page fault exception is raised when the addressed page is not present in memory, the corresponding page table

entry is null or a violation of the paging protection mechanism has occurred.

do_page_fault first obtains the unaccessible address from the CPU control register. If the address is within the virtual address space of the process, the fault probably occurred, because the page was not swapped in, write protected or something similar. However, we are interested in the other case objdump --section-headers vmlinux objdump --disassemble --section=.text vmlinux objdump --disassemble --section=.fixup vmlinux objdump --full-contents --section=__ex_table vmlinu

do_translation_fault() if (addr < TASK_SIZE) return do_page_fault(addr, fsr, regs);

The do_page_fault() function takes three parameters: A pointer to a pt_regs structure, which contains the values of microprocessor registers when the page fault occurred. An error code that indicates the reason for the page fault. The address that generated the page fault. The error code tells do_page_fault() if the process was reading from or writing to the associated address, and whether the page being accessed was actually in memory (vs. stored on disk) when the fault occurred. Do_page_fault() combines this with information in the processs mm_struct structure, to determine if the process has legitimate rights to access the memory address or not.

Do_page_faut(.) arm code flow

{ IF it is in interrupt context or have no user context ---- Dont take this fault steps 1

Registers are not belong to user mode(check the CPSR one) and not find the exception tabe Go to kernel fault (nohing but a die call ..that is oops)steps 2. Contnd in below. }

What is this Exception table :

the kernel builds an exception table in kernel memory. The boundaries of such region are defined by the symbols __start___ex_table and __stop___ex_table. Their values can be easily derived from System.map in this way. buffer@chinmoy:/usr/src/linux$ grep ex_table System.map c0261e20 A __start___ex_table c0264548 A __stop___ex_table buffer@rigel:/usr/src/linux$ What's the content of this memory region? In this region you could find couples of address. The first one (insn) represents the address of the instruction (belonging to a function which accesses the User Space address range, such as the ones previously described) which may raise a page fault. The second one (fixup) is a pointer to the "fixup code". When a page fault occurs within the kernel and the first case (demand paging or copy on write) is not verified, the kernel checks if the address which caused the page fault matches an insn entry in the exception table. If it doesn't, we are in the second case and the kernel raises an Oops. Otherwise, if the address matches an insn entry in the exception table, we are in the third case since the page fault exception was raised while accessing a User Space address. In this case, the control is passed to the function whose address is specified in the exception table as fixup code. This is done by simply doing this. search_exception_table(regs->ARM_pc= 0) } The function search_exception_table() searches for an insn entry in the exception table which matches the address of the instruction which raised the page fault. If it's found, it means the page fault exception was raised during an access to a User Space address. In this case, regs->eip

is pointed to the fixup code and then do_page_fault() returns thus jumping to the fixup code.

Do_page_faut(.)// contd
{ After steps 2 .

Fault=__do_page_fault() steps 3

find_vma()->check the fault address in residing on memory region or not . check the access error of the page , if it is fault then return as a VM_FAULT_BADACCESS call handle_mm_fault(..)

handle_mm_fault( ) function acts on four parameters: mm A pointer to the memory descriptor of the process that was running on the CPU when the exception occurred vma A pointer to the descriptor of the memory region, including the linear address that caused the exception address The linear address that caused the exception write_access Set to 1 if tsk attempted to write in address and to 0 if tsk attempted to read or execute it The handle_mm_fault( ) function returns 1 or 2 if it succeeded in allocating a new page frame for the process. The value 1 indicates that the Page Fault has been handled without blocking the current process; this kind of Page Fault is called minor fault. The value 2 indicates that the Page Fault forced the current process to sleep (most likely because time

was spent while filling the page frame assigned to the process with data read from disk); a Page Fault that blocks the current process is called a major fault

Do_page_faut(.)// contd
{ The return Fault value(it it wrong) will be compared with some SIGNAL(SIGBUS , SIGSEGV) and generate a correspoing task halt by that user task function }