1 /* 2 * Dynamic function tracer architecture backend. 3 * 4 * Copyright IBM Corp. 2009,2014 5 * 6 * Author(s): Heiko Carstens <heiko.carstens@de.ibm.com>, 7 * Martin Schwidefsky <schwidefsky@de.ibm.com> 8 */ 9 10 #include <linux/moduleloader.h> 11 #include <linux/hardirq.h> 12 #include <linux/uaccess.h> 13 #include <linux/ftrace.h> 14 #include <linux/kernel.h> 15 #include <linux/types.h> 16 #include <linux/kprobes.h> 17 #include <trace/syscall.h> 18 #include <asm/asm-offsets.h> 19 #include <asm/cacheflush.h> 20 #include "entry.h" 21 22 /* 23 * The mcount code looks like this: 24 * stg %r14,8(%r15) # offset 0 25 * larl %r1,<&counter> # offset 6 26 * brasl %r14,_mcount # offset 12 27 * lg %r14,8(%r15) # offset 18 28 * Total length is 24 bytes. Only the first instruction will be patched 29 * by ftrace_make_call / ftrace_make_nop. 30 * The enabled ftrace code block looks like this: 31 * > brasl %r0,ftrace_caller # offset 0 32 * larl %r1,<&counter> # offset 6 33 * brasl %r14,_mcount # offset 12 34 * lg %r14,8(%r15) # offset 18 35 * The ftrace function gets called with a non-standard C function call ABI 36 * where r0 contains the return address. It is also expected that the called 37 * function only clobbers r0 and r1, but restores r2-r15. 38 * For module code we can't directly jump to ftrace caller, but need a 39 * trampoline (ftrace_plt), which clobbers also r1. 40 * The return point of the ftrace function has offset 24, so execution 41 * continues behind the mcount block. 42 * The disabled ftrace code block looks like this: 43 * > jg .+24 # offset 0 44 * larl %r1,<&counter> # offset 6 45 * brasl %r14,_mcount # offset 12 46 * lg %r14,8(%r15) # offset 18 47 * The jg instruction branches to offset 24 to skip as many instructions 48 * as possible. 49 */ 50 51 unsigned long ftrace_plt; 52 53 int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr, 54 unsigned long addr) 55 { 56 return 0; 57 } 58 59 int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec, 60 unsigned long addr) 61 { 62 struct ftrace_insn insn; 63 unsigned short op; 64 void *from, *to; 65 size_t size; 66 67 ftrace_generate_nop_insn(&insn); 68 size = sizeof(insn); 69 from = &insn; 70 to = (void *) rec->ip; 71 if (probe_kernel_read(&op, (void *) rec->ip, sizeof(op))) 72 return -EFAULT; 73 /* 74 * If we find a breakpoint instruction, a kprobe has been placed 75 * at the beginning of the function. We write the constant 76 * KPROBE_ON_FTRACE_NOP into the remaining four bytes of the original 77 * instruction so that the kprobes handler can execute a nop, if it 78 * reaches this breakpoint. 79 */ 80 if (op == BREAKPOINT_INSTRUCTION) { 81 size -= 2; 82 from += 2; 83 to += 2; 84 insn.disp = KPROBE_ON_FTRACE_NOP; 85 } 86 if (probe_kernel_write(to, from, size)) 87 return -EPERM; 88 return 0; 89 } 90 91 int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) 92 { 93 struct ftrace_insn insn; 94 unsigned short op; 95 void *from, *to; 96 size_t size; 97 98 ftrace_generate_call_insn(&insn, rec->ip); 99 size = sizeof(insn); 100 from = &insn; 101 to = (void *) rec->ip; 102 if (probe_kernel_read(&op, (void *) rec->ip, sizeof(op))) 103 return -EFAULT; 104 /* 105 * If we find a breakpoint instruction, a kprobe has been placed 106 * at the beginning of the function. We write the constant 107 * KPROBE_ON_FTRACE_CALL into the remaining four bytes of the original 108 * instruction so that the kprobes handler can execute a brasl if it 109 * reaches this breakpoint. 110 */ 111 if (op == BREAKPOINT_INSTRUCTION) { 112 size -= 2; 113 from += 2; 114 to += 2; 115 insn.disp = KPROBE_ON_FTRACE_CALL; 116 } 117 if (probe_kernel_write(to, from, size)) 118 return -EPERM; 119 return 0; 120 } 121 122 int ftrace_update_ftrace_func(ftrace_func_t func) 123 { 124 return 0; 125 } 126 127 int __init ftrace_dyn_arch_init(void) 128 { 129 return 0; 130 } 131 132 static int __init ftrace_plt_init(void) 133 { 134 unsigned int *ip; 135 136 ftrace_plt = (unsigned long) module_alloc(PAGE_SIZE); 137 if (!ftrace_plt) 138 panic("cannot allocate ftrace plt\n"); 139 ip = (unsigned int *) ftrace_plt; 140 ip[0] = 0x0d10e310; /* basr 1,0; lg 1,10(1); br 1 */ 141 ip[1] = 0x100a0004; 142 ip[2] = 0x07f10000; 143 ip[3] = FTRACE_ADDR >> 32; 144 ip[4] = FTRACE_ADDR & 0xffffffff; 145 set_memory_ro(ftrace_plt, 1); 146 return 0; 147 } 148 device_initcall(ftrace_plt_init); 149 150 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 151 /* 152 * Hook the return address and push it in the stack of return addresses 153 * in current thread info. 154 */ 155 unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) 156 { 157 struct ftrace_graph_ent trace; 158 159 if (unlikely(ftrace_graph_is_dead())) 160 goto out; 161 if (unlikely(atomic_read(¤t->tracing_graph_pause))) 162 goto out; 163 ip = (ip & PSW_ADDR_INSN) - MCOUNT_INSN_SIZE; 164 trace.func = ip; 165 trace.depth = current->curr_ret_stack + 1; 166 /* Only trace if the calling function expects to. */ 167 if (!ftrace_graph_entry(&trace)) 168 goto out; 169 if (ftrace_push_return_trace(parent, ip, &trace.depth, 0) == -EBUSY) 170 goto out; 171 parent = (unsigned long) return_to_handler; 172 out: 173 return parent; 174 } 175 NOKPROBE_SYMBOL(prepare_ftrace_return); 176 177 /* 178 * Patch the kernel code at ftrace_graph_caller location. The instruction 179 * there is branch relative on condition. To enable the ftrace graph code 180 * block, we simply patch the mask field of the instruction to zero and 181 * turn the instruction into a nop. 182 * To disable the ftrace graph code the mask field will be patched to 183 * all ones, which turns the instruction into an unconditional branch. 184 */ 185 int ftrace_enable_ftrace_graph_caller(void) 186 { 187 u8 op = 0x04; /* set mask field to zero */ 188 189 return probe_kernel_write(__va(ftrace_graph_caller)+1, &op, sizeof(op)); 190 } 191 192 int ftrace_disable_ftrace_graph_caller(void) 193 { 194 u8 op = 0xf4; /* set mask field to all ones */ 195 196 return probe_kernel_write(__va(ftrace_graph_caller)+1, &op, sizeof(op)); 197 } 198 199 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ 200