KERN_WARNING
197			       "[%d] ### Code: [%08lx]"
198			       " %02x %02x %02x %02x %02x %02x %02x %02x\n",
199			       current->pid,
200			       regs->pc,
201			       ((u8 *) regs->pc)[0],
202			       ((u8 *) regs->pc)[1],
203			       ((u8 *) regs->pc)[2],
204			       ((u8 *) regs->pc)[3],
205			       ((u8 *) regs->pc)[4],
206			       ((u8 *) regs->pc)[5],
207			       ((u8 *) regs->pc)[6],
208			       ((u8 *) regs->pc)[7]
209			       );
210#endif
211			goto bad_area;
212		}
213	}
214
215	if (expand_stack(vma, address))
216		goto bad_area;
217
218/*
219 * Ok, we have a good vm_area for this memory access, so
220 * we can handle it..
221 */
222good_area:
223	info.si_code = SEGV_ACCERR;
224	write = 0;
225	switch (fault_code & (MMUFCR_xFC_PGINVAL|MMUFCR_xFC_TYPE)) {
226	default:	/* 3: write, present */
227	case MMUFCR_xFC_TYPE_WRITE:
228#ifdef TEST_VERIFY_AREA
229		if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_SR)
230			printk(KERN_DEBUG "WP fault at %08lx\n", regs->pc);
231#endif
232		/* write to absent page */
233	case MMUFCR_xFC_PGINVAL | MMUFCR_xFC_TYPE_WRITE:
234		if (!(vma->vm_flags & VM_WRITE))
235			goto bad_area;
236		write++;
237		break;
238
239		/* read from protected page */
240	case MMUFCR_xFC_TYPE_READ:
241		goto bad_area;
242
243		/* read from absent page present */
244	case MMUFCR_xFC_PGINVAL | MMUFCR_xFC_TYPE_READ:
245		if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
246			goto bad_area;
247		break;
248	}
249
250	/*
251	 * If for any reason at all we couldn't handle the fault,
252	 * make sure we exit gracefully rather than endlessly redo
253	 * the fault.
254	 */
255	fault = handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0);
256	if (unlikely(fault & VM_FAULT_ERROR)) {
257		if (fault & VM_FAULT_OOM)
258			goto out_of_memory;
259		else if (fault & VM_FAULT_SIGBUS)
260			goto do_sigbus;
261		BUG();
262	}
263	if (fault & VM_FAULT_MAJOR)
264		current->maj_flt++;
265	else
266		current->min_flt++;
267
268	up_read(&mm->mmap_sem);
269	return;
270
271/*
272 * Something tried to access memory that isn't in our memory map..
273 * Fix it, but check if it's kernel or user first..
274 */
275bad_area:
276	up_read(&mm->mmap_sem);
277
278	/* User mode accesses just cause a SIGSEGV */
279	if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) {
280		info.si_signo = SIGSEGV;
281		info.si_errno = 0;
282		/* info.si_code has been set above */
283		info.si_addr = (void *)address;
284		force_sig_info(SIGSEGV, &info, tsk);
285		return;
286	}
287
288no_context:
289	/* Are we prepared to handle this kernel fault?  */
290	if (fixup_exception(regs))
291		return;
292
293/*
294 * Oops. The kernel tried to access some bad page. We'll have to
295 * terminate things with extreme prejudice.
296 */
297
298	bust_spinlocks(1);
299
300	if (address < PAGE_SIZE)
301		printk(KERN_ALERT
302		       "Unable to handle kernel NULL pointer dereference");
303	else
304		printk(KERN_ALERT
305		       "Unable to handle kernel paging request");
306	printk(" at virtual address %08lx\n", address);
307	printk(" printing pc:\n");
308	printk(KERN_ALERT "%08lx\n", regs->pc);
309
310	debugger_intercept(fault_code & 0x00010000 ? EXCEP_IAERROR : EXCEP_DAERROR,
311			   SIGSEGV, SEGV_ACCERR, regs);
312
313	page = PTBR;
314	page = ((unsigned long *) __va(page))[address >> 22];
315	printk(KERN_ALERT "*pde = %08lx\n", page);
316	if (page & 1) {
317		page &= PAGE_MASK;
318		address &= 0x003ff000;
319		page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT];
320		printk(KERN_ALERT "*pte = %08lx\n", page);
321	}
322
323	die("Oops", regs, fault_code);
324	do_exit(SIGKILL);
325
326/*
327 * We ran out of memory, or some other thing happened to us that made
328 * us unable to handle the page fault gracefully.
329 */
330out_of_memory:
331	up_read(&mm->mmap_sem);
332	printk(KERN_ALERT "VM: killing process %s\n", tsk->comm);
333	if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR)
334		do_exit(SIGKILL);
335	goto no_context;
336
337do_sigbus:
338	up_read(&mm->mmap_sem);
339
340	/*
341	 * Send a sigbus, regardless of whether we were in kernel
342	 * or user mode.
343	 */
344	info.si_signo = SIGBUS;
345	info.si_errno = 0;
346	info.si_code = BUS_ADRERR;
347	info.si_addr = (void *)address;
348	force_sig_info(SIGBUS, &info, tsk);
349
350	/* Kernel mode? Handle exceptions or die */
351	if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_SR)
352		goto no_context;
353	return;
354
355vmalloc_fault:
356	{
357		/*
358		 * Synchronize this task's top level page-table
359		 * with the 'reference' page table.
360		 *
361		 * Do _not_ use "tsk" here. We might be inside
362		 * an interrupt in the middle of a task switch..
363		 */
364		int index = pgd_index(address);
365		pgd_t *pgd, *pgd_k;
366		pud_t *pud, *pud_k;
367		pmd_t *pmd, *pmd_k;
368		pte_t *pte_k;
369
370		pgd_k = init_mm.pgd + index;
371
372		if (!pgd_present(*pgd_k))
373			goto no_context;
374
375		pud_k = pud_offset(pgd_k, address);
376		if (!pud_present(*pud_k))
377			goto no_context;
378
379		pmd_k = pmd_offset(pud_k, address);
380		if (!pmd_present(*pmd_k))
381			goto no_context;
382
383		pgd = (pgd_t *) PTBR + index;
384		pud = pud_offset(pgd, address);
385		pmd = pmd_offset(pud, address);
386		set_pmd(pmd, *pmd_k);
387
388		pte_k = pte_offset_kernel(pmd_k, address);
389		if (!pte_present(*pte_k))
390			goto no_context;
391		return;
392	}
393}
394