2 * Code for replacing ftrace calls with jumps.
4 * Copyright (C) 2007-2008 Steven Rostedt <srostedt@redhat.com>
6 * Thanks goes out to P.A. Semi, Inc for supplying me with a PPC64 box.
10 #include <linux/spinlock.h>
11 #include <linux/hardirq.h>
12 #include <linux/uaccess.h>
13 #include <linux/module.h>
14 #include <linux/ftrace.h>
15 #include <linux/percpu.h>
16 #include <linux/init.h>
17 #include <linux/list.h>
19 #include <asm/cacheflush.h>
20 #include <asm/code-patching.h>
21 #include <asm/ftrace.h>
23 static unsigned int ftrace_nop = PPC_NOP_INSTR;
26 # define GET_ADDR(addr) addr
28 /* PowerPC64's functions are data that points to the functions */
29 # define GET_ADDR(addr) (*(unsigned long *)addr)
33 static unsigned int ftrace_calc_offset(long ip, long addr)
35 return (int)(addr - ip);
38 static unsigned char *ftrace_nop_replace(void)
40 return (char *)&ftrace_nop;
43 static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
45 static unsigned int op;
48 * It would be nice to just use create_function_call, but that will
49 * update the code itself. Here we need to just return the
50 * instruction that is going to be modified, without modifying the
53 addr = GET_ADDR(addr);
55 /* Set to "bl addr" */
56 op = 0x48000001 | (ftrace_calc_offset(ip, addr) & 0x03fffffc);
59 * No locking needed, this must be called via kstop_machine
60 * which in essence is like running on a uniprocessor machine.
62 return (unsigned char *)&op;
66 # define _ASM_ALIGN " .align 3 "
67 # define _ASM_PTR " .llong "
69 # define _ASM_ALIGN " .align 2 "
70 # define _ASM_PTR " .long "
74 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
75 unsigned char *new_code)
77 unsigned char replaced[MCOUNT_INSN_SIZE];
80 * Note: Due to modules and __init, code can
81 * disappear and change, we need to protect against faulting
82 * as well as code changing. We do this by using the
83 * probe_kernel_* functions.
85 * No real locking needed, this code is run through
86 * kstop_machine, or before SMP starts.
89 /* read the text we want to modify */
90 if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
93 /* Make sure it is what we expect it to be */
94 if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
97 /* replace the text with the new text */
98 if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
101 flush_icache_range(ip, ip + 8);
107 * Helper functions that are the same for both PPC64 and PPC32.
109 static int test_24bit_addr(unsigned long ip, unsigned long addr)
112 /* use the create_branch to verify that this offset can be branched */
113 return create_branch((unsigned int *)ip, addr, 0);
116 static int is_bl_op(unsigned int op)
118 return (op & 0xfc000003) == 0x48000001;
121 static unsigned long find_bl_target(unsigned long ip, unsigned int op)
125 offset = (op & 0x03fffffc);
127 if (offset & 0x02000000)
128 offset |= 0xfe000000;
130 return ip + (long)offset;
135 __ftrace_make_nop(struct module *mod,
136 struct dyn_ftrace *rec, unsigned long addr)
141 unsigned long ip = rec->ip;
145 /* read where this goes */
146 if (probe_kernel_read(&op, (void *)ip, sizeof(int)))
149 /* Make sure that that this is still a 24bit jump */
151 printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
155 /* lets find where the pointer goes */
156 tramp = find_bl_target(ip, op);
159 * On PPC64 the trampoline looks like:
160 * 0x3d, 0x82, 0x00, 0x00, addis r12,r2, <high>
161 * 0x39, 0x8c, 0x00, 0x00, addi r12,r12, <low>
162 * Where the bytes 2,3,6 and 7 make up the 32bit offset
163 * to the TOC that holds the pointer.
165 * 0xf8, 0x41, 0x00, 0x28, std r2,40(r1)
166 * 0xe9, 0x6c, 0x00, 0x20, ld r11,32(r12)
167 * The actually address is 32 bytes from the offset
169 * 0xe8, 0x4c, 0x00, 0x28, ld r2,40(r12)
172 pr_debug("ip:%lx jumps to %lx r2: %lx", ip, tramp, mod->arch.toc);
174 /* Find where the trampoline jumps to */
175 if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
176 printk(KERN_ERR "Failed to read %lx\n", tramp);
180 pr_debug(" %08x %08x", jmp[0], jmp[1]);
182 /* verify that this is what we expect it to be */
183 if (((jmp[0] & 0xffff0000) != 0x3d820000) ||
184 ((jmp[1] & 0xffff0000) != 0x398c0000) ||
185 (jmp[2] != 0xf8410028) ||
186 (jmp[3] != 0xe96c0020) ||
187 (jmp[4] != 0xe84c0028)) {
188 printk(KERN_ERR "Not a trampoline\n");
192 /* The bottom half is signed extended */
193 offset = ((unsigned)((unsigned short)jmp[0]) << 16) +
194 (int)((short)jmp[1]);
196 pr_debug(" %x ", offset);
198 /* get the address this jumps too */
199 tramp = mod->arch.toc + offset + 32;
200 pr_debug("toc: %lx", tramp);
202 if (probe_kernel_read(jmp, (void *)tramp, 8)) {
203 printk(KERN_ERR "Failed to read %lx\n", tramp);
207 pr_debug(" %08x %08x\n", jmp[0], jmp[1]);
209 ptr = ((unsigned long)jmp[0] << 32) + jmp[1];
211 /* This should match what was called */
212 if (ptr != GET_ADDR(addr)) {
213 printk(KERN_ERR "addr does not match %lx\n", ptr);
218 * We want to nop the line, but the next line is
219 * 0xe8, 0x41, 0x00, 0x28 ld r2,40(r1)
220 * This needs to be turned to a nop too.
222 if (probe_kernel_read(&op, (void *)(ip+4), MCOUNT_INSN_SIZE))
225 if (op != 0xe8410028) {
226 printk(KERN_ERR "Next line is not ld! (%08x)\n", op);
231 * Milton Miller pointed out that we can not blindly do nops.
232 * If a task was preempted when calling a trace function,
233 * the nops will remove the way to restore the TOC in r2
234 * and the r2 TOC will get corrupted.
239 * bl <tramp> <==== will be replaced with "b 1f"
243 op = 0x48000008; /* b +8 */
245 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
249 flush_icache_range(ip, ip + 8);
256 __ftrace_make_nop(struct module *mod,
257 struct dyn_ftrace *rec, unsigned long addr)
261 unsigned long ip = rec->ip;
264 if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
267 /* Make sure that that this is still a 24bit jump */
269 printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
273 /* lets find where the pointer goes */
274 tramp = find_bl_target(ip, op);
277 * On PPC32 the trampoline looks like:
278 * 0x3d, 0x60, 0x00, 0x00 lis r11,sym@ha
279 * 0x39, 0x6b, 0x00, 0x00 addi r11,r11,sym@l
280 * 0x7d, 0x69, 0x03, 0xa6 mtctr r11
281 * 0x4e, 0x80, 0x04, 0x20 bctr
284 pr_debug("ip:%lx jumps to %lx", ip, tramp);
286 /* Find where the trampoline jumps to */
287 if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
288 printk(KERN_ERR "Failed to read %lx\n", tramp);
292 pr_debug(" %08x %08x ", jmp[0], jmp[1]);
294 /* verify that this is what we expect it to be */
295 if (((jmp[0] & 0xffff0000) != 0x3d600000) ||
296 ((jmp[1] & 0xffff0000) != 0x396b0000) ||
297 (jmp[2] != 0x7d6903a6) ||
298 (jmp[3] != 0x4e800420)) {
299 printk(KERN_ERR "Not a trampoline\n");
303 tramp = (jmp[1] & 0xffff) |
304 ((jmp[0] & 0xffff) << 16);
308 pr_debug(" %x ", tramp);
312 "Trampoline location %08lx does not match addr\n",
319 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
322 flush_icache_range(ip, ip + 8);
328 int ftrace_make_nop(struct module *mod,
329 struct dyn_ftrace *rec, unsigned long addr)
331 unsigned char *old, *new;
332 unsigned long ip = rec->ip;
335 * If the calling address is more that 24 bits away,
336 * then we had to use a trampoline to make the call.
337 * Otherwise just update the call site.
339 if (test_24bit_addr(ip, addr)) {
341 old = ftrace_call_replace(ip, addr);
342 new = ftrace_nop_replace();
343 return ftrace_modify_code(ip, old, new);
347 * Out of range jumps are called from modules.
348 * We should either already have a pointer to the module
349 * or it has been passed in.
351 if (!rec->arch.mod) {
353 printk(KERN_ERR "No module loaded addr=%lx\n",
359 if (mod != rec->arch.mod) {
361 "Record mod %p not equal to passed in mod %p\n",
365 /* nothing to do if mod == rec->arch.mod */
369 return __ftrace_make_nop(mod, rec, addr);
375 __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
378 unsigned long ip = rec->ip;
380 /* read where this goes */
381 if (probe_kernel_read(op, (void *)ip, MCOUNT_INSN_SIZE * 2))
385 * It should be pointing to two nops or
388 if (((op[0] != 0x48000008) || (op[1] != 0xe8410028)) &&
389 ((op[0] != PPC_NOP_INSTR) || (op[1] != PPC_NOP_INSTR))) {
390 printk(KERN_ERR "Expected NOPs but have %x %x\n", op[0], op[1]);
394 /* If we never set up a trampoline to ftrace_caller, then bail */
395 if (!rec->arch.mod->arch.tramp) {
396 printk(KERN_ERR "No ftrace trampoline\n");
400 /* create the branch to the trampoline */
401 op[0] = create_branch((unsigned int *)ip,
402 rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
404 printk(KERN_ERR "REL24 out of range!\n");
411 pr_debug("write to %lx\n", rec->ip);
413 if (probe_kernel_write((void *)ip, op, MCOUNT_INSN_SIZE * 2))
416 flush_icache_range(ip, ip + 8);
422 __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
425 unsigned long ip = rec->ip;
427 /* read where this goes */
428 if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
431 /* It should be pointing to a nop */
432 if (op != PPC_NOP_INSTR) {
433 printk(KERN_ERR "Expected NOP but have %x\n", op);
437 /* If we never set up a trampoline to ftrace_caller, then bail */
438 if (!rec->arch.mod->arch.tramp) {
439 printk(KERN_ERR "No ftrace trampoline\n");
443 /* create the branch to the trampoline */
444 op = create_branch((unsigned int *)ip,
445 rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
447 printk(KERN_ERR "REL24 out of range!\n");
451 pr_debug("write to %lx\n", rec->ip);
453 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
456 flush_icache_range(ip, ip + 8);
460 #endif /* CONFIG_PPC64 */
462 int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
464 unsigned char *old, *new;
465 unsigned long ip = rec->ip;
468 * If the calling address is more that 24 bits away,
469 * then we had to use a trampoline to make the call.
470 * Otherwise just update the call site.
472 if (test_24bit_addr(ip, addr)) {
474 old = ftrace_nop_replace();
475 new = ftrace_call_replace(ip, addr);
476 return ftrace_modify_code(ip, old, new);
480 * Out of range jumps are called from modules.
481 * Being that we are converting from nop, it had better
482 * already have a module defined.
484 if (!rec->arch.mod) {
485 printk(KERN_ERR "No module loaded\n");
489 return __ftrace_make_call(rec, addr);
492 int ftrace_update_ftrace_func(ftrace_func_t func)
494 unsigned long ip = (unsigned long)(&ftrace_call);
495 unsigned char old[MCOUNT_INSN_SIZE], *new;
498 memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
499 new = ftrace_call_replace(ip, (unsigned long)func);
500 ret = ftrace_modify_code(ip, old, new);
505 int __init ftrace_dyn_arch_init(void *data)
507 /* caller expects data to be zero */
508 unsigned long *p = data;