Memory page faults linux

how is page fault triggered in linux kernel

I understand linux kernel implements demand paging — the page is not allocated until it is first access. This is all handled in the page fault handler. But what I don’t understand is how is the page fault triggered? More precisely, what triggers the call of the page fault handler? Is it from hardware?

2 Answers 2

The page fault is caused by the CPU (more specifically, the MMU) whenever the application tries to access a virtual memory address which isn’t mapped to a physical address. The page fault handler (in the kernel) then checks whether the page is currently swapped to disk (swaps it back in) or has been reserved but not committed (commits it), then sends control back to the application to retry the memory access instruction. If the application doesn’t have that virtual address allocated, on the other hand, then it sends the segfault instruction back to the kernel.

So it’s most accurate to say that the hardware triggers the call.

when mapping onwards into memory that does not exist at all.( virtual to physical memory ).In this case, the MMU will say there is no corresponding physical memory and inform operating system which is known as a «page fault». The operating system tells it is a less used virtual memory and pls check it in disc .Then the page that the MMU was trying to find will be reloaded in place table. The memory map will be updated accordingly, then control will be given back user application at the exact point the page fault occured and perform that instruction again, only this time the MMU will output the correct address to the memory system, and all will continue.

Since page fault triggered by MMU which is part of hardware is responsible for it.

Hot Network Questions

Subscribe to RSS

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.13.43530

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

Источник

1. Overview

In the malloc/mmap function, the kernel implementation only establishes the vma area in the address space of the process, and there is no actual mapping operation from virtual address to physical address. This part is implemented in Page Fault exception error handling.

The exception handling of Page Fault in Linux kernel is very complex and involves a lot of details. The physical memory mapping of malloc/mmap is only a subset function. The following figure roughly covers the case of Page Fault:

Let’s start gnawing at the hard bones.

2. Arm64 treatment

The exception handling of Page Fault depends on the architecture, so it is necessary to introduce the handling of Arm64.
Code reference: arch/arm64/kernel/entry.S.

Arm64 needs to convert the virtual address to the physical address when fetching instructions or accessing data. This process requires several checks, which can cause exceptions if it is not met:

  1. For example, take 39 significant bit address as an example, the upper 25 bits of kernel address are all 1, and the upper 25 bits of user process address are all 0;
  2. Address permission check, where the permission bits of the side are located in the page table entry;
Читайте также:  Asus rog strix g15 linux

You can see from the above figure_ mem_ The abort function, which is relatively simple and can be viewed directly from the code, is located in arch/arm64/mm/fault.c:

/* * Dispatch a data abort to the relevant handler. */ asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs) < const struct fault_info *inf = esr_to_fault_info(esr); struct siginfo info; if (!inf->fn(addr, esr, regs)) return; pr_alert("Unhandled fault: %s (0x%08x) at 0x%016lx\n", inf->name, esr, addr); mem_abort_decode(esr); info.si_signo = inf->sig; info.si_errno = 0; info.si_code = inf->code; info.si_addr = (void __user *)addr; arm64_notify_die("", regs, &info, esr); >

The key processing in this function is to get the fault according to the esr passed in_ Info information to call the function. struct fault_info is used to deal with the error state, and the global structure fault is defined in the kernel_ Info, which stores all the information.
The main error states and processing functions correspond as follows:

static const struct fault_info fault_info[] = < < do_bad, SIGBUS, 0, "ttbr address size fault" >, < do_bad, SIGBUS, 0, "level 1 address size fault" >, < do_bad, SIGBUS, 0, "level 2 address size fault" >, < do_bad, SIGBUS, 0, "level 3 address size fault" >, < do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 0 translation fault" >, < do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 1 translation fault" >, < do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 2 translation fault" >, < do_translation_fault, SIGSEGV, SEGV_MAPERR, "level 3 translation fault" >, < do_bad, SIGBUS, 0, "unknown 8" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 1 access flag fault" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 2 access flag fault" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 3 access flag fault" >, < do_bad, SIGBUS, 0, "unknown 12" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 1 permission fault" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 2 permission fault" >, < do_page_fault, SIGSEGV, SEGV_ACCERR, "level 3 permission fault" >, . >;

It can be seen from the code that:

  • Do is called when a 0 / 1 / 2 / 3 level page table conversion error occurs_ translation_ Fault, do in practice_ translation_ Fault will eventually call do as well_ page_ fault;
  • When the 1 / 2 / 3 page table access permission appears, do will be called_ page_ fault;
  • Other errors call do_bad, which is not listed also includes do_sea, etc;

do_translation_fault

do_page_fault

do_page_fault function is the core function of page fault exception handling, which is related to the architecture. Handle in the above figure_ Mm_ The fault function is a general-purpose function, that is, it will be called eventually regardless of the processor structure.

3. handle_mm_fault

handle_mm_fault is used to handle the page error exception in user space:

  • The process accesses the user’s virtual address in user mode and triggers page error exception;
  • The process accesses the user’s virtual address in kernel mode and triggers page error exception;
    From do_ page_ It can also be seen from the flow chart of fault function that handle will be called when the virtual address that triggers the exception belongs to a vma and has the permission to trigger page error exception_ Mm_ Fault function, and handle_ Mm_ The main logic of the fault function is__ handle_mm_fault.
Читайте также:  Посмотреть версию oracle linux

The flow chart is as follows:

3.1 do_fault

Do_ The fault function is used to handle file page exceptions, including the following three situations:

  1. Error reading file page;
  2. Error writing private file page;
  3. Error writing shared file page;

3.2 do_anonymous_page

This function is called to handle the missing page exception of anonymous page. It will be triggered in the following cases:

  1. malloc/mmap allocates the process address space area, but does not map it. It is triggered on the first access;
  2. When the user stack is not enough, the stack area is expanded;

3.3 do_swap_page

If there is an error accessing the Swap page (the page is not in memory), the page is read from the Swap cache or Swap file.
Because in the 4.14 kernel version, do_ swap_ Many of the functions called by page are empty functions, which can not be further understood. The general flow chart is as follows:

3.4 do_wp_page

Do_ Wp_ The page function is used to handle copy on write, which is handled in the following two situations:

  1. When creating a child process, the parent-child process will share private anonymous pages and file pages in a read-only manner. When trying to write, a page error exception will be triggered to copy the physical page and create a map;
  2. The process creates a private file map, triggers an exception after read access, reads the file page into page cache, and creates the map in read-only mode. After that, COW is triggered after write access;

The key replication work is done by wp_page_copy completed:

Author: LoyenWang
source:
Official account: LoyenWang
Copyright: the copyright of this article belongs to the author and the blog Garden
Reprint: welcome to reprint, but without the consent of the author, this statement must be retained; the original text must be linked; otherwise, legal liability will be imposed

Posted by shengtianlong at Dec 20, 2020 — 4:44 PM

Hot Categories

Hot Tags

  • Java × 8678
  • Python × 3398
  • Algorithm × 2157
  • Linux × 2069
  • Javascript × 1932
  • data structure × 1524
  • Spring × 1497
  • C++ × 1439
  • MySQL × 1163
  • Database × 1138
  • Front-end × 1057
  • Design Pattern × 1024

Источник

What happens after a page fault?

How many different reasons are there? A page fault happens when the CPU tries to address a VM address that’s not currently mapped to a RAM address. All it needs to know is the process and the address, so it can look up the address in the process’s page table.

1 Answer 1

A page fault occurs when a memory access fails because the MMU lookup for the virtual address ended in an invalid descriptor or in a descriptor indicating a lack of permissions (e.g. write attempt to a read-only page). When a page fault occurs, the processor performs a few actions; the details are specific to each processor architectures but the gist is the same:

  • Switch to a privileged mode (e.g. kernel mode).
  • Set some registers to indicate, at least, the nature of the fault, and the program counter and processor mode at the point of the fault.
  • Jump to a particular address in memory, indicated by a register or itself looked up at a particular location in memory: the address of the page fault handler.

To give an example, on an (32-bit) ARM processor:

  • The dfsr register is set to a value that describes the fault (whether it was due to a read or write, to a processor instruction or a DMA, etc.).
  • The dfar register is set to the virtual address that was the target of the access that caused the fault.
  • The processor switches to abort mode (one of the kernel-level privileged modes).
  • The lr register is set to the program counter at the time of the fault, and the spsr register is set to the program status register ( cpsr , the one that contains the mode bits, among other things) at the time of the fault.
  • The sp and cpsr registers are banked: they are restored from the value last set in abort mode.
  • The execution jumps to the abort vector, one of the exception vectors.
Читайте также:  Разница между unix та linux

The code of the page fault handler is part of the kernel of the operating system. Its job is to analyze the cause of the fault and to do something about it. It can consult the special-purpose registers that provide information about the nature of the fault, and if needed it can also inspect the instruction that the program was executing. It can also look up the descriptor in the MMU table; invalid descriptors can sometimes encode information such as the location of a page in swap space. The kernel knows which task is currently executing by looking at the value of a global variable or register that it updates on each context switch. Here are a few common behaviors on a page fault:

  • The data about the process’s memory mappings indicate that the page is in swap. The kernel finds a spare physical page, or obtains one by removing a page that contained disk cache, or obtains one by first saving its content to swap. Then it loads the data from the swap to this physical page, and changes the MMU table so that the virtual address that caused the fault is now attached to that physical page in the process’s MMU map. Finally, the kernel arranges to switch back to the process at the point of the instruction that caused the fault; this time the instruction will be executed successfully.
  • The data about the process’s memory mappings indicate that the page is a copy-on-write page, and a write access was attempted. Rather similarly to the previous case, the kernel obtains a spare physical page, copies data to it (here, from the page that was read-only), changes the MMU descriptor, and arranges for the process to execute the instruction again.
  • The data about the process’s memory mappings indicate that the page is not mapped, or that it doesn’t have the requisite permissions. In that case the kernel delivers a SIGSEGV signal (segmentation fault) to the process: the execution of the process resumes at the signal handler rather than at the original location, but the original location is saved on the stack. If the process has no handler for SIGSEGV, it is terminated.

It is not in general possible to determine that an exception is about to happen, except by knowing the virtual memory configuration and making checks before memory accesses. The normal flow of operation is that the reason for the page fault is recorded by the processor when the page fault happens.

Источник

Оцените статью
Adblock
detector