2 * Code for replacing ftrace calls with jumps.
4 * Copyright (C) 2007-2008 Steven Rostedt <srostedt@redhat.com>
6 * Thanks goes out to P.A. Semi, Inc for supplying me with a PPC64 box.
8 * Added function graph tracer code, taken from x86 that was written
9 * by Frederic Weisbecker, and ported to PPC by Steven Rostedt.
13 #include <linux/spinlock.h>
14 #include <linux/hardirq.h>
15 #include <linux/uaccess.h>
16 #include <linux/module.h>
17 #include <linux/ftrace.h>
18 #include <linux/percpu.h>
19 #include <linux/init.h>
20 #include <linux/list.h>
22 #include <asm/cacheflush.h>
23 #include <asm/code-patching.h>
24 #include <asm/ftrace.h>
27 # define GET_ADDR(addr) addr
29 /* PowerPC64's functions are data that points to the functions */
30 # define GET_ADDR(addr) (*(unsigned long *)addr)
33 #ifdef CONFIG_DYNAMIC_FTRACE
34 static unsigned int ftrace_nop = PPC_NOP_INSTR;
36 static unsigned int ftrace_calc_offset(long ip, long addr)
38 return (int)(addr - ip);
41 static unsigned char *ftrace_nop_replace(void)
43 return (char *)&ftrace_nop;
46 static unsigned char *
47 ftrace_call_replace(unsigned long ip, unsigned long addr, int link)
49 static unsigned int op;
52 * It would be nice to just use create_function_call, but that will
53 * update the code itself. Here we need to just return the
54 * instruction that is going to be modified, without modifying the
57 addr = GET_ADDR(addr);
59 /* if (link) set op to 'bl' else 'b' */
60 op = 0x48000000 | (link ? 1 : 0);
61 op |= (ftrace_calc_offset(ip, addr) & 0x03fffffc);
64 * No locking needed, this must be called via kstop_machine
65 * which in essence is like running on a uniprocessor machine.
67 return (unsigned char *)&op;
71 # define _ASM_ALIGN " .align 3 "
72 # define _ASM_PTR " .llong "
74 # define _ASM_ALIGN " .align 2 "
75 # define _ASM_PTR " .long "
79 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
80 unsigned char *new_code)
82 unsigned char replaced[MCOUNT_INSN_SIZE];
85 * Note: Due to modules and __init, code can
86 * disappear and change, we need to protect against faulting
87 * as well as code changing. We do this by using the
88 * probe_kernel_* functions.
90 * No real locking needed, this code is run through
91 * kstop_machine, or before SMP starts.
94 /* read the text we want to modify */
95 if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
98 /* Make sure it is what we expect it to be */
99 if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
102 /* replace the text with the new text */
103 if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
106 flush_icache_range(ip, ip + 8);
112 * Helper functions that are the same for both PPC64 and PPC32.
114 static int test_24bit_addr(unsigned long ip, unsigned long addr)
117 /* use the create_branch to verify that this offset can be branched */
118 return create_branch((unsigned int *)ip, addr, 0);
121 #ifdef CONFIG_MODULES
123 static int is_bl_op(unsigned int op)
125 return (op & 0xfc000003) == 0x48000001;
128 static unsigned long find_bl_target(unsigned long ip, unsigned int op)
132 offset = (op & 0x03fffffc);
134 if (offset & 0x02000000)
135 offset |= 0xfe000000;
137 return ip + (long)offset;
142 __ftrace_make_nop(struct module *mod,
143 struct dyn_ftrace *rec, unsigned long addr)
148 unsigned long ip = rec->ip;
152 /* read where this goes */
153 if (probe_kernel_read(&op, (void *)ip, sizeof(int)))
156 /* Make sure that that this is still a 24bit jump */
158 printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
162 /* lets find where the pointer goes */
163 tramp = find_bl_target(ip, op);
166 * On PPC64 the trampoline looks like:
167 * 0x3d, 0x82, 0x00, 0x00, addis r12,r2, <high>
168 * 0x39, 0x8c, 0x00, 0x00, addi r12,r12, <low>
169 * Where the bytes 2,3,6 and 7 make up the 32bit offset
170 * to the TOC that holds the pointer.
172 * 0xf8, 0x41, 0x00, 0x28, std r2,40(r1)
173 * 0xe9, 0x6c, 0x00, 0x20, ld r11,32(r12)
174 * The actually address is 32 bytes from the offset
176 * 0xe8, 0x4c, 0x00, 0x28, ld r2,40(r12)
179 pr_debug("ip:%lx jumps to %lx r2: %lx", ip, tramp, mod->arch.toc);
181 /* Find where the trampoline jumps to */
182 if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
183 printk(KERN_ERR "Failed to read %lx\n", tramp);
187 pr_debug(" %08x %08x", jmp[0], jmp[1]);
189 /* verify that this is what we expect it to be */
190 if (((jmp[0] & 0xffff0000) != 0x3d820000) ||
191 ((jmp[1] & 0xffff0000) != 0x398c0000) ||
192 (jmp[2] != 0xf8410028) ||
193 (jmp[3] != 0xe96c0020) ||
194 (jmp[4] != 0xe84c0028)) {
195 printk(KERN_ERR "Not a trampoline\n");
199 /* The bottom half is signed extended */
200 offset = ((unsigned)((unsigned short)jmp[0]) << 16) +
201 (int)((short)jmp[1]);
203 pr_debug(" %x ", offset);
205 /* get the address this jumps too */
206 tramp = mod->arch.toc + offset + 32;
207 pr_debug("toc: %lx", tramp);
209 if (probe_kernel_read(jmp, (void *)tramp, 8)) {
210 printk(KERN_ERR "Failed to read %lx\n", tramp);
214 pr_debug(" %08x %08x\n", jmp[0], jmp[1]);
216 ptr = ((unsigned long)jmp[0] << 32) + jmp[1];
218 /* This should match what was called */
219 if (ptr != GET_ADDR(addr)) {
220 printk(KERN_ERR "addr does not match %lx\n", ptr);
225 * We want to nop the line, but the next line is
226 * 0xe8, 0x41, 0x00, 0x28 ld r2,40(r1)
227 * This needs to be turned to a nop too.
229 if (probe_kernel_read(&op, (void *)(ip+4), MCOUNT_INSN_SIZE))
232 if (op != 0xe8410028) {
233 printk(KERN_ERR "Next line is not ld! (%08x)\n", op);
238 * Milton Miller pointed out that we can not blindly do nops.
239 * If a task was preempted when calling a trace function,
240 * the nops will remove the way to restore the TOC in r2
241 * and the r2 TOC will get corrupted.
246 * bl <tramp> <==== will be replaced with "b 1f"
250 op = 0x48000008; /* b +8 */
252 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
256 flush_icache_range(ip, ip + 8);
263 __ftrace_make_nop(struct module *mod,
264 struct dyn_ftrace *rec, unsigned long addr)
268 unsigned long ip = rec->ip;
271 if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
274 /* Make sure that that this is still a 24bit jump */
276 printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
280 /* lets find where the pointer goes */
281 tramp = find_bl_target(ip, op);
284 * On PPC32 the trampoline looks like:
285 * 0x3d, 0x60, 0x00, 0x00 lis r11,sym@ha
286 * 0x39, 0x6b, 0x00, 0x00 addi r11,r11,sym@l
287 * 0x7d, 0x69, 0x03, 0xa6 mtctr r11
288 * 0x4e, 0x80, 0x04, 0x20 bctr
291 pr_debug("ip:%lx jumps to %lx", ip, tramp);
293 /* Find where the trampoline jumps to */
294 if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
295 printk(KERN_ERR "Failed to read %lx\n", tramp);
299 pr_debug(" %08x %08x ", jmp[0], jmp[1]);
301 /* verify that this is what we expect it to be */
302 if (((jmp[0] & 0xffff0000) != 0x3d600000) ||
303 ((jmp[1] & 0xffff0000) != 0x396b0000) ||
304 (jmp[2] != 0x7d6903a6) ||
305 (jmp[3] != 0x4e800420)) {
306 printk(KERN_ERR "Not a trampoline\n");
310 tramp = (jmp[1] & 0xffff) |
311 ((jmp[0] & 0xffff) << 16);
315 pr_debug(" %x ", tramp);
319 "Trampoline location %08lx does not match addr\n",
326 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
329 flush_icache_range(ip, ip + 8);
334 #endif /* CONFIG_MODULES */
336 int ftrace_make_nop(struct module *mod,
337 struct dyn_ftrace *rec, unsigned long addr)
339 unsigned char *old, *new;
340 unsigned long ip = rec->ip;
343 * If the calling address is more that 24 bits away,
344 * then we had to use a trampoline to make the call.
345 * Otherwise just update the call site.
347 if (test_24bit_addr(ip, addr)) {
349 old = ftrace_call_replace(ip, addr, 1);
350 new = ftrace_nop_replace();
351 return ftrace_modify_code(ip, old, new);
354 #ifdef CONFIG_MODULES
356 * Out of range jumps are called from modules.
357 * We should either already have a pointer to the module
358 * or it has been passed in.
360 if (!rec->arch.mod) {
362 printk(KERN_ERR "No module loaded addr=%lx\n",
368 if (mod != rec->arch.mod) {
370 "Record mod %p not equal to passed in mod %p\n",
374 /* nothing to do if mod == rec->arch.mod */
378 return __ftrace_make_nop(mod, rec, addr);
380 /* We should not get here without modules */
382 #endif /* CONFIG_MODULES */
385 #ifdef CONFIG_MODULES
388 __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
391 unsigned long ip = rec->ip;
393 /* read where this goes */
394 if (probe_kernel_read(op, (void *)ip, MCOUNT_INSN_SIZE * 2))
398 * It should be pointing to two nops or
401 if (((op[0] != 0x48000008) || (op[1] != 0xe8410028)) &&
402 ((op[0] != PPC_NOP_INSTR) || (op[1] != PPC_NOP_INSTR))) {
403 printk(KERN_ERR "Expected NOPs but have %x %x\n", op[0], op[1]);
407 /* If we never set up a trampoline to ftrace_caller, then bail */
408 if (!rec->arch.mod->arch.tramp) {
409 printk(KERN_ERR "No ftrace trampoline\n");
413 /* create the branch to the trampoline */
414 op[0] = create_branch((unsigned int *)ip,
415 rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
417 printk(KERN_ERR "REL24 out of range!\n");
424 pr_debug("write to %lx\n", rec->ip);
426 if (probe_kernel_write((void *)ip, op, MCOUNT_INSN_SIZE * 2))
429 flush_icache_range(ip, ip + 8);
435 __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
438 unsigned long ip = rec->ip;
440 /* read where this goes */
441 if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
444 /* It should be pointing to a nop */
445 if (op != PPC_NOP_INSTR) {
446 printk(KERN_ERR "Expected NOP but have %x\n", op);
450 /* If we never set up a trampoline to ftrace_caller, then bail */
451 if (!rec->arch.mod->arch.tramp) {
452 printk(KERN_ERR "No ftrace trampoline\n");
456 /* create the branch to the trampoline */
457 op = create_branch((unsigned int *)ip,
458 rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
460 printk(KERN_ERR "REL24 out of range!\n");
464 pr_debug("write to %lx\n", rec->ip);
466 if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
469 flush_icache_range(ip, ip + 8);
473 #endif /* CONFIG_PPC64 */
474 #endif /* CONFIG_MODULES */
476 int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
478 unsigned char *old, *new;
479 unsigned long ip = rec->ip;
482 * If the calling address is more that 24 bits away,
483 * then we had to use a trampoline to make the call.
484 * Otherwise just update the call site.
486 if (test_24bit_addr(ip, addr)) {
488 old = ftrace_nop_replace();
489 new = ftrace_call_replace(ip, addr, 1);
490 return ftrace_modify_code(ip, old, new);
493 #ifdef CONFIG_MODULES
495 * Out of range jumps are called from modules.
496 * Being that we are converting from nop, it had better
497 * already have a module defined.
499 if (!rec->arch.mod) {
500 printk(KERN_ERR "No module loaded\n");
504 return __ftrace_make_call(rec, addr);
506 /* We should not get here without modules */
508 #endif /* CONFIG_MODULES */
511 int ftrace_update_ftrace_func(ftrace_func_t func)
513 unsigned long ip = (unsigned long)(&ftrace_call);
514 unsigned char old[MCOUNT_INSN_SIZE], *new;
517 memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
518 new = ftrace_call_replace(ip, (unsigned long)func, 1);
519 ret = ftrace_modify_code(ip, old, new);
524 int __init ftrace_dyn_arch_init(void *data)
526 /* caller expects data to be zero */
527 unsigned long *p = data;
533 #endif /* CONFIG_DYNAMIC_FTRACE */
535 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
537 #ifdef CONFIG_DYNAMIC_FTRACE
538 extern void ftrace_graph_call(void);
539 extern void ftrace_graph_stub(void);
541 int ftrace_enable_ftrace_graph_caller(void)
543 unsigned long ip = (unsigned long)(&ftrace_graph_call);
544 unsigned long addr = (unsigned long)(&ftrace_graph_caller);
545 unsigned long stub = (unsigned long)(&ftrace_graph_stub);
546 unsigned char old[MCOUNT_INSN_SIZE], *new;
548 new = ftrace_call_replace(ip, stub, 0);
549 memcpy(old, new, MCOUNT_INSN_SIZE);
550 new = ftrace_call_replace(ip, addr, 0);
552 return ftrace_modify_code(ip, old, new);
555 int ftrace_disable_ftrace_graph_caller(void)
557 unsigned long ip = (unsigned long)(&ftrace_graph_call);
558 unsigned long addr = (unsigned long)(&ftrace_graph_caller);
559 unsigned long stub = (unsigned long)(&ftrace_graph_stub);
560 unsigned char old[MCOUNT_INSN_SIZE], *new;
562 new = ftrace_call_replace(ip, addr, 0);
563 memcpy(old, new, MCOUNT_INSN_SIZE);
564 new = ftrace_call_replace(ip, stub, 0);
566 return ftrace_modify_code(ip, old, new);
568 #endif /* CONFIG_DYNAMIC_FTRACE */
571 extern void mod_return_to_handler(void);
575 * Hook the return address and push it in the stack of return addrs
576 * in current thread info.
578 void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr)
581 unsigned long long calltime;
583 struct ftrace_graph_ent trace;
584 unsigned long return_hooker = (unsigned long)&return_to_handler;
586 if (unlikely(atomic_read(¤t->tracing_graph_pause)))
590 /* non core kernel code needs to save and restore the TOC */
591 if (REGION_ID(self_addr) != KERNEL_REGION_ID)
592 return_hooker = (unsigned long)&mod_return_to_handler;
595 return_hooker = GET_ADDR(return_hooker);
598 * Protect against fault, even if it shouldn't
599 * happen. This tool is too much intrusive to
600 * ignore such a protection.
603 "1: " PPC_LL "%[old], 0(%[parent])\n"
604 "2: " PPC_STL "%[return_hooker], 0(%[parent])\n"
605 " li %[faulted], 0\n"
608 ".section .fixup, \"ax\"\n"
609 "4: li %[faulted], 1\n"
613 ".section __ex_table,\"a\"\n"
619 : [old] "=r" (old), [faulted] "=r" (faulted)
620 : [parent] "r" (parent), [return_hooker] "r" (return_hooker)
624 if (unlikely(faulted)) {
630 calltime = cpu_clock(raw_smp_processor_id());
632 if (ftrace_push_return_trace(old, calltime,
633 self_addr, &trace.depth) == -EBUSY) {
638 trace.func = self_addr;
640 /* Only trace if the calling function expects to */
641 if (!ftrace_graph_entry(&trace)) {
642 current->curr_ret_stack--;
646 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */