1 // SPDX-License-Identifier: GPL-2.0
3 * Code for replacing ftrace calls with jumps.
5 * Copyright (C) 2007-2008 Steven Rostedt <srostedt@redhat.com>
7 * Thanks goes out to P.A. Semi, Inc for supplying me with a PPC64 box.
9 * Added function graph tracer code, taken from x86 that was written
10 * by Frederic Weisbecker, and ported to PPC by Steven Rostedt.
14 #define pr_fmt(fmt) "ftrace-powerpc: " fmt
16 #include <linux/spinlock.h>
17 #include <linux/hardirq.h>
18 #include <linux/uaccess.h>
19 #include <linux/module.h>
20 #include <linux/ftrace.h>
21 #include <linux/percpu.h>
22 #include <linux/init.h>
23 #include <linux/list.h>
25 #include <asm/cacheflush.h>
26 #include <asm/code-patching.h>
27 #include <asm/ftrace.h>
28 #include <asm/syscall.h>
32 * We generally only have a single long_branch tramp and at most 2 or 3 plt
33 * tramps generated. But, we don't use the plt tramps currently. We also allot
34 * 2 tramps after .text and .init.text. So, we only end up with around 3 usable
35 * tramps in total. Set aside 8 just to be sure.
37 #define NUM_FTRACE_TRAMPS 8
38 static unsigned long ftrace_tramps[NUM_FTRACE_TRAMPS];
41 ftrace_call_replace(unsigned long ip, unsigned long addr, int link)
45 addr = ppc_function_entry((void *)addr);
47 /* if (link) set op to 'bl' else 'b' */
48 create_branch(&op, (u32 *)ip, addr, link ? BRANCH_SET_LINK : 0);
54 ftrace_modify_code(unsigned long ip, ppc_inst_t old, ppc_inst_t new)
60 * We are paranoid about modifying text, as if a bug was to happen, it
61 * could cause us to read or write to someplace that could cause harm.
62 * Carefully read and modify the code with probe_kernel_*(), and make
63 * sure what we read is what we expected it to be before modifying it.
66 /* read the text we want to modify */
67 if (copy_inst_from_kernel_nofault(&replaced, (void *)ip))
70 /* Make sure it is what we expect it to be */
71 if (!ppc_inst_equal(replaced, old)) {
72 pr_err("%p: replaced (%s) != old (%s)",
73 (void *)ip, ppc_inst_as_str(replaced), ppc_inst_as_str(old));
77 /* replace the text with the new text */
78 return patch_instruction((u32 *)ip, new);
82 * Helper functions that are the same for both PPC64 and PPC32.
84 static int test_24bit_addr(unsigned long ip, unsigned long addr)
86 addr = ppc_function_entry((void *)addr);
88 return is_offset_in_branch_range(addr - ip);
91 static int is_bl_op(ppc_inst_t op)
93 return (ppc_inst_val(op) & ~PPC_LI_MASK) == PPC_RAW_BL(0);
96 static int is_b_op(ppc_inst_t op)
98 return (ppc_inst_val(op) & ~PPC_LI_MASK) == PPC_RAW_BRANCH(0);
101 static unsigned long find_bl_target(unsigned long ip, ppc_inst_t op)
105 offset = PPC_LI(ppc_inst_val(op));
107 if (offset & 0x02000000)
108 offset |= 0xfe000000;
110 return ip + (long)offset;
113 #ifdef CONFIG_MODULES
115 __ftrace_make_nop(struct module *mod,
116 struct dyn_ftrace *rec, unsigned long addr)
118 unsigned long entry, ptr, tramp;
119 unsigned long ip = rec->ip;
122 /* read where this goes */
123 if (copy_inst_from_kernel_nofault(&op, (void *)ip)) {
124 pr_err("Fetching opcode failed.\n");
128 /* Make sure that that this is still a 24bit jump */
130 pr_err("Not expected bl: opcode is %s\n", ppc_inst_as_str(op));
134 /* lets find where the pointer goes */
135 tramp = find_bl_target(ip, op);
137 pr_devel("ip:%lx jumps to %lx", ip, tramp);
139 if (module_trampoline_target(mod, tramp, &ptr)) {
140 pr_err("Failed to get trampoline target\n");
144 pr_devel("trampoline target %lx", ptr);
146 entry = ppc_global_function_entry((void *)addr);
147 /* This should match what was called */
149 pr_err("addr %lx does not match expected %lx\n", ptr, entry);
153 if (IS_ENABLED(CONFIG_MPROFILE_KERNEL)) {
154 if (copy_inst_from_kernel_nofault(&op, (void *)(ip - 4))) {
155 pr_err("Fetching instruction at %lx failed.\n", ip - 4);
159 /* We expect either a mflr r0, or a std r0, LRSAVE(r1) */
160 if (!ppc_inst_equal(op, ppc_inst(PPC_RAW_MFLR(_R0))) &&
161 !ppc_inst_equal(op, ppc_inst(PPC_INST_STD_LR))) {
162 pr_err("Unexpected instruction %s around bl _mcount\n",
163 ppc_inst_as_str(op));
166 } else if (IS_ENABLED(CONFIG_PPC64)) {
168 * Check what is in the next instruction. We can see ld r2,40(r1), but
169 * on first pass after boot we will see mflr r0.
171 if (copy_inst_from_kernel_nofault(&op, (void *)(ip + 4))) {
172 pr_err("Fetching op failed.\n");
176 if (!ppc_inst_equal(op, ppc_inst(PPC_INST_LD_TOC))) {
177 pr_err("Expected %08lx found %s\n", PPC_INST_LD_TOC, ppc_inst_as_str(op));
183 * When using -mprofile-kernel or PPC32 there is no load to jump over.
185 * Otherwise our original call site looks like:
190 * Milton Miller pointed out that we can not simply nop the branch.
191 * If a task was preempted when calling a trace function, the nops
192 * will remove the way to restore the TOC in r2 and the r2 TOC will
195 * Use a b +8 to jump over the load.
197 if (IS_ENABLED(CONFIG_MPROFILE_KERNEL) || IS_ENABLED(CONFIG_PPC32))
198 pop = ppc_inst(PPC_RAW_NOP());
200 pop = ppc_inst(PPC_RAW_BRANCH(8)); /* b +8 */
202 if (patch_instruction((u32 *)ip, pop)) {
203 pr_err("Patching NOP failed.\n");
210 static int __ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec, unsigned long addr)
214 #endif /* CONFIG_MODULES */
216 static unsigned long find_ftrace_tramp(unsigned long ip)
221 * We have the compiler generated long_branch tramps at the end
222 * and we prefer those
224 for (i = NUM_FTRACE_TRAMPS - 1; i >= 0; i--)
225 if (!ftrace_tramps[i])
227 else if (is_offset_in_branch_range(ftrace_tramps[i] - ip))
228 return ftrace_tramps[i];
233 static int add_ftrace_tramp(unsigned long tramp)
237 for (i = 0; i < NUM_FTRACE_TRAMPS; i++)
238 if (!ftrace_tramps[i]) {
239 ftrace_tramps[i] = tramp;
247 * If this is a compiler generated long_branch trampoline (essentially, a
248 * trampoline that has a branch to _mcount()), we re-write the branch to
249 * instead go to ftrace_[regs_]caller() and note down the location of this
252 static int setup_mcount_compiler_tramp(unsigned long tramp)
258 /* Is this a known long jump tramp? */
259 for (i = 0; i < NUM_FTRACE_TRAMPS; i++)
260 if (!ftrace_tramps[i])
262 else if (ftrace_tramps[i] == tramp)
265 /* New trampoline -- read where this goes */
266 if (copy_inst_from_kernel_nofault(&op, (void *)tramp)) {
267 pr_debug("Fetching opcode failed.\n");
271 /* Is this a 24 bit branch? */
273 pr_debug("Trampoline is not a long branch tramp.\n");
277 /* lets find where the pointer goes */
278 ptr = find_bl_target(tramp, op);
280 if (ptr != ppc_global_function_entry((void *)_mcount)) {
281 pr_debug("Trampoline target %p is not _mcount\n", (void *)ptr);
285 /* Let's re-write the tramp to go to ftrace_[regs_]caller */
286 if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS))
287 ptr = ppc_global_function_entry((void *)ftrace_regs_caller);
289 ptr = ppc_global_function_entry((void *)ftrace_caller);
291 if (patch_branch((u32 *)tramp, ptr, 0)) {
292 pr_debug("REL24 out of range!\n");
296 if (add_ftrace_tramp(tramp)) {
297 pr_debug("No tramp locations left\n");
304 static int __ftrace_make_nop_kernel(struct dyn_ftrace *rec, unsigned long addr)
306 unsigned long tramp, ip = rec->ip;
309 /* Read where this goes */
310 if (copy_inst_from_kernel_nofault(&op, (void *)ip)) {
311 pr_err("Fetching opcode failed.\n");
315 /* Make sure that that this is still a 24bit jump */
317 pr_err("Not expected bl: opcode is %s\n", ppc_inst_as_str(op));
321 /* Let's find where the pointer goes */
322 tramp = find_bl_target(ip, op);
324 pr_devel("ip:%lx jumps to %lx", ip, tramp);
326 if (setup_mcount_compiler_tramp(tramp)) {
327 /* Are other trampolines reachable? */
328 if (!find_ftrace_tramp(ip)) {
329 pr_err("No ftrace trampolines reachable from %ps\n",
335 if (patch_instruction((u32 *)ip, ppc_inst(PPC_RAW_NOP()))) {
336 pr_err("Patching NOP failed.\n");
343 int ftrace_make_nop(struct module *mod,
344 struct dyn_ftrace *rec, unsigned long addr)
346 unsigned long ip = rec->ip;
350 * If the calling address is more that 24 bits away,
351 * then we had to use a trampoline to make the call.
352 * Otherwise just update the call site.
354 if (test_24bit_addr(ip, addr)) {
356 old = ftrace_call_replace(ip, addr, 1);
357 new = ppc_inst(PPC_RAW_NOP());
358 return ftrace_modify_code(ip, old, new);
359 } else if (core_kernel_text(ip)) {
360 return __ftrace_make_nop_kernel(rec, addr);
361 } else if (!IS_ENABLED(CONFIG_MODULES)) {
366 * Out of range jumps are called from modules.
367 * We should either already have a pointer to the module
368 * or it has been passed in.
370 if (!rec->arch.mod) {
372 pr_err("No module loaded addr=%lx\n", addr);
377 if (mod != rec->arch.mod) {
378 pr_err("Record mod %p not equal to passed in mod %p\n",
382 /* nothing to do if mod == rec->arch.mod */
386 return __ftrace_make_nop(mod, rec, addr);
389 #ifdef CONFIG_MODULES
391 * Examine the existing instructions for __ftrace_make_call.
392 * They should effectively be a NOP, and follow formal constraints,
393 * depending on the ABI. Return false if they don't.
395 static bool expected_nop_sequence(void *ip, ppc_inst_t op0, ppc_inst_t op1)
397 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V1))
398 return ppc_inst_equal(op0, ppc_inst(PPC_RAW_BRANCH(8))) &&
399 ppc_inst_equal(op1, ppc_inst(PPC_INST_LD_TOC));
401 return ppc_inst_equal(op0, ppc_inst(PPC_RAW_NOP()));
405 __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
408 void *ip = (void *)rec->ip;
409 unsigned long entry, ptr, tramp;
410 struct module *mod = rec->arch.mod;
412 /* read where this goes */
413 if (copy_inst_from_kernel_nofault(op, ip))
416 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V1) &&
417 copy_inst_from_kernel_nofault(op + 1, ip + 4))
420 if (!expected_nop_sequence(ip, op[0], op[1])) {
421 pr_err("Unexpected call sequence at %p: %s %s\n",
422 ip, ppc_inst_as_str(op[0]), ppc_inst_as_str(op[1]));
426 /* If we never set up ftrace trampoline(s), then bail */
427 if (!mod->arch.tramp ||
428 (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS) && !mod->arch.tramp_regs)) {
429 pr_err("No ftrace trampoline\n");
433 if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS) && rec->flags & FTRACE_FL_REGS)
434 tramp = mod->arch.tramp_regs;
436 tramp = mod->arch.tramp;
438 if (module_trampoline_target(mod, tramp, &ptr)) {
439 pr_err("Failed to get trampoline target\n");
443 pr_devel("trampoline target %lx", ptr);
445 entry = ppc_global_function_entry((void *)addr);
446 /* This should match what was called */
448 pr_err("addr %lx does not match expected %lx\n", ptr, entry);
452 if (patch_branch(ip, tramp, BRANCH_SET_LINK)) {
453 pr_err("REL24 out of range!\n");
460 static int __ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
464 #endif /* CONFIG_MODULES */
466 static int __ftrace_make_call_kernel(struct dyn_ftrace *rec, unsigned long addr)
469 void *ip = (void *)rec->ip;
470 unsigned long tramp, entry, ptr;
472 /* Make sure we're being asked to patch branch to a known ftrace addr */
473 entry = ppc_global_function_entry((void *)ftrace_caller);
474 ptr = ppc_global_function_entry((void *)addr);
476 if (ptr != entry && IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS))
477 entry = ppc_global_function_entry((void *)ftrace_regs_caller);
480 pr_err("Unknown ftrace addr to patch: %ps\n", (void *)ptr);
484 /* Make sure we have a nop */
485 if (copy_inst_from_kernel_nofault(&op, ip)) {
486 pr_err("Unable to read ftrace location %p\n", ip);
490 if (!ppc_inst_equal(op, ppc_inst(PPC_RAW_NOP()))) {
491 pr_err("Unexpected call sequence at %p: %s\n", ip, ppc_inst_as_str(op));
495 tramp = find_ftrace_tramp((unsigned long)ip);
497 pr_err("No ftrace trampolines reachable from %ps\n", ip);
501 if (patch_branch(ip, tramp, BRANCH_SET_LINK)) {
502 pr_err("Error patching branch to ftrace tramp!\n");
509 int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
511 unsigned long ip = rec->ip;
515 * If the calling address is more that 24 bits away,
516 * then we had to use a trampoline to make the call.
517 * Otherwise just update the call site.
519 if (test_24bit_addr(ip, addr)) {
521 old = ppc_inst(PPC_RAW_NOP());
522 new = ftrace_call_replace(ip, addr, 1);
523 return ftrace_modify_code(ip, old, new);
524 } else if (core_kernel_text(ip)) {
525 return __ftrace_make_call_kernel(rec, addr);
526 } else if (!IS_ENABLED(CONFIG_MODULES)) {
527 /* We should not get here without modules */
532 * Out of range jumps are called from modules.
533 * Being that we are converting from nop, it had better
534 * already have a module defined.
536 if (!rec->arch.mod) {
537 pr_err("No module loaded\n");
541 return __ftrace_make_call(rec, addr);
544 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_REGS
545 #ifdef CONFIG_MODULES
547 __ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
551 unsigned long ip = rec->ip;
552 unsigned long entry, ptr, tramp;
553 struct module *mod = rec->arch.mod;
555 /* If we never set up ftrace trampolines, then bail */
556 if (!mod->arch.tramp || !mod->arch.tramp_regs) {
557 pr_err("No ftrace trampoline\n");
561 /* read where this goes */
562 if (copy_inst_from_kernel_nofault(&op, (void *)ip)) {
563 pr_err("Fetching opcode failed.\n");
567 /* Make sure that that this is still a 24bit jump */
569 pr_err("Not expected bl: opcode is %s\n", ppc_inst_as_str(op));
573 /* lets find where the pointer goes */
574 tramp = find_bl_target(ip, op);
575 entry = ppc_global_function_entry((void *)old_addr);
577 pr_devel("ip:%lx jumps to %lx", ip, tramp);
579 if (tramp != entry) {
580 /* old_addr is not within range, so we must have used a trampoline */
581 if (module_trampoline_target(mod, tramp, &ptr)) {
582 pr_err("Failed to get trampoline target\n");
586 pr_devel("trampoline target %lx", ptr);
588 /* This should match what was called */
590 pr_err("addr %lx does not match expected %lx\n", ptr, entry);
595 /* The new target may be within range */
596 if (test_24bit_addr(ip, addr)) {
598 if (patch_branch((u32 *)ip, addr, BRANCH_SET_LINK)) {
599 pr_err("REL24 out of range!\n");
606 if (rec->flags & FTRACE_FL_REGS)
607 tramp = mod->arch.tramp_regs;
609 tramp = mod->arch.tramp;
611 if (module_trampoline_target(mod, tramp, &ptr)) {
612 pr_err("Failed to get trampoline target\n");
616 pr_devel("trampoline target %lx", ptr);
618 entry = ppc_global_function_entry((void *)addr);
619 /* This should match what was called */
621 pr_err("addr %lx does not match expected %lx\n", ptr, entry);
625 if (patch_branch((u32 *)ip, tramp, BRANCH_SET_LINK)) {
626 pr_err("REL24 out of range!\n");
633 static int __ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr, unsigned long addr)
639 int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
642 unsigned long ip = rec->ip;
646 * If the calling address is more that 24 bits away,
647 * then we had to use a trampoline to make the call.
648 * Otherwise just update the call site.
650 if (test_24bit_addr(ip, addr) && test_24bit_addr(ip, old_addr)) {
652 old = ftrace_call_replace(ip, old_addr, 1);
653 new = ftrace_call_replace(ip, addr, 1);
654 return ftrace_modify_code(ip, old, new);
655 } else if (core_kernel_text(ip)) {
657 * We always patch out of range locations to go to the regs
658 * variant, so there is nothing to do here
661 } else if (!IS_ENABLED(CONFIG_MODULES)) {
662 /* We should not get here without modules */
667 * Out of range jumps are called from modules.
669 if (!rec->arch.mod) {
670 pr_err("No module loaded\n");
674 return __ftrace_modify_call(rec, old_addr, addr);
678 int ftrace_update_ftrace_func(ftrace_func_t func)
680 unsigned long ip = (unsigned long)(&ftrace_call);
684 old = ppc_inst_read((u32 *)&ftrace_call);
685 new = ftrace_call_replace(ip, (unsigned long)func, 1);
686 ret = ftrace_modify_code(ip, old, new);
688 /* Also update the regs callback function */
689 if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS) && !ret) {
690 ip = (unsigned long)(&ftrace_regs_call);
691 old = ppc_inst_read((u32 *)&ftrace_regs_call);
692 new = ftrace_call_replace(ip, (unsigned long)func, 1);
693 ret = ftrace_modify_code(ip, old, new);
700 * Use the default ftrace_modify_all_code, but without
703 void arch_ftrace_update_code(int command)
705 ftrace_modify_all_code(command);
709 #define PACATOC offsetof(struct paca_struct, kernel_toc)
711 extern unsigned int ftrace_tramp_text[], ftrace_tramp_init[];
713 int __init ftrace_dyn_arch_init(void)
716 unsigned int *tramp[] = { ftrace_tramp_text, ftrace_tramp_init };
718 PPC_RAW_LD(_R12, _R13, PACATOC),
719 PPC_RAW_ADDIS(_R12, _R12, 0),
720 PPC_RAW_ADDI(_R12, _R12, 0),
727 if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS))
728 addr = ppc_global_function_entry((void *)ftrace_regs_caller);
730 addr = ppc_global_function_entry((void *)ftrace_caller);
732 reladdr = addr - kernel_toc_addr();
734 if (reladdr >= SZ_2G || reladdr < -(long)SZ_2G) {
735 pr_err("Address of %ps out of range of kernel_toc.\n",
740 for (i = 0; i < 2; i++) {
741 memcpy(tramp[i], stub_insns, sizeof(stub_insns));
742 tramp[i][1] |= PPC_HA(reladdr);
743 tramp[i][2] |= PPC_LO(reladdr);
744 add_ftrace_tramp((unsigned long)tramp[i]);
751 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
753 extern void ftrace_graph_call(void);
754 extern void ftrace_graph_stub(void);
756 static int ftrace_modify_ftrace_graph_caller(bool enable)
758 unsigned long ip = (unsigned long)(&ftrace_graph_call);
759 unsigned long addr = (unsigned long)(&ftrace_graph_caller);
760 unsigned long stub = (unsigned long)(&ftrace_graph_stub);
763 if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_ARGS))
766 old = ftrace_call_replace(ip, enable ? stub : addr, 0);
767 new = ftrace_call_replace(ip, enable ? addr : stub, 0);
769 return ftrace_modify_code(ip, old, new);
772 int ftrace_enable_ftrace_graph_caller(void)
774 return ftrace_modify_ftrace_graph_caller(true);
777 int ftrace_disable_ftrace_graph_caller(void)
779 return ftrace_modify_ftrace_graph_caller(false);
783 * Hook the return address and push it in the stack of return addrs
784 * in current thread info. Return the address we want to divert to.
787 __prepare_ftrace_return(unsigned long parent, unsigned long ip, unsigned long sp)
789 unsigned long return_hooker;
792 if (unlikely(ftrace_graph_is_dead()))
795 if (unlikely(atomic_read(¤t->tracing_graph_pause)))
798 bit = ftrace_test_recursion_trylock(ip, parent);
802 return_hooker = ppc_function_entry(return_to_handler);
804 if (!function_graph_enter(parent, ip, 0, (unsigned long *)sp))
805 parent = return_hooker;
807 ftrace_test_recursion_unlock(bit);
812 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_ARGS
813 void ftrace_graph_func(unsigned long ip, unsigned long parent_ip,
814 struct ftrace_ops *op, struct ftrace_regs *fregs)
816 fregs->regs.link = __prepare_ftrace_return(parent_ip, ip, fregs->regs.gpr[1]);
819 unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip,
822 return __prepare_ftrace_return(parent, ip, sp);
825 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
827 #ifdef CONFIG_PPC64_ELF_ABI_V1
828 char *arch_ftrace_match_adjust(char *str, const char *search)
830 if (str[0] == '.' && search[0] != '.')
835 #endif /* CONFIG_PPC64_ELF_ABI_V1 */