Linux缺页异常处理--用户空间

dotraplinkage void __kprobes
T4_#fR%UrB0do_page_fault(struct pt_regs *regs, unsigned long error_code)
)y*A.?9`[0{
q j4{Dz7AF0 struct vm_area_struct *vma;
a
lDX3j~(t0 struct task_struct *tsk;
yLN?hgg0 unsigned long address;51Testing软件测试网GHV_$ejq
 struct mm_struct *mm;
Ai$g9j,c~}*N+Z8m0 int write;
uo~*LqNKB0 int fault;

 tsk = current; //获取当前进程
&S\
AOy2n-D:G0 mm = tsk->mm;  //获取当前进程的地址空间51Testing软件测试网|c3XT-g { ~

 /* Get the faulting address: */51Testing软件测试网r7QT)};Hv
 address = read_cr2(); //读取CR2寄存器获取触发异常的访问地址

!w}i*AF9g0 ...
}W#V)V {z[+p @0         ...
6lr2N\CCN0         ...51Testing软件测试网Jxa)zL.?
         ...51Testing软件测试网|w'c1PH T
r

H#J U?Xw0 vma = find_vma(mm, address);//试图寻找到一个离address最近的vma，vma包含address或在address之后

;Mw4p$l,qXx#a0 /*没有找到这样的vma则说明address之后没有虚拟内存区域，因此该address肯定是无效的，
5yA%z~Lsz0   通过bad_area()路径来处理,bad_area()的主体就是__bad_area()-->bad_area_nosemaphore()*/51Testing软件测试网P_s/fu~`1@H
 if (unlikely(!vma)) {51Testing软件测试网 n0J$qC5pB
  bad_area(regs, error_code, address);51Testing软件测试网~/v#se1Q|${9ZsI]9dd
  return;
G/NS Rm8Q0 }
E$j6h1Q:_0 /*如果该地址包含在vma之中，则跳转到good_area处进行处理*/51Testing软件测试网(Qw8\]@M
 if (likely(vma->vm_start <= address))51Testing软件测试网8K\Fb7umD*H
  goto good_area;

$E,W[v1i2]b vs H5|0 /*不是前面两种情况的话，则判断是不是由于用户堆栈所占的页框已经使用完，而一个PUSH指令
?2iUhf3n%p-M;S0   引用了一个尚未和页框绑定的虚拟内存区域导致的一个异常，属于堆栈的虚拟内存区，其VM_GROWSDOWN位
I7wxzoy v0   被置位*/
U fr#[j*jx(Q0 if (unlikely(!(vma->vm_flags & VM_GROWSDOWN))) {
e1@f,W K5l7K0  bad_area(regs, error_code, address);//不是堆栈区域，则用bad_area()来处理51Testing软件测试网&K#A
Y [2l{gG*k-y
  return;
;Fz&d0n|E0 }
4B,rV:\!d?0 if (error_code & PF_USER) {//必须处于用户空间51Testing软件测试网6y{C$BFh![2j
  /*51Testing软件测试网?8e$L'~s
   * Accessing the stack below %sp is always a bug.
J%_a!c^F&j'bO4i0   * The large cushion allows instructions like enter51Testing软件测试网.GKl@~n~3a T
   * and pusha to work. ("enter $65535, $31" pushes
;Y%zT xO a?4T1c_0   * 32 pointers and then decrements %sp by 65535.)
%M#fCQr$^8x2j0   */51Testing软件测试网"x&E M wEil4O
   /*这里检查address，只有该地址足够高(和堆栈指针的差不大于65536+32*sizeof(unsigned long)),51Testing软件测试网_|XQzm(D
     才能允许用户进程扩展它的堆栈地址空间，否则bad_area()处理*/
+D+hsW dq(E/Mk0  if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
pR@+F oxQ#n0   bad_area(regs, error_code, address);51Testing软件测试网$S2`s5|D ?0a*j7z
   return;51Testing软件测试网D7PWhM5L&u
  }
W'Y)YFt1\([hZfq[0 }51Testing软件测试网oe-D%R4x9T
 if (unlikely(expand_stack(vma, address))) {//堆栈扩展不成功同样由bad_area()处理
)k1oH ~@0  bad_area(regs, error_code, address);
V%DsyVoz}0  return;
kt*@ l(W.n r&xA0 }51Testing软件测试网0E#W!nI0_-G2P*]

 /*
N&f c'Z8MyQ2{0  * Ok, we have a good vm_area for this memory access, so51Testing软件测试网ky#L4X*?2_3K
  * we can handle it..
5^*F3l^2BCv!`c3t0  */51Testing软件测试网z1XE!v4|Wb N
good_area:51Testing软件测试网Bg FGI+z%PKI
 write = error_code & PF_WRITE;

6XL+w%E)V fD0 /*访问权限不够则通过bad_area_access_error()处理，该函数是对__bad_area()的封装，只不过
P,TTg#AM+O1D,y0   发送给用户进程的信号为SEGV_ACCERR*/51Testing软件测试网0zi grG6y v
 if (unlikely(access_error(error_code, write, vma))) {
#q9\;i.aa0  bad_area_access_error(regs, error_code, address);
aXZTM$yItQ:u0i0  return;51Testing软件测试网3M2zL*uG
 }

 /*
^ J_MHu0c"}0  * If for any reason at all we couldn't handle the fault,
Q^Xcs0  * make sure we exit gracefully rather than endlessly redo51Testing软件测试网FD2w]s3X
  * the fault:51Testing软件测试网T ?%o7Pu
  */

GL9Lf;tH'}"v$z4e0  /*分配新的页表和页框*/
%o5b
Bb)pP`1fF_0 fault = handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0);

 if (unlikely(fault & VM_FAULT_ERROR)) {51Testing软件测试网:T|gn6dq"I(e
  mm_fault_error(regs, error_code, address, fault);
$rQRS1h0  return;51Testing软件测试网BD
rUnL1h
 }51Testing软件测试网#R+h+V+R"j

 if (fault & VM_FAULT_MAJOR) {
B0u`/H8AbFveI0  tsk->maj_flt++;51Testing软件测试网%sj0vM5\#PGu
  perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0,
L+m*xI6\'?&a0         regs, address);51Testing软件测试网 ek:d.L#q-v
 } else {
s$gw}:E#m0  tsk->min_flt++;
s/ajQ!R^-s
hc0  perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0,51Testing软件测试网\u/f5DHQ7^t:`
         regs, address);51Testing软件测试网8n_|Nn5BD
b+H{
 }51Testing软件测试网 nz9x5oiT,i

 check_v8086_mode(regs, address, tsk);

 up_read(&mm->mmap_sem);
Bct oU8l0}51Testing软件测试网2{.D J"G(\ {mw'c/X

int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,51Testing软件测试网1g Tv,cx1b&e+s Q`
  unsigned long address, unsigned int flags)
RxNi&Q@
yc0{
2O1[F C,LzE]0 pgd_t *pgd;
_Z#Sy\b*TF0 pud_t *pud;51Testing软件测试网3~ B8S-uX4YJ7K
 pmd_t *pmd;
Z-RPDc4wR$J3\{B0 pte_t *pte;

 __set_current_state(TASK_RUNNING);51Testing软件测试网q&b9`7N-n9N
k z%h7P

 count_vm_event(PGFAULT);51Testing软件测试网(h k.}/i)J

 if (unlikely(is_vm_hugetlb_page(vma)))51Testing软件测试网b6FI9Id$\y
  return hugetlb_fault(mm, vma, address, flags);51Testing软件测试网8J&j*\ M;||}

A#S*NT,aY|0 pgd = pgd_offset(mm, address);51Testing软件测试网;ft|`MiZv
 pud = pud_alloc(mm, pgd, address);//分配pud目录51Testing软件测试网^;wS ^|W#@+_s(J
 if (!pud)51Testing软件测试网t%m6JG [kVe
  return VM_FAULT_OOM;
5_%e&ujIb0 pmd = pmd_alloc(mm, pud, address);//分配pmd目录51Testing软件测试网pm7V)jv4Al
 if (!pmd)51Testing软件测试网Q bh9J$w\xe
  return VM_FAULT_OOM;51Testing软件测试网!A;h/u7r:R.{I0M:Q
 pte = pte_alloc_map(mm, pmd, address);//分配pte表51Testing软件测试网 j#s[#~2g%b
 if (!pte)
)^\5c Yl0  return VM_FAULT_OOM;51Testing软件测试网rqX.GK-S T7a

#^
hjR8Rk0 /*handle_pte_fault()的任务就是为pte绑定新的页框，它会根据pte页表项的情况来做不同的处理*/
)b!U6I'g;AJ^0 return handle_pte_fault(mm, vma, address, pte, pmd, flags);51Testing软件测试网Jo5Y8t%f0k u&t"S
}51Testing软件测试网R)D8SH[ d