标签:
在下面几种情况下会发生,页面出错异常(也叫缺页中断):
1、相应的页面目录项或者页面表项为空,也就是该线性地址与物理地址的映射关系尚未建立,或者已经撤销。本文讨论的就是这种情况。
2、相应的物理页面不在内存中。
3、指令中规定的访问方式与页面的权限不符,例如企图写一个“只读”的页面。
首先看下进程地址空间示意图:
假设现在需要调用某个子程序,因此CPU需将返回地址压入堆栈,也就是要将返回地址写入虚拟空间地址为(%esp-4)的地方。可是,在我们这个情景中地址(%esp-4)落入了空洞中,这是尚未映射的地址,因此必然要引起一次页面出错异常。
这里假定CPU的运行已经到达了页面异常服务程序的主体do_page_fault()的入口处。代码如下:
arch/i386/mm/fault.c
asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct task_struct *tsk; struct mm_struct *mm; struct vm_area_struct * vma; unsigned long address; unsigned long page; unsigned long fixup; int write; siginfo_t info; /* get the address */ __asm__("movl %%cr2,%0":"=r" (address));//把映射的失败的地址保存在address中,也就是%esp-4 tsk = current;//task_struct /* * We fault-in kernel-space virtual memory on-demand. The * ‘reference‘ page table is init_mm.pgd. * * NOTE! We MUST NOT take any locks for this case. We may * be in an interrupt or a critical region, and should * only copy the information from the master page table, * nothing more. */ if (address >= TASK_SIZE) goto vmalloc_fault; mm = tsk->mm;//mm_struct info.si_code = SEGV_MAPERR; /* * If we‘re in an interrupt or have no user * context, we must not take the fault.. */ if (in_interrupt() || !mm) goto no_context; down(&mm->mmap_sem); vma = find_vma(mm, address);//找出结束地址大于给定地址的第一个区间。 if (!vma)//没有找到,说明没有一个区间的结束地址高于给定的地址,参考上图,说明这个地址是在堆栈之下,也就是3G字节以上了。 goto bad_area; if (vma->vm_start <= address)//起始地址不高于address,说明映射已经建立,转到good_area去进一步检查失败原因。 goto good_area; if (!(vma->vm_flags & VM_GROWSDOWN))//起始地址大于address,说明落到了空洞里面;如果vm_flags为VM_GROWSDOWN,说明落在堆栈区中,不会goto bad_area。 goto bad_area; if (error_code & 4) {//发生在用户态 /* * accessing the stack below %esp is always a bug. * The "+ 32" is there due to some instructions (like * pusha) doing post-decrement on the stack and that * doesn‘t show up until later.. */ if (address + 32 < regs->esp)//确保这是压栈操作,一次压入堆栈是4个字节,最多是pusha,压入32个字节。 goto bad_area; } if (expand_stack(vma, address))//看下面代码注释 goto bad_area; /* * Ok, we have a good vm_area for this memory access, so * we can handle it.. */ good_area: info.si_code = SEGV_ACCERR; write = 0; switch (error_code & 3) {// 110 & 011 = 2 default: /* 3: write, present */ #ifdef TEST_VERIFY_AREA if (regs->cs == KERNEL_CS) printk("WP fault at %08lx\n", regs->eip); #endif /* fall through */ case 2: /* write, not present */ if (!(vma->vm_flags & VM_WRITE)) goto bad_area; write++;//执行到这里 break; case 1: /* read, present */ goto bad_area; case 0: /* read, not present */ if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; } /* * If for any reason at all we couldn‘t handle the fault, * make sure we exit gracefully rather than endlessly redo * the fault. */ switch (handle_mm_fault(mm, vma, address, write)) { case 1: tsk->min_flt++; break; case 2: tsk->maj_flt++; break; case 0: goto do_sigbus; default: goto out_of_memory; } /* * Did it hit the DOS screen memory VA from vm86 mode? */ if (regs->eflags & VM_MASK) { unsigned long bit = (address - 0xA0000) >> PAGE_SHIFT; if (bit < 32) tsk->thread.screen_bitmap |= 1 << bit; } up(&mm->mmap_sem); return; ....... }
error_code:
bit 0 == 0 means no page found, 1 means protection fault
bit 1 == 0 means read, 1 means write
bit 2 == 0 means kernel, 1 means user-mode
此时,error_code为110,用户态,尚未映射,写。
expand_stack函数,代码如下:
static inline int expand_stack(struct vm_area_struct * vma, unsigned long address) { unsigned long grow; address &= PAGE_MASK;//地址按页面边界对齐 grow = (vma->vm_start - address) >> PAGE_SHIFT;//本例中grow为1个页面 if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur || ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) return -ENOMEM; vma->vm_start = address;//起始地址向低地址移了一个页面的距离 vma->vm_pgoff -= grow; vma->vm_mm->total_vm += grow; if (vma->vm_flags & VM_LOCKED) vma->vm_mm->locked_vm += grow; return 0; }
int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct * vma, unsigned long address, int write_access) { int ret = -1; pgd_t *pgd; pmd_t *pmd; pgd = pgd_offset(mm, address);//返回页面表项指针 pmd = pmd_alloc(pgd, address);//中转了一下,还是页目录表项指针 if (pmd) { pte_t * pte = pte_alloc(pmd, address);//返回指向页表项的指针 if (pte) ret = handle_pte_fault(mm, vma, address, write_access, pte); } return ret; }
pgd_offset函数,如下:
#define pgd_offset(mm, address) ((mm)->pgd+pgd_index(address))
extern inline pmd_t * pmd_alloc(pgd_t *pgd, unsigned long address) { if (!pgd) BUG(); return (pmd_t *) pgd; }
extern inline pte_t * pte_alloc(pmd_t * pmd, unsigned long address) { address = (address >> PAGE_SHIFT) & (PTRS_PER_PTE - 1);//在页表中的偏移 if (pmd_none(*pmd))//是否存在该页目录项 goto getnew;//如果没有就去创建 if (pmd_bad(*pmd)) goto fix; return (pte_t *)pmd_page(*pmd) + address;//有就返回指向页表项的指针 getnew: { unsigned long page = (unsigned long) get_pte_fast();//创建页表 if (!page) return get_pte_slow(pmd, address); set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(page)));//让页目录项指向页表 return (pte_t *)page + address;//返回指向页表项的指针 } fix: __handle_bad_pmd(pmd); return NULL;
static inline int handle_pte_fault(struct mm_struct *mm, struct vm_area_struct * vma, unsigned long address, int write_access, pte_t * pte) { pte_t entry; /* * We need the page table lock to synchronize with kswapd * and the SMP-safe atomic PTE updates. */ spin_lock(&mm->page_table_lock); entry = *pte;//页表项中内容 if (!pte_present(entry)) {//页表项为空 /* * If it truly wasn‘t present, we know that kswapd * and the PTE updates will not touch it later. So * drop the lock. */ spin_unlock(&mm->page_table_lock); if (pte_none(entry))//页表项为空 return do_no_page(mm, vma, address, write_access, pte); return do_swap_page(mm, vma, address, pte, pte_to_swp_entry(entry), write_access); } if (write_access) { if (!pte_write(entry)) return do_wp_page(mm, vma, address, pte, entry); entry = pte_mkdirty(entry); } entry = pte_mkyoung(entry); establish_pte(vma, address, pte, entry); spin_unlock(&mm->page_table_lock); return 1; }
static int do_no_page(struct mm_struct * mm, struct vm_area_struct * vma, unsigned long address, int write_access, pte_t *page_table) { struct page * new_page; pte_t entry; if (!vma->vm_ops || !vma->vm_ops->nopage)//都为空 return do_anonymous_page(mm, vma, page_table, write_access, address); ....... return 2; /* Major fault */ }
static int do_anonymous_page(struct mm_struct * mm, struct vm_area_struct * vma, pte_t *page_table, int write_access, unsigned long addr) { struct page *page = NULL; pte_t entry = pte_wrprotect(mk_pte(ZERO_PAGE(addr), vma->vm_page_prot)); if (write_access) { //write_access为1 page = alloc_page(GFP_HIGHUSER);//分配页面 if (!page) return -1; clear_user_highpage(page, addr); entry = pte_mkwrite(pte_mkdirty(mk_pte(page, vma->vm_page_prot)));//页表项赋予已写过对应的物理页,可进行读、写或者执行 mm->rss++; flush_page_to_ram(page); } set_pte(page_table, entry);//页表项(属性刚才已经设置了)指向对应的页面 /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, addr, entry); return 1; /* Minor fault */ }
标签:
原文地址:http://blog.csdn.net/jltxgcy/article/details/44001245