1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2009 Sunplus Core Technology Co., Ltd.
6 * Copyright (C) 2012 Regents of the University of California
11 #include <linux/kernel.h>
12 #include <linux/interrupt.h>
13 #include <linux/perf_event.h>
14 #include <linux/signal.h>
15 #include <linux/uaccess.h>
16 #include <linux/kprobes.h>
17 #include <linux/kfence.h>
18 #include <linux/entry-common.h>
20 #include <asm/ptrace.h>
21 #include <asm/tlbflush.h>
23 #include "../kernel/head.h"
25 static void die_kernel_fault(const char *msg, unsigned long addr,
30 pr_alert("Unable to handle kernel %s at virtual address " REG_FMT "\n", msg,
35 make_task_dead(SIGKILL);
38 static inline void no_context(struct pt_regs *regs, unsigned long addr)
42 /* Are we prepared to handle this kernel fault? */
43 if (fixup_exception(regs))
47 * Oops. The kernel tried to access some bad page. We'll have to
48 * terminate things with extreme prejudice.
51 msg = "NULL pointer dereference";
53 if (kfence_handle_page_fault(addr, regs->cause == EXC_STORE_PAGE_FAULT, regs))
56 msg = "paging request";
59 die_kernel_fault(msg, addr, regs);
62 static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr, vm_fault_t fault)
64 if (!user_mode(regs)) {
65 no_context(regs, addr);
69 if (fault & VM_FAULT_OOM) {
71 * We ran out of memory, call the OOM killer, and return the userspace
72 * (which will retry the fault, or kill us if we got oom-killed).
74 pagefault_out_of_memory();
76 } else if (fault & (VM_FAULT_SIGBUS | VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) {
77 /* Kernel mode? Handle exceptions or die */
78 do_trap(regs, SIGBUS, BUS_ADRERR, addr);
80 } else if (fault & VM_FAULT_SIGSEGV) {
81 do_trap(regs, SIGSEGV, SEGV_MAPERR, addr);
89 bad_area_nosemaphore(struct pt_regs *regs, int code, unsigned long addr)
92 * Something tried to access memory that isn't in our memory map.
93 * Fix it, but check if it's kernel or user first.
95 /* User mode accesses just cause a SIGSEGV */
96 if (user_mode(regs)) {
97 do_trap(regs, SIGSEGV, code, addr);
101 no_context(regs, addr);
105 bad_area(struct pt_regs *regs, struct mm_struct *mm, int code,
108 mmap_read_unlock(mm);
110 bad_area_nosemaphore(regs, code, addr);
113 static inline void vmalloc_fault(struct pt_regs *regs, int code, unsigned long addr)
123 /* User mode accesses just cause a SIGSEGV */
125 return do_trap(regs, SIGSEGV, code, addr);
128 * Synchronize this task's top level page-table
129 * with the 'reference' page table.
131 * Do _not_ use "tsk->active_mm->pgd" here.
132 * We might be inside an interrupt in the middle
135 index = pgd_index(addr);
136 pfn = csr_read(CSR_SATP) & SATP_PPN;
137 pgd = (pgd_t *)pfn_to_virt(pfn) + index;
138 pgd_k = init_mm.pgd + index;
140 if (!pgd_present(pgdp_get(pgd_k))) {
141 no_context(regs, addr);
144 set_pgd(pgd, pgdp_get(pgd_k));
146 p4d_k = p4d_offset(pgd_k, addr);
147 if (!p4d_present(p4dp_get(p4d_k))) {
148 no_context(regs, addr);
152 pud_k = pud_offset(p4d_k, addr);
153 if (!pud_present(pudp_get(pud_k))) {
154 no_context(regs, addr);
157 if (pud_leaf(pudp_get(pud_k)))
161 * Since the vmalloc area is global, it is unnecessary
162 * to copy individual PTEs
164 pmd_k = pmd_offset(pud_k, addr);
165 if (!pmd_present(pmdp_get(pmd_k))) {
166 no_context(regs, addr);
169 if (pmd_leaf(pmdp_get(pmd_k)))
173 * Make sure the actual PTE exists as well to
174 * catch kernel vmalloc-area accesses to non-mapped
175 * addresses. If we don't do this, this will just
176 * silently loop forever.
178 pte_k = pte_offset_kernel(pmd_k, addr);
179 if (!pte_present(ptep_get(pte_k))) {
180 no_context(regs, addr);
185 * The kernel assumes that TLBs don't cache invalid
186 * entries, but in RISC-V, SFENCE.VMA specifies an
187 * ordering constraint, not a cache flush; it is
188 * necessary even after writing invalid entries.
191 local_flush_tlb_page(addr);
194 static inline bool access_error(unsigned long cause, struct vm_area_struct *vma)
197 case EXC_INST_PAGE_FAULT:
198 if (!(vma->vm_flags & VM_EXEC)) {
202 case EXC_LOAD_PAGE_FAULT:
203 /* Write implies read */
204 if (!(vma->vm_flags & (VM_READ | VM_WRITE))) {
208 case EXC_STORE_PAGE_FAULT:
209 if (!(vma->vm_flags & VM_WRITE)) {
214 panic("%s: unhandled cause %lu", __func__, cause);
220 * This routine handles page faults. It determines the address and the
221 * problem, and then passes it off to one of the appropriate routines.
223 void handle_page_fault(struct pt_regs *regs)
225 struct task_struct *tsk;
226 struct vm_area_struct *vma;
227 struct mm_struct *mm;
228 unsigned long addr, cause;
229 unsigned int flags = FAULT_FLAG_DEFAULT;
230 int code = SEGV_MAPERR;
234 addr = regs->badaddr;
239 if (kprobe_page_fault(regs, cause))
243 * Fault-in kernel-space virtual memory on-demand.
244 * The 'reference' page table is init_mm.pgd.
246 * NOTE! We MUST NOT take any locks for this case. We may
247 * be in an interrupt or a critical region, and should
248 * only copy the information from the master page table,
251 if ((!IS_ENABLED(CONFIG_MMU) || !IS_ENABLED(CONFIG_64BIT)) &&
252 unlikely(addr >= VMALLOC_START && addr < VMALLOC_END)) {
253 vmalloc_fault(regs, code, addr);
257 /* Enable interrupts if they were enabled in the parent context. */
258 if (!regs_irqs_disabled(regs))
262 * If we're in an interrupt, have no user context, or are running
263 * in an atomic region, then we must not take the fault.
265 if (unlikely(faulthandler_disabled() || !mm)) {
266 tsk->thread.bad_cause = cause;
267 no_context(regs, addr);
272 flags |= FAULT_FLAG_USER;
274 if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & SR_SUM))) {
275 if (fixup_exception(regs))
278 die_kernel_fault("access to user memory without uaccess routines", addr, regs);
281 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);
283 if (cause == EXC_STORE_PAGE_FAULT)
284 flags |= FAULT_FLAG_WRITE;
285 else if (cause == EXC_INST_PAGE_FAULT)
286 flags |= FAULT_FLAG_INSTRUCTION;
287 if (!(flags & FAULT_FLAG_USER))
290 vma = lock_vma_under_rcu(mm, addr);
294 if (unlikely(access_error(cause, vma))) {
296 count_vm_vma_lock_event(VMA_LOCK_SUCCESS);
297 tsk->thread.bad_cause = cause;
298 bad_area_nosemaphore(regs, SEGV_ACCERR, addr);
302 fault = handle_mm_fault(vma, addr, flags | FAULT_FLAG_VMA_LOCK, regs);
303 if (!(fault & (VM_FAULT_RETRY | VM_FAULT_COMPLETED)))
306 if (!(fault & VM_FAULT_RETRY)) {
307 count_vm_vma_lock_event(VMA_LOCK_SUCCESS);
310 count_vm_vma_lock_event(VMA_LOCK_RETRY);
311 if (fault & VM_FAULT_MAJOR)
312 flags |= FAULT_FLAG_TRIED;
314 if (fault_signal_pending(fault, regs)) {
315 if (!user_mode(regs))
316 no_context(regs, addr);
322 vma = lock_mm_and_find_vma(mm, addr, regs);
323 if (unlikely(!vma)) {
324 tsk->thread.bad_cause = cause;
325 bad_area_nosemaphore(regs, code, addr);
330 * Ok, we have a good vm_area for this memory access, so
335 if (unlikely(access_error(cause, vma))) {
336 tsk->thread.bad_cause = cause;
337 bad_area(regs, mm, code, addr);
342 * If for any reason at all we could not handle the fault,
343 * make sure we exit gracefully rather than endlessly redo
346 fault = handle_mm_fault(vma, addr, flags, regs);
349 * If we need to retry but a fatal signal is pending, handle the
350 * signal first. We do not need to release the mmap_lock because it
351 * would already be released in __lock_page_or_retry in mm/filemap.c.
353 if (fault_signal_pending(fault, regs)) {
354 if (!user_mode(regs))
355 no_context(regs, addr);
359 /* The fault is fully completed (including releasing mmap lock) */
360 if (fault & VM_FAULT_COMPLETED)
363 if (unlikely(fault & VM_FAULT_RETRY)) {
364 flags |= FAULT_FLAG_TRIED;
367 * No need to mmap_read_unlock(mm) as we would
368 * have already released it in __lock_page_or_retry
374 mmap_read_unlock(mm);
377 if (unlikely(fault & VM_FAULT_ERROR)) {
378 tsk->thread.bad_cause = cause;
379 mm_fault_error(regs, addr, fault);
projects / J-linux.git / blob