linux: where's the "real" segmentation fault handler?

Question

If I read/write/jump to an ummapped address ie.

.text
    .global _start
_start:
     movl   $1,%edx
     jmp     *%edx

this causes a segmentation fault.

I wonder, what's the actual part of the system (kernel) that intercepts reads/writes to unmapped addresses (how ?) and throws the "user mode" signal ?

Well there's hardware support for the how, perhaps http://duartes.org/gustavo/blog/post/cpu-rings-privilege-and-protection For the where, I guess you should look for the interrupt handler? — wds, Jun 24 '09 at 09:26

score 4 · Accepted Answer · answered Jun 24 '09 at 11:34

Everything flows from the architectures trap table. This is usually called entry.S (split on x86 between entry_32 and entry_64.S) and has assembler linkage that does a number of things (depending on config) before heading into the C code of the kernel proper.

So an invalid memory access should enter through either page_fault or general_protection and will probably end up doing force_sig_info before finally being queued back to user space in send_signal (kernel/signal.c).

score 0 · Answer 2 · answered Jun 24 '09 at 09:27

0

It is implemented for different architecture. For example, on x86, you can check the source at:

do_page_fault: linux/arch/x86/mm/fault.c

answered Jun 24 '09 at 09:27

Sam Liao

43,637
15
53
61

1

Page faults and segmentation faults are completely different things. – SoapBox Apr 09 '10 at 11:08

score 0 · Answer 3 · answered Sep 28 '09 at 03:00

In PowerPC chips that are not "Book E" (e.g., recent chips for embedded systems), a segmentation fault starts with an exception 0x300 (for data) or 0x400 (for instructions.) The user/supervisor mode flag is set to supervisor, the MMU is turned off, and the CPU jumps to address 0x300 or 0x400, giving control to the operating system.

linux: where's the "real" segmentation fault handler?

3 Answers3