Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 2 | * Copyright (C) 1995 Linus Torvalds |
| 3 | * Copyright (C) 2001,2002 Andi Kleen, SuSE Labs. |
| 4 | */ |
| 5 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 6 | #include <linux/signal.h> |
| 7 | #include <linux/sched.h> |
| 8 | #include <linux/kernel.h> |
| 9 | #include <linux/errno.h> |
| 10 | #include <linux/string.h> |
| 11 | #include <linux/types.h> |
| 12 | #include <linux/ptrace.h> |
| 13 | #include <linux/mman.h> |
| 14 | #include <linux/mm.h> |
| 15 | #include <linux/smp.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 16 | #include <linux/interrupt.h> |
| 17 | #include <linux/init.h> |
| 18 | #include <linux/tty.h> |
| 19 | #include <linux/vt_kern.h> /* For unblank_screen() */ |
| 20 | #include <linux/compiler.h> |
Christoph Hellwig | 1eeb66a | 2007-05-08 00:27:03 -0700 | [diff] [blame] | 21 | #include <linux/vmalloc.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 22 | #include <linux/module.h> |
Prasanna S Panchamukhi | 0f2fbdc | 2005-09-06 15:19:28 -0700 | [diff] [blame] | 23 | #include <linux/kprobes.h> |
Andi Kleen | ab2bf0c | 2006-12-07 02:14:06 +0100 | [diff] [blame] | 24 | #include <linux/uaccess.h> |
Christoph Hellwig | 1eeb66a | 2007-05-08 00:27:03 -0700 | [diff] [blame] | 25 | #include <linux/kdebug.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 26 | |
| 27 | #include <asm/system.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 28 | #include <asm/pgalloc.h> |
| 29 | #include <asm/smp.h> |
| 30 | #include <asm/tlbflush.h> |
| 31 | #include <asm/proto.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 32 | #include <asm-generic/sections.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 33 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 34 | /* |
| 35 | * Page fault error code bits |
| 36 | * bit 0 == 0 means no page found, 1 means protection fault |
| 37 | * bit 1 == 0 means read, 1 means write |
| 38 | * bit 2 == 0 means kernel, 1 means user-mode |
| 39 | * bit 3 == 1 means use of reserved bit detected |
| 40 | * bit 4 == 1 means fault was an instruction fetch |
| 41 | */ |
Ingo Molnar | 8a19da7 | 2008-01-30 13:32:53 +0100 | [diff] [blame] | 42 | #define PF_PROT (1<<0) |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 43 | #define PF_WRITE (1<<1) |
Ingo Molnar | 8a19da7 | 2008-01-30 13:32:53 +0100 | [diff] [blame] | 44 | #define PF_USER (1<<2) |
| 45 | #define PF_RSVD (1<<3) |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 46 | #define PF_INSTR (1<<4) |
| 47 | |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 48 | static inline int notify_page_fault(struct pt_regs *regs) |
Anil S Keshavamurthy | 1bd858a | 2006-06-26 00:25:25 -0700 | [diff] [blame] | 49 | { |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 50 | #ifdef CONFIG_KPROBES |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 51 | int ret = 0; |
Anil S Keshavamurthy | 1bd858a | 2006-06-26 00:25:25 -0700 | [diff] [blame] | 52 | |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 53 | /* kprobe_running() needs smp_processor_id() */ |
| 54 | if (!user_mode(regs)) { |
| 55 | preempt_disable(); |
| 56 | if (kprobe_running() && kprobe_fault_handler(regs, 14)) |
| 57 | ret = 1; |
| 58 | preempt_enable(); |
| 59 | } |
Anil S Keshavamurthy | 1bd858a | 2006-06-26 00:25:25 -0700 | [diff] [blame] | 60 | |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 61 | return ret; |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 62 | #else |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 63 | return 0; |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 64 | #endif |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 65 | } |
Anil S Keshavamurthy | 1bd858a | 2006-06-26 00:25:25 -0700 | [diff] [blame] | 66 | |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 67 | #ifdef CONFIG_X86_32 |
| 68 | /* |
| 69 | * Return EIP plus the CS segment base. The segment limit is also |
| 70 | * adjusted, clamped to the kernel/user address space (whichever is |
| 71 | * appropriate), and returned in *eip_limit. |
| 72 | * |
| 73 | * The segment is checked, because it might have been changed by another |
| 74 | * task between the original faulting instruction and here. |
| 75 | * |
| 76 | * If CS is no longer a valid code segment, or if EIP is beyond the |
| 77 | * limit, or if it is a kernel address when CS is not a kernel segment, |
| 78 | * then the returned value will be greater than *eip_limit. |
| 79 | * |
| 80 | * This is slow, but is very rarely executed. |
| 81 | */ |
| 82 | static inline unsigned long get_segment_eip(struct pt_regs *regs, |
| 83 | unsigned long *eip_limit) |
| 84 | { |
| 85 | unsigned long ip = regs->ip; |
| 86 | unsigned seg = regs->cs & 0xffff; |
| 87 | u32 seg_ar, seg_limit, base, *desc; |
| 88 | |
| 89 | /* Unlikely, but must come before segment checks. */ |
| 90 | if (unlikely(regs->flags & VM_MASK)) { |
| 91 | base = seg << 4; |
| 92 | *eip_limit = base + 0xffff; |
| 93 | return base + (ip & 0xffff); |
| 94 | } |
| 95 | |
| 96 | /* The standard kernel/user address space limit. */ |
| 97 | *eip_limit = user_mode(regs) ? USER_DS.seg : KERNEL_DS.seg; |
| 98 | |
| 99 | /* By far the most common cases. */ |
| 100 | if (likely(SEGMENT_IS_FLAT_CODE(seg))) |
| 101 | return ip; |
| 102 | |
| 103 | /* Check the segment exists, is within the current LDT/GDT size, |
| 104 | that kernel/user (ring 0..3) has the appropriate privilege, |
| 105 | that it's a code segment, and get the limit. */ |
| 106 | __asm__("larl %3,%0; lsll %3,%1" |
| 107 | : "=&r" (seg_ar), "=r" (seg_limit) : "0" (0), "rm" (seg)); |
| 108 | if ((~seg_ar & 0x9800) || ip > seg_limit) { |
| 109 | *eip_limit = 0; |
| 110 | return 1; /* So that returned ip > *eip_limit. */ |
| 111 | } |
| 112 | |
| 113 | /* Get the GDT/LDT descriptor base. |
| 114 | When you look for races in this code remember that |
| 115 | LDT and other horrors are only used in user space. */ |
| 116 | if (seg & (1<<2)) { |
| 117 | /* Must lock the LDT while reading it. */ |
| 118 | mutex_lock(¤t->mm->context.lock); |
| 119 | desc = current->mm->context.ldt; |
| 120 | desc = (void *)desc + (seg & ~7); |
| 121 | } else { |
| 122 | /* Must disable preemption while reading the GDT. */ |
| 123 | desc = (u32 *)get_cpu_gdt_table(get_cpu()); |
| 124 | desc = (void *)desc + (seg & ~7); |
| 125 | } |
| 126 | |
| 127 | /* Decode the code segment base from the descriptor */ |
| 128 | base = get_desc_base((struct desc_struct *)desc); |
| 129 | |
| 130 | if (seg & (1<<2)) |
| 131 | mutex_unlock(¤t->mm->context.lock); |
| 132 | else |
| 133 | put_cpu(); |
| 134 | |
| 135 | /* Adjust EIP and segment limit, and clamp at the kernel limit. |
| 136 | It's legitimate for segments to wrap at 0xffffffff. */ |
| 137 | seg_limit += base; |
| 138 | if (seg_limit < *eip_limit && seg_limit >= base) |
| 139 | *eip_limit = seg_limit; |
| 140 | return ip + base; |
| 141 | } |
| 142 | #endif |
| 143 | |
| 144 | /* |
| 145 | * X86_32 |
| 146 | * Sometimes AMD Athlon/Opteron CPUs report invalid exceptions on prefetch. |
| 147 | * Check that here and ignore it. |
| 148 | * |
| 149 | * X86_64 |
| 150 | * Sometimes the CPU reports invalid exceptions on prefetch. |
| 151 | * Check that here and ignore it. |
| 152 | * |
| 153 | * Opcode checker based on code by Richard Brunner |
| 154 | */ |
| 155 | static int is_prefetch(struct pt_regs *regs, unsigned long addr, |
| 156 | unsigned long error_code) |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 157 | { |
Andi Kleen | ab2bf0c | 2006-12-07 02:14:06 +0100 | [diff] [blame] | 158 | unsigned char *instr; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 159 | int scan_more = 1; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 160 | int prefetch = 0; |
Andi Kleen | f1290ec | 2005-04-16 15:24:59 -0700 | [diff] [blame] | 161 | unsigned char *max_instr; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 162 | |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 163 | #ifdef CONFIG_X86_32 |
| 164 | unsigned long limit; |
| 165 | if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD && |
| 166 | boot_cpu_data.x86 >= 6)) { |
| 167 | /* Catch an obscure case of prefetch inside an NX page. */ |
| 168 | if (nx_enabled && (error_code & PF_INSTR)) |
| 169 | return 0; |
| 170 | } else { |
| 171 | return 0; |
| 172 | } |
| 173 | instr = (unsigned char *)get_segment_eip(regs, &limit); |
| 174 | #else |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 175 | /* If it was a exec fault ignore */ |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 176 | if (error_code & PF_INSTR) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 177 | return 0; |
Andi Kleen | dd2994f | 2006-09-26 10:52:33 +0200 | [diff] [blame] | 178 | instr = (unsigned char __user *)convert_rip_to_linear(current, regs); |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 179 | #endif |
| 180 | |
Andi Kleen | f1290ec | 2005-04-16 15:24:59 -0700 | [diff] [blame] | 181 | max_instr = instr + 15; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 182 | |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 183 | #ifdef CONFIG_X86_64 |
Vincent Hanquez | 76381fe | 2005-06-23 00:08:46 -0700 | [diff] [blame] | 184 | if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 185 | return 0; |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 186 | #endif |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 187 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 188 | while (scan_more && instr < max_instr) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 189 | unsigned char opcode; |
| 190 | unsigned char instr_hi; |
| 191 | unsigned char instr_lo; |
| 192 | |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 193 | #ifdef CONFIG_X86_32 |
| 194 | if (instr > (unsigned char *)limit) |
| 195 | break; |
| 196 | #endif |
Andi Kleen | ab2bf0c | 2006-12-07 02:14:06 +0100 | [diff] [blame] | 197 | if (probe_kernel_address(instr, opcode)) |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 198 | break; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 199 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 200 | instr_hi = opcode & 0xf0; |
| 201 | instr_lo = opcode & 0x0f; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 202 | instr++; |
| 203 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 204 | switch (instr_hi) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 205 | case 0x20: |
| 206 | case 0x30: |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 207 | /* |
| 208 | * Values 0x26,0x2E,0x36,0x3E are valid x86 prefixes. |
| 209 | * In X86_64 long mode, the CPU will signal invalid |
| 210 | * opcode if some of these prefixes are present so |
| 211 | * X86_64 will never get here anyway |
| 212 | */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 213 | scan_more = ((instr_lo & 7) == 0x6); |
| 214 | break; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 215 | #ifdef CONFIG_X86_64 |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 216 | case 0x40: |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 217 | /* |
| 218 | * In AMD64 long mode 0x40..0x4F are valid REX prefixes |
| 219 | * Need to figure out under what instruction mode the |
| 220 | * instruction was issued. Could check the LDT for lm, |
| 221 | * but for now it's good enough to assume that long |
| 222 | * mode only uses well known segments or kernel. |
| 223 | */ |
Vincent Hanquez | 76381fe | 2005-06-23 00:08:46 -0700 | [diff] [blame] | 224 | scan_more = (!user_mode(regs)) || (regs->cs == __USER_CS); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 225 | break; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 226 | #endif |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 227 | case 0x60: |
| 228 | /* 0x64 thru 0x67 are valid prefixes in all modes. */ |
| 229 | scan_more = (instr_lo & 0xC) == 0x4; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 230 | break; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 231 | case 0xF0: |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 232 | /* 0xF0, 0xF2, 0xF3 are valid prefixes in all modes. */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 233 | scan_more = !instr_lo || (instr_lo>>1) == 1; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 234 | break; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 235 | case 0x00: |
| 236 | /* Prefetch instruction is 0x0F0D or 0x0F18 */ |
| 237 | scan_more = 0; |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 238 | #ifdef CONFIG_X86_32 |
| 239 | if (instr > (unsigned char *)limit) |
| 240 | break; |
| 241 | #endif |
Andi Kleen | ab2bf0c | 2006-12-07 02:14:06 +0100 | [diff] [blame] | 242 | if (probe_kernel_address(instr, opcode)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 243 | break; |
| 244 | prefetch = (instr_lo == 0xF) && |
| 245 | (opcode == 0x0D || opcode == 0x18); |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 246 | break; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 247 | default: |
| 248 | scan_more = 0; |
| 249 | break; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 250 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 251 | } |
| 252 | return prefetch; |
| 253 | } |
| 254 | |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 255 | static void force_sig_info_fault(int si_signo, int si_code, |
| 256 | unsigned long address, struct task_struct *tsk) |
| 257 | { |
| 258 | siginfo_t info; |
| 259 | |
| 260 | info.si_signo = si_signo; |
| 261 | info.si_errno = 0; |
| 262 | info.si_code = si_code; |
| 263 | info.si_addr = (void __user *)address; |
| 264 | force_sig_info(si_signo, &info, tsk); |
| 265 | } |
| 266 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 267 | static int bad_address(void *p) |
| 268 | { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 269 | unsigned long dummy; |
Andi Kleen | ab2bf0c | 2006-12-07 02:14:06 +0100 | [diff] [blame] | 270 | return probe_kernel_address((unsigned long *)p, dummy); |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 271 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 272 | |
| 273 | void dump_pagetable(unsigned long address) |
| 274 | { |
| 275 | pgd_t *pgd; |
| 276 | pud_t *pud; |
| 277 | pmd_t *pmd; |
| 278 | pte_t *pte; |
| 279 | |
Glauber de Oliveira Costa | f51c945 | 2007-07-22 11:12:29 +0200 | [diff] [blame] | 280 | pgd = (pgd_t *)read_cr3(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 281 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 282 | pgd = __va((unsigned long)pgd & PHYSICAL_PAGE_MASK); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 283 | pgd += pgd_index(address); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 284 | if (bad_address(pgd)) goto bad; |
Jan Beulich | d646bce | 2006-02-03 21:51:47 +0100 | [diff] [blame] | 285 | printk("PGD %lx ", pgd_val(*pgd)); |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 286 | if (!pgd_present(*pgd)) goto ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 287 | |
Andi Kleen | d2ae5b5 | 2006-06-26 13:57:56 +0200 | [diff] [blame] | 288 | pud = pud_offset(pgd, address); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 289 | if (bad_address(pud)) goto bad; |
| 290 | printk("PUD %lx ", pud_val(*pud)); |
| 291 | if (!pud_present(*pud)) goto ret; |
| 292 | |
| 293 | pmd = pmd_offset(pud, address); |
| 294 | if (bad_address(pmd)) goto bad; |
| 295 | printk("PMD %lx ", pmd_val(*pmd)); |
Jan Beulich | b1992df | 2007-10-19 20:35:03 +0200 | [diff] [blame] | 296 | if (!pmd_present(*pmd) || pmd_large(*pmd)) goto ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 297 | |
| 298 | pte = pte_offset_kernel(pmd, address); |
| 299 | if (bad_address(pte)) goto bad; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 300 | printk("PTE %lx", pte_val(*pte)); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 301 | ret: |
| 302 | printk("\n"); |
| 303 | return; |
| 304 | bad: |
| 305 | printk("BAD\n"); |
| 306 | } |
| 307 | |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 308 | #ifdef CONFIG_X86_64 |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 309 | static const char errata93_warning[] = |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 310 | KERN_ERR "******* Your BIOS seems to not contain a fix for K8 errata #93\n" |
| 311 | KERN_ERR "******* Working around it, but it may cause SEGVs or burn power.\n" |
| 312 | KERN_ERR "******* Please consider a BIOS update.\n" |
| 313 | KERN_ERR "******* Disabling USB legacy in the BIOS may also help.\n"; |
| 314 | |
| 315 | /* Workaround for K8 erratum #93 & buggy BIOS. |
| 316 | BIOS SMM functions are required to use a specific workaround |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 317 | to avoid corruption of the 64bit RIP register on C stepping K8. |
| 318 | A lot of BIOS that didn't get tested properly miss this. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 319 | The OS sees this as a page fault with the upper 32bits of RIP cleared. |
| 320 | Try to work around it here. |
| 321 | Note we only handle faults in kernel here. */ |
| 322 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 323 | static int is_errata93(struct pt_regs *regs, unsigned long address) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 324 | { |
| 325 | static int warned; |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 326 | if (address != regs->ip) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 327 | return 0; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 328 | if ((address >> 32) != 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 329 | return 0; |
| 330 | address |= 0xffffffffUL << 32; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 331 | if ((address >= (u64)_stext && address <= (u64)_etext) || |
| 332 | (address >= MODULES_VADDR && address <= MODULES_END)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 333 | if (!warned) { |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 334 | printk(errata93_warning); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 335 | warned = 1; |
| 336 | } |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 337 | regs->ip = address; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 338 | return 1; |
| 339 | } |
| 340 | return 0; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 341 | } |
Harvey Harrison | 1dc85be | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 342 | #endif |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 343 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 344 | static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs, |
| 345 | unsigned long error_code) |
| 346 | { |
Jan Beulich | 1209140 | 2005-09-12 18:49:24 +0200 | [diff] [blame] | 347 | unsigned long flags = oops_begin(); |
Jan Beulich | 6e3f361 | 2006-01-11 22:42:14 +0100 | [diff] [blame] | 348 | struct task_struct *tsk; |
Jan Beulich | 1209140 | 2005-09-12 18:49:24 +0200 | [diff] [blame] | 349 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 350 | printk(KERN_ALERT "%s: Corrupted page table at address %lx\n", |
| 351 | current->comm, address); |
| 352 | dump_pagetable(address); |
Jan Beulich | 6e3f361 | 2006-01-11 22:42:14 +0100 | [diff] [blame] | 353 | tsk = current; |
| 354 | tsk->thread.cr2 = address; |
| 355 | tsk->thread.trap_no = 14; |
| 356 | tsk->thread.error_code = error_code; |
Jan Beulich | 22f5991 | 2008-01-30 13:31:23 +0100 | [diff] [blame] | 357 | if (__die("Bad pagetable", regs, error_code)) |
| 358 | regs = NULL; |
| 359 | oops_end(flags, regs, SIGKILL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 360 | } |
| 361 | |
| 362 | /* |
Andi Kleen | f95190b | 2006-01-11 22:44:00 +0100 | [diff] [blame] | 363 | * Handle a fault on the vmalloc area |
Andi Kleen | 3b9ba4d | 2005-05-16 21:53:31 -0700 | [diff] [blame] | 364 | * |
| 365 | * This assumes no large pages in there. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 366 | */ |
| 367 | static int vmalloc_fault(unsigned long address) |
| 368 | { |
| 369 | pgd_t *pgd, *pgd_ref; |
| 370 | pud_t *pud, *pud_ref; |
| 371 | pmd_t *pmd, *pmd_ref; |
| 372 | pte_t *pte, *pte_ref; |
| 373 | |
| 374 | /* Copy kernel mappings over when needed. This can also |
| 375 | happen within a race in page table update. In the later |
| 376 | case just flush. */ |
| 377 | |
| 378 | pgd = pgd_offset(current->mm ?: &init_mm, address); |
| 379 | pgd_ref = pgd_offset_k(address); |
| 380 | if (pgd_none(*pgd_ref)) |
| 381 | return -1; |
| 382 | if (pgd_none(*pgd)) |
| 383 | set_pgd(pgd, *pgd_ref); |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 384 | else |
Dave McCracken | 46a82b2 | 2006-09-25 23:31:48 -0700 | [diff] [blame] | 385 | BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 386 | |
| 387 | /* Below here mismatches are bugs because these lower tables |
| 388 | are shared */ |
| 389 | |
| 390 | pud = pud_offset(pgd, address); |
| 391 | pud_ref = pud_offset(pgd_ref, address); |
| 392 | if (pud_none(*pud_ref)) |
| 393 | return -1; |
Dave McCracken | 46a82b2 | 2006-09-25 23:31:48 -0700 | [diff] [blame] | 394 | if (pud_none(*pud) || pud_page_vaddr(*pud) != pud_page_vaddr(*pud_ref)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 395 | BUG(); |
| 396 | pmd = pmd_offset(pud, address); |
| 397 | pmd_ref = pmd_offset(pud_ref, address); |
| 398 | if (pmd_none(*pmd_ref)) |
| 399 | return -1; |
| 400 | if (pmd_none(*pmd) || pmd_page(*pmd) != pmd_page(*pmd_ref)) |
| 401 | BUG(); |
| 402 | pte_ref = pte_offset_kernel(pmd_ref, address); |
| 403 | if (!pte_present(*pte_ref)) |
| 404 | return -1; |
| 405 | pte = pte_offset_kernel(pmd, address); |
Andi Kleen | 3b9ba4d | 2005-05-16 21:53:31 -0700 | [diff] [blame] | 406 | /* Don't use pte_page here, because the mappings can point |
| 407 | outside mem_map, and the NUMA hash lookup cannot handle |
| 408 | that. */ |
| 409 | if (!pte_present(*pte) || pte_pfn(*pte) != pte_pfn(*pte_ref)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 410 | BUG(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 411 | return 0; |
| 412 | } |
| 413 | |
Masoud Asgharifard Sharbiani | abd4f75 | 2007-07-22 11:12:28 +0200 | [diff] [blame] | 414 | int show_unhandled_signals = 1; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 415 | |
| 416 | /* |
| 417 | * This routine handles page faults. It determines the address, |
| 418 | * and the problem, and then passes it off to one of the appropriate |
| 419 | * routines. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 420 | */ |
Prasanna S Panchamukhi | 0f2fbdc | 2005-09-06 15:19:28 -0700 | [diff] [blame] | 421 | asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, |
| 422 | unsigned long error_code) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 423 | { |
| 424 | struct task_struct *tsk; |
| 425 | struct mm_struct *mm; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 426 | struct vm_area_struct *vma; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 427 | unsigned long address; |
Nick Piggin | 83c5407 | 2007-07-19 01:47:05 -0700 | [diff] [blame] | 428 | int write, fault; |
Jan Beulich | 1209140 | 2005-09-12 18:49:24 +0200 | [diff] [blame] | 429 | unsigned long flags; |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 430 | int si_code; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 431 | |
Peter Zijlstra | 143a5d3 | 2007-10-25 14:01:10 +0200 | [diff] [blame] | 432 | /* |
| 433 | * We can fault from pretty much anywhere, with unknown IRQ state. |
| 434 | */ |
| 435 | trace_hardirqs_fixup(); |
| 436 | |
Arjan van de Ven | a9ba9a3 | 2006-03-25 16:30:10 +0100 | [diff] [blame] | 437 | tsk = current; |
| 438 | mm = tsk->mm; |
| 439 | prefetchw(&mm->mmap_sem); |
| 440 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 441 | /* get the address */ |
Glauber de Oliveira Costa | f51c945 | 2007-07-22 11:12:29 +0200 | [diff] [blame] | 442 | address = read_cr2(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 443 | |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 444 | si_code = SEGV_MAPERR; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 445 | |
| 446 | |
| 447 | /* |
| 448 | * We fault-in kernel-space virtual memory on-demand. The |
| 449 | * 'reference' page table is init_mm.pgd. |
| 450 | * |
| 451 | * NOTE! We MUST NOT take any locks for this case. We may |
| 452 | * be in an interrupt or a critical region, and should |
| 453 | * only copy the information from the master page table, |
| 454 | * nothing more. |
| 455 | * |
| 456 | * This verifies that the fault happens in kernel space |
| 457 | * (error_code & 4) == 0, and that the fault was not a |
Jan Beulich | 8b1bde9 | 2006-01-11 22:42:23 +0100 | [diff] [blame] | 458 | * protection error (error_code & 9) == 0. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 459 | */ |
Suresh Siddha | 8492980 | 2005-06-21 17:14:32 -0700 | [diff] [blame] | 460 | if (unlikely(address >= TASK_SIZE64)) { |
Andi Kleen | f95190b | 2006-01-11 22:44:00 +0100 | [diff] [blame] | 461 | /* |
| 462 | * Don't check for the module range here: its PML4 |
| 463 | * is always initialized because it's shared with the main |
| 464 | * kernel text. Only vmalloc may need PML4 syncups. |
| 465 | */ |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 466 | if (!(error_code & (PF_RSVD|PF_USER|PF_PROT)) && |
Andi Kleen | f95190b | 2006-01-11 22:44:00 +0100 | [diff] [blame] | 467 | ((address >= VMALLOC_START && address < VMALLOC_END))) { |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 468 | if (vmalloc_fault(address) >= 0) |
| 469 | return; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 470 | } |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 471 | if (notify_page_fault(regs)) |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 472 | return; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 473 | /* |
| 474 | * Don't take the mm semaphore here. If we fixup a prefetch |
| 475 | * fault we could otherwise deadlock. |
| 476 | */ |
| 477 | goto bad_area_nosemaphore; |
| 478 | } |
| 479 | |
Christoph Hellwig | 74a0b57 | 2007-10-16 01:24:07 -0700 | [diff] [blame] | 480 | if (notify_page_fault(regs)) |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 481 | return; |
| 482 | |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 483 | if (likely(regs->flags & X86_EFLAGS_IF)) |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 484 | local_irq_enable(); |
| 485 | |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 486 | if (unlikely(error_code & PF_RSVD)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 487 | pgtable_bad(address, regs, error_code); |
| 488 | |
| 489 | /* |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 490 | * If we're in an interrupt, have no user context or are running in an |
| 491 | * atomic region then we must not take the fault. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 492 | */ |
| 493 | if (unlikely(in_atomic() || !mm)) |
| 494 | goto bad_area_nosemaphore; |
| 495 | |
Linus Torvalds | dbe3ed1 | 2007-09-19 11:37:14 -0700 | [diff] [blame] | 496 | /* |
| 497 | * User-mode registers count as a user access even for any |
| 498 | * potential system fault or CPU buglet. |
| 499 | */ |
| 500 | if (user_mode_vm(regs)) |
| 501 | error_code |= PF_USER; |
| 502 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 503 | again: |
| 504 | /* When running in the kernel we expect faults to occur only to |
| 505 | * addresses in user space. All other faults represent errors in the |
Simon Arlott | 676b185 | 2007-10-20 01:25:36 +0200 | [diff] [blame] | 506 | * kernel and should generate an OOPS. Unfortunately, in the case of an |
Adrian Bunk | 80f7228 | 2006-06-30 18:27:16 +0200 | [diff] [blame] | 507 | * erroneous fault occurring in a code path which already holds mmap_sem |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 508 | * we will deadlock attempting to validate the fault against the |
| 509 | * address space. Luckily the kernel only validly references user |
| 510 | * space from well defined areas of code, which are listed in the |
| 511 | * exceptions table. |
| 512 | * |
| 513 | * As the vast majority of faults will be valid we will only perform |
Simon Arlott | 676b185 | 2007-10-20 01:25:36 +0200 | [diff] [blame] | 514 | * the source reference check when there is a possibility of a deadlock. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 515 | * Attempt to lock the address space, if we cannot we then validate the |
| 516 | * source. If this is invalid we can skip the address space check, |
| 517 | * thus avoiding the deadlock. |
| 518 | */ |
| 519 | if (!down_read_trylock(&mm->mmap_sem)) { |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 520 | if ((error_code & PF_USER) == 0 && |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 521 | !search_exception_tables(regs->ip)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 522 | goto bad_area_nosemaphore; |
| 523 | down_read(&mm->mmap_sem); |
| 524 | } |
| 525 | |
| 526 | vma = find_vma(mm, address); |
| 527 | if (!vma) |
| 528 | goto bad_area; |
| 529 | if (likely(vma->vm_start <= address)) |
| 530 | goto good_area; |
| 531 | if (!(vma->vm_flags & VM_GROWSDOWN)) |
| 532 | goto bad_area; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 533 | if (error_code & PF_USER) { |
Chuck Ebbert | 03fdc2c | 2006-06-26 13:59:50 +0200 | [diff] [blame] | 534 | /* Allow userspace just enough access below the stack pointer |
| 535 | * to let the 'enter' instruction work. |
| 536 | */ |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 537 | if (address + 65536 + 32 * sizeof(unsigned long) < regs->sp) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 538 | goto bad_area; |
| 539 | } |
| 540 | if (expand_stack(vma, address)) |
| 541 | goto bad_area; |
| 542 | /* |
| 543 | * Ok, we have a good vm_area for this memory access, so |
| 544 | * we can handle it.. |
| 545 | */ |
| 546 | good_area: |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 547 | si_code = SEGV_ACCERR; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 548 | write = 0; |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 549 | switch (error_code & (PF_PROT|PF_WRITE)) { |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 550 | default: /* 3: write, present */ |
| 551 | /* fall through */ |
| 552 | case PF_WRITE: /* write, not present */ |
| 553 | if (!(vma->vm_flags & VM_WRITE)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 554 | goto bad_area; |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 555 | write++; |
| 556 | break; |
| 557 | case PF_PROT: /* read, present */ |
| 558 | goto bad_area; |
| 559 | case 0: /* read, not present */ |
| 560 | if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) |
| 561 | goto bad_area; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 562 | } |
| 563 | |
| 564 | /* |
| 565 | * If for any reason at all we couldn't handle the fault, |
| 566 | * make sure we exit gracefully rather than endlessly redo |
| 567 | * the fault. |
| 568 | */ |
Nick Piggin | 83c5407 | 2007-07-19 01:47:05 -0700 | [diff] [blame] | 569 | fault = handle_mm_fault(mm, vma, address, write); |
| 570 | if (unlikely(fault & VM_FAULT_ERROR)) { |
| 571 | if (fault & VM_FAULT_OOM) |
| 572 | goto out_of_memory; |
| 573 | else if (fault & VM_FAULT_SIGBUS) |
| 574 | goto do_sigbus; |
| 575 | BUG(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 576 | } |
Nick Piggin | 83c5407 | 2007-07-19 01:47:05 -0700 | [diff] [blame] | 577 | if (fault & VM_FAULT_MAJOR) |
| 578 | tsk->maj_flt++; |
| 579 | else |
| 580 | tsk->min_flt++; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 581 | up_read(&mm->mmap_sem); |
| 582 | return; |
| 583 | |
| 584 | /* |
| 585 | * Something tried to access memory that isn't in our memory map.. |
| 586 | * Fix it, but check if it's kernel or user first.. |
| 587 | */ |
| 588 | bad_area: |
| 589 | up_read(&mm->mmap_sem); |
| 590 | |
| 591 | bad_area_nosemaphore: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 592 | /* User mode accesses just cause a SIGSEGV */ |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 593 | if (error_code & PF_USER) { |
Steven Rostedt | e5e3c84 | 2007-06-06 23:34:04 -0400 | [diff] [blame] | 594 | |
| 595 | /* |
| 596 | * It's possible to have interrupts off here. |
| 597 | */ |
| 598 | local_irq_enable(); |
| 599 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 600 | if (is_prefetch(regs, address, error_code)) |
| 601 | return; |
| 602 | |
| 603 | /* Work around K8 erratum #100 K8 in compat mode |
| 604 | occasionally jumps to illegal addresses >4GB. We |
| 605 | catch this here in the page fault handler because |
| 606 | these addresses are not reachable. Just detect this |
| 607 | case and return. Any code segment in LDT is |
| 608 | compatibility mode. */ |
| 609 | if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && |
| 610 | (address >> 32)) |
| 611 | return; |
| 612 | |
Masoud Asgharifard Sharbiani | abd4f75 | 2007-07-22 11:12:28 +0200 | [diff] [blame] | 613 | if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) && |
| 614 | printk_ratelimit()) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 615 | printk( |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 616 | "%s%s[%d]: segfault at %lx ip %lx sp %lx error %lx\n", |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 617 | tsk->pid > 1 ? KERN_INFO : KERN_EMERG, |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 618 | tsk->comm, tsk->pid, address, regs->ip, |
| 619 | regs->sp, error_code); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 620 | } |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 621 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 622 | tsk->thread.cr2 = address; |
| 623 | /* Kernel addresses are always protection faults */ |
| 624 | tsk->thread.error_code = error_code | (address >= TASK_SIZE); |
| 625 | tsk->thread.trap_no = 14; |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 626 | |
| 627 | force_sig_info_fault(SIGSEGV, si_code, address, tsk); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 628 | return; |
| 629 | } |
| 630 | |
| 631 | no_context: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 632 | /* Are we prepared to handle this kernel fault? */ |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 633 | if (fixup_exception(regs)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 634 | return; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 635 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 636 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 637 | * Hall of shame of CPU/BIOS bugs. |
| 638 | */ |
| 639 | |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 640 | if (is_prefetch(regs, address, error_code)) |
| 641 | return; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 642 | |
| 643 | if (is_errata93(regs, address)) |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 644 | return; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 645 | |
| 646 | /* |
| 647 | * Oops. The kernel tried to access some bad page. We'll have to |
| 648 | * terminate things with extreme prejudice. |
| 649 | */ |
| 650 | |
Jan Beulich | 1209140 | 2005-09-12 18:49:24 +0200 | [diff] [blame] | 651 | flags = oops_begin(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 652 | |
| 653 | if (address < PAGE_SIZE) |
| 654 | printk(KERN_ALERT "Unable to handle kernel NULL pointer dereference"); |
| 655 | else |
| 656 | printk(KERN_ALERT "Unable to handle kernel paging request"); |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 657 | printk(" at %016lx RIP: \n" KERN_ALERT, address); |
H. Peter Anvin | 65ea5b0 | 2008-01-30 13:30:56 +0100 | [diff] [blame] | 658 | printk_address(regs->ip); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 659 | dump_pagetable(address); |
Jan Beulich | 6e3f361 | 2006-01-11 22:42:14 +0100 | [diff] [blame] | 660 | tsk->thread.cr2 = address; |
| 661 | tsk->thread.trap_no = 14; |
| 662 | tsk->thread.error_code = error_code; |
Jan Beulich | 22f5991 | 2008-01-30 13:31:23 +0100 | [diff] [blame] | 663 | if (__die("Oops", regs, error_code)) |
| 664 | regs = NULL; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 665 | /* Executive summary in case the body of the oops scrolled away */ |
| 666 | printk(KERN_EMERG "CR2: %016lx\n", address); |
Jan Beulich | 22f5991 | 2008-01-30 13:31:23 +0100 | [diff] [blame] | 667 | oops_end(flags, regs, SIGKILL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 668 | |
| 669 | /* |
| 670 | * We ran out of memory, or some other thing happened to us that made |
| 671 | * us unable to handle the page fault gracefully. |
| 672 | */ |
| 673 | out_of_memory: |
| 674 | up_read(&mm->mmap_sem); |
Serge E. Hallyn | b460cbc | 2007-10-18 23:39:52 -0700 | [diff] [blame] | 675 | if (is_global_init(current)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 676 | yield(); |
| 677 | goto again; |
| 678 | } |
| 679 | printk("VM: killing process %s\n", tsk->comm); |
Harvey Harrison | 318aa29 | 2008-01-30 13:32:59 +0100 | [diff] [blame^] | 680 | if (error_code & PF_USER) |
Will Schmidt | 021daae | 2007-07-21 17:11:17 +0200 | [diff] [blame] | 681 | do_group_exit(SIGKILL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 682 | goto no_context; |
| 683 | |
| 684 | do_sigbus: |
| 685 | up_read(&mm->mmap_sem); |
| 686 | |
| 687 | /* Kernel mode? Handle exceptions or die */ |
Andi Kleen | 66c5815 | 2006-01-11 22:44:09 +0100 | [diff] [blame] | 688 | if (!(error_code & PF_USER)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 689 | goto no_context; |
| 690 | |
| 691 | tsk->thread.cr2 = address; |
| 692 | tsk->thread.error_code = error_code; |
| 693 | tsk->thread.trap_no = 14; |
Harvey Harrison | c4aba4a | 2008-01-30 13:32:35 +0100 | [diff] [blame] | 694 | force_sig_info_fault(SIGBUS, BUS_ADRERR, address, tsk); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 695 | return; |
| 696 | } |
Andi Kleen | 9e43e1b | 2005-11-05 17:25:54 +0100 | [diff] [blame] | 697 | |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 698 | DEFINE_SPINLOCK(pgd_lock); |
Christoph Lameter | 2bff738 | 2007-05-02 19:27:10 +0200 | [diff] [blame] | 699 | LIST_HEAD(pgd_list); |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 700 | |
| 701 | void vmalloc_sync_all(void) |
| 702 | { |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 703 | /* Note that races in the updates of insync and start aren't |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 704 | problematic: |
| 705 | insync can only get set bits added, and updates to start are only |
| 706 | improving performance (without affecting correctness if undone). */ |
| 707 | static DECLARE_BITMAP(insync, PTRS_PER_PGD); |
| 708 | static unsigned long start = VMALLOC_START & PGDIR_MASK; |
| 709 | unsigned long address; |
| 710 | |
| 711 | for (address = start; address <= VMALLOC_END; address += PGDIR_SIZE) { |
| 712 | if (!test_bit(pgd_index(address), insync)) { |
| 713 | const pgd_t *pgd_ref = pgd_offset_k(address); |
| 714 | struct page *page; |
| 715 | |
| 716 | if (pgd_none(*pgd_ref)) |
| 717 | continue; |
| 718 | spin_lock(&pgd_lock); |
Christoph Lameter | 2bff738 | 2007-05-02 19:27:10 +0200 | [diff] [blame] | 719 | list_for_each_entry(page, &pgd_list, lru) { |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 720 | pgd_t *pgd; |
| 721 | pgd = (pgd_t *)page_address(page) + pgd_index(address); |
| 722 | if (pgd_none(*pgd)) |
| 723 | set_pgd(pgd, *pgd_ref); |
| 724 | else |
Dave McCracken | 46a82b2 | 2006-09-25 23:31:48 -0700 | [diff] [blame] | 725 | BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 726 | } |
| 727 | spin_unlock(&pgd_lock); |
| 728 | set_bit(pgd_index(address), insync); |
| 729 | } |
| 730 | if (address == start) |
| 731 | start = address + PGDIR_SIZE; |
| 732 | } |
| 733 | /* Check that there is no need to do the same for the modules area. */ |
| 734 | BUILD_BUG_ON(!(MODULES_VADDR > __START_KERNEL)); |
Harvey Harrison | 33cb524 | 2008-01-30 13:32:19 +0100 | [diff] [blame] | 735 | BUILD_BUG_ON(!(((MODULES_END - 1) & PGDIR_MASK) == |
Jan Beulich | 8c914cb | 2006-03-25 16:29:40 +0100 | [diff] [blame] | 736 | (__START_KERNEL & PGDIR_MASK))); |
| 737 | } |