1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Dynamic function tracing support. 4 * 5 * Copyright (C) 2007-2008 Steven Rostedt <srostedt@redhat.com> 6 * 7 * Thanks goes to Ingo Molnar, for suggesting the idea. 8 * Mathieu Desnoyers, for suggesting postponing the modifications. 9 * Arjan van de Ven, for keeping me straight, and explaining to me 10 * the dangers of modifying code on the run. 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/spinlock.h> 16 #include <linux/hardirq.h> 17 #include <linux/uaccess.h> 18 #include <linux/ftrace.h> 19 #include <linux/percpu.h> 20 #include <linux/sched.h> 21 #include <linux/slab.h> 22 #include <linux/init.h> 23 #include <linux/list.h> 24 #include <linux/module.h> 25 26 #include <trace/syscall.h> 27 28 #include <asm/set_memory.h> 29 #include <asm/kprobes.h> 30 #include <asm/ftrace.h> 31 #include <asm/nops.h> 32 33 #ifdef CONFIG_DYNAMIC_FTRACE 34 35 int ftrace_arch_code_modify_prepare(void) 36 { 37 set_kernel_text_rw(); 38 set_all_modules_text_rw(); 39 return 0; 40 } 41 42 int ftrace_arch_code_modify_post_process(void) 43 { 44 set_all_modules_text_ro(); 45 set_kernel_text_ro(); 46 return 0; 47 } 48 49 union ftrace_code_union { 50 char code[MCOUNT_INSN_SIZE]; 51 struct { 52 unsigned char e8; 53 int offset; 54 } __attribute__((packed)); 55 }; 56 57 static int ftrace_calc_offset(long ip, long addr) 58 { 59 return (int)(addr - ip); 60 } 61 62 static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr) 63 { 64 static union ftrace_code_union calc; 65 66 calc.e8 = 0xe8; 67 calc.offset = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr); 68 69 /* 70 * No locking needed, this must be called via kstop_machine 71 * which in essence is like running on a uniprocessor machine. 72 */ 73 return calc.code; 74 } 75 76 static inline int 77 within(unsigned long addr, unsigned long start, unsigned long end) 78 { 79 return addr >= start && addr < end; 80 } 81 82 static unsigned long text_ip_addr(unsigned long ip) 83 { 84 /* 85 * On x86_64, kernel text mappings are mapped read-only, so we use 86 * the kernel identity mapping instead of the kernel text mapping 87 * to modify the kernel text. 88 * 89 * For 32bit kernels, these mappings are same and we can use 90 * kernel identity mapping to modify code. 91 */ 92 if (within(ip, (unsigned long)_text, (unsigned long)_etext)) 93 ip = (unsigned long)__va(__pa_symbol(ip)); 94 95 return ip; 96 } 97 98 static const unsigned char *ftrace_nop_replace(void) 99 { 100 return ideal_nops[NOP_ATOMIC5]; 101 } 102 103 static int 104 ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code, 105 unsigned const char *new_code) 106 { 107 unsigned char replaced[MCOUNT_INSN_SIZE]; 108 109 ftrace_expected = old_code; 110 111 /* 112 * Note: 113 * We are paranoid about modifying text, as if a bug was to happen, it 114 * could cause us to read or write to someplace that could cause harm. 115 * Carefully read and modify the code with probe_kernel_*(), and make 116 * sure what we read is what we expected it to be before modifying it. 117 */ 118 119 /* read the text we want to modify */ 120 if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE)) 121 return -EFAULT; 122 123 /* Make sure it is what we expect it to be */ 124 if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0) 125 return -EINVAL; 126 127 ip = text_ip_addr(ip); 128 129 /* replace the text with the new text */ 130 if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE)) 131 return -EPERM; 132 133 sync_core(); 134 135 return 0; 136 } 137 138 int ftrace_make_nop(struct module *mod, 139 struct dyn_ftrace *rec, unsigned long addr) 140 { 141 unsigned const char *new, *old; 142 unsigned long ip = rec->ip; 143 144 old = ftrace_call_replace(ip, addr); 145 new = ftrace_nop_replace(); 146 147 /* 148 * On boot up, and when modules are loaded, the MCOUNT_ADDR 149 * is converted to a nop, and will never become MCOUNT_ADDR 150 * again. This code is either running before SMP (on boot up) 151 * or before the code will ever be executed (module load). 152 * We do not want to use the breakpoint version in this case, 153 * just modify the code directly. 154 */ 155 if (addr == MCOUNT_ADDR) 156 return ftrace_modify_code_direct(rec->ip, old, new); 157 158 ftrace_expected = NULL; 159 160 /* Normal cases use add_brk_on_nop */ 161 WARN_ONCE(1, "invalid use of ftrace_make_nop"); 162 return -EINVAL; 163 } 164 165 int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) 166 { 167 unsigned const char *new, *old; 168 unsigned long ip = rec->ip; 169 170 old = ftrace_nop_replace(); 171 new = ftrace_call_replace(ip, addr); 172 173 /* Should only be called when module is loaded */ 174 return ftrace_modify_code_direct(rec->ip, old, new); 175 } 176 177 /* 178 * The modifying_ftrace_code is used to tell the breakpoint 179 * handler to call ftrace_int3_handler(). If it fails to 180 * call this handler for a breakpoint added by ftrace, then 181 * the kernel may crash. 182 * 183 * As atomic_writes on x86 do not need a barrier, we do not 184 * need to add smp_mb()s for this to work. It is also considered 185 * that we can not read the modifying_ftrace_code before 186 * executing the breakpoint. That would be quite remarkable if 187 * it could do that. Here's the flow that is required: 188 * 189 * CPU-0 CPU-1 190 * 191 * atomic_inc(mfc); 192 * write int3s 193 * <trap-int3> // implicit (r)mb 194 * if (atomic_read(mfc)) 195 * call ftrace_int3_handler() 196 * 197 * Then when we are finished: 198 * 199 * atomic_dec(mfc); 200 * 201 * If we hit a breakpoint that was not set by ftrace, it does not 202 * matter if ftrace_int3_handler() is called or not. It will 203 * simply be ignored. But it is crucial that a ftrace nop/caller 204 * breakpoint is handled. No other user should ever place a 205 * breakpoint on an ftrace nop/caller location. It must only 206 * be done by this code. 207 */ 208 atomic_t modifying_ftrace_code __read_mostly; 209 210 static int 211 ftrace_modify_code(unsigned long ip, unsigned const char *old_code, 212 unsigned const char *new_code); 213 214 /* 215 * Should never be called: 216 * As it is only called by __ftrace_replace_code() which is called by 217 * ftrace_replace_code() that x86 overrides, and by ftrace_update_code() 218 * which is called to turn mcount into nops or nops into function calls 219 * but not to convert a function from not using regs to one that uses 220 * regs, which ftrace_modify_call() is for. 221 */ 222 int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr, 223 unsigned long addr) 224 { 225 WARN_ON(1); 226 ftrace_expected = NULL; 227 return -EINVAL; 228 } 229 230 static unsigned long ftrace_update_func; 231 232 static int update_ftrace_func(unsigned long ip, void *new) 233 { 234 unsigned char old[MCOUNT_INSN_SIZE]; 235 int ret; 236 237 memcpy(old, (void *)ip, MCOUNT_INSN_SIZE); 238 239 ftrace_update_func = ip; 240 /* Make sure the breakpoints see the ftrace_update_func update */ 241 smp_wmb(); 242 243 /* See comment above by declaration of modifying_ftrace_code */ 244 atomic_inc(&modifying_ftrace_code); 245 246 ret = ftrace_modify_code(ip, old, new); 247 248 atomic_dec(&modifying_ftrace_code); 249 250 return ret; 251 } 252 253 int ftrace_update_ftrace_func(ftrace_func_t func) 254 { 255 unsigned long ip = (unsigned long)(&ftrace_call); 256 unsigned char *new; 257 int ret; 258 259 new = ftrace_call_replace(ip, (unsigned long)func); 260 ret = update_ftrace_func(ip, new); 261 262 /* Also update the regs callback function */ 263 if (!ret) { 264 ip = (unsigned long)(&ftrace_regs_call); 265 new = ftrace_call_replace(ip, (unsigned long)func); 266 ret = update_ftrace_func(ip, new); 267 } 268 269 return ret; 270 } 271 272 static nokprobe_inline int is_ftrace_caller(unsigned long ip) 273 { 274 if (ip == ftrace_update_func) 275 return 1; 276 277 return 0; 278 } 279 280 /* 281 * A breakpoint was added to the code address we are about to 282 * modify, and this is the handle that will just skip over it. 283 * We are either changing a nop into a trace call, or a trace 284 * call to a nop. While the change is taking place, we treat 285 * it just like it was a nop. 286 */ 287 int ftrace_int3_handler(struct pt_regs *regs) 288 { 289 unsigned long ip; 290 291 if (WARN_ON_ONCE(!regs)) 292 return 0; 293 294 ip = regs->ip - 1; 295 if (!ftrace_location(ip) && !is_ftrace_caller(ip)) 296 return 0; 297 298 regs->ip += MCOUNT_INSN_SIZE - 1; 299 300 return 1; 301 } 302 NOKPROBE_SYMBOL(ftrace_int3_handler); 303 304 static int ftrace_write(unsigned long ip, const char *val, int size) 305 { 306 ip = text_ip_addr(ip); 307 308 if (probe_kernel_write((void *)ip, val, size)) 309 return -EPERM; 310 311 return 0; 312 } 313 314 static int add_break(unsigned long ip, const char *old) 315 { 316 unsigned char replaced[MCOUNT_INSN_SIZE]; 317 unsigned char brk = BREAKPOINT_INSTRUCTION; 318 319 if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE)) 320 return -EFAULT; 321 322 ftrace_expected = old; 323 324 /* Make sure it is what we expect it to be */ 325 if (memcmp(replaced, old, MCOUNT_INSN_SIZE) != 0) 326 return -EINVAL; 327 328 return ftrace_write(ip, &brk, 1); 329 } 330 331 static int add_brk_on_call(struct dyn_ftrace *rec, unsigned long addr) 332 { 333 unsigned const char *old; 334 unsigned long ip = rec->ip; 335 336 old = ftrace_call_replace(ip, addr); 337 338 return add_break(rec->ip, old); 339 } 340 341 342 static int add_brk_on_nop(struct dyn_ftrace *rec) 343 { 344 unsigned const char *old; 345 346 old = ftrace_nop_replace(); 347 348 return add_break(rec->ip, old); 349 } 350 351 static int add_breakpoints(struct dyn_ftrace *rec, int enable) 352 { 353 unsigned long ftrace_addr; 354 int ret; 355 356 ftrace_addr = ftrace_get_addr_curr(rec); 357 358 ret = ftrace_test_record(rec, enable); 359 360 switch (ret) { 361 case FTRACE_UPDATE_IGNORE: 362 return 0; 363 364 case FTRACE_UPDATE_MAKE_CALL: 365 /* converting nop to call */ 366 return add_brk_on_nop(rec); 367 368 case FTRACE_UPDATE_MODIFY_CALL: 369 case FTRACE_UPDATE_MAKE_NOP: 370 /* converting a call to a nop */ 371 return add_brk_on_call(rec, ftrace_addr); 372 } 373 return 0; 374 } 375 376 /* 377 * On error, we need to remove breakpoints. This needs to 378 * be done caefully. If the address does not currently have a 379 * breakpoint, we know we are done. Otherwise, we look at the 380 * remaining 4 bytes of the instruction. If it matches a nop 381 * we replace the breakpoint with the nop. Otherwise we replace 382 * it with the call instruction. 383 */ 384 static int remove_breakpoint(struct dyn_ftrace *rec) 385 { 386 unsigned char ins[MCOUNT_INSN_SIZE]; 387 unsigned char brk = BREAKPOINT_INSTRUCTION; 388 const unsigned char *nop; 389 unsigned long ftrace_addr; 390 unsigned long ip = rec->ip; 391 392 /* If we fail the read, just give up */ 393 if (probe_kernel_read(ins, (void *)ip, MCOUNT_INSN_SIZE)) 394 return -EFAULT; 395 396 /* If this does not have a breakpoint, we are done */ 397 if (ins[0] != brk) 398 return 0; 399 400 nop = ftrace_nop_replace(); 401 402 /* 403 * If the last 4 bytes of the instruction do not match 404 * a nop, then we assume that this is a call to ftrace_addr. 405 */ 406 if (memcmp(&ins[1], &nop[1], MCOUNT_INSN_SIZE - 1) != 0) { 407 /* 408 * For extra paranoidism, we check if the breakpoint is on 409 * a call that would actually jump to the ftrace_addr. 410 * If not, don't touch the breakpoint, we make just create 411 * a disaster. 412 */ 413 ftrace_addr = ftrace_get_addr_new(rec); 414 nop = ftrace_call_replace(ip, ftrace_addr); 415 416 if (memcmp(&ins[1], &nop[1], MCOUNT_INSN_SIZE - 1) == 0) 417 goto update; 418 419 /* Check both ftrace_addr and ftrace_old_addr */ 420 ftrace_addr = ftrace_get_addr_curr(rec); 421 nop = ftrace_call_replace(ip, ftrace_addr); 422 423 ftrace_expected = nop; 424 425 if (memcmp(&ins[1], &nop[1], MCOUNT_INSN_SIZE - 1) != 0) 426 return -EINVAL; 427 } 428 429 update: 430 return ftrace_write(ip, nop, 1); 431 } 432 433 static int add_update_code(unsigned long ip, unsigned const char *new) 434 { 435 /* skip breakpoint */ 436 ip++; 437 new++; 438 return ftrace_write(ip, new, MCOUNT_INSN_SIZE - 1); 439 } 440 441 static int add_update_call(struct dyn_ftrace *rec, unsigned long addr) 442 { 443 unsigned long ip = rec->ip; 444 unsigned const char *new; 445 446 new = ftrace_call_replace(ip, addr); 447 return add_update_code(ip, new); 448 } 449 450 static int add_update_nop(struct dyn_ftrace *rec) 451 { 452 unsigned long ip = rec->ip; 453 unsigned const char *new; 454 455 new = ftrace_nop_replace(); 456 return add_update_code(ip, new); 457 } 458 459 static int add_update(struct dyn_ftrace *rec, int enable) 460 { 461 unsigned long ftrace_addr; 462 int ret; 463 464 ret = ftrace_test_record(rec, enable); 465 466 ftrace_addr = ftrace_get_addr_new(rec); 467 468 switch (ret) { 469 case FTRACE_UPDATE_IGNORE: 470 return 0; 471 472 case FTRACE_UPDATE_MODIFY_CALL: 473 case FTRACE_UPDATE_MAKE_CALL: 474 /* converting nop to call */ 475 return add_update_call(rec, ftrace_addr); 476 477 case FTRACE_UPDATE_MAKE_NOP: 478 /* converting a call to a nop */ 479 return add_update_nop(rec); 480 } 481 482 return 0; 483 } 484 485 static int finish_update_call(struct dyn_ftrace *rec, unsigned long addr) 486 { 487 unsigned long ip = rec->ip; 488 unsigned const char *new; 489 490 new = ftrace_call_replace(ip, addr); 491 492 return ftrace_write(ip, new, 1); 493 } 494 495 static int finish_update_nop(struct dyn_ftrace *rec) 496 { 497 unsigned long ip = rec->ip; 498 unsigned const char *new; 499 500 new = ftrace_nop_replace(); 501 502 return ftrace_write(ip, new, 1); 503 } 504 505 static int finish_update(struct dyn_ftrace *rec, int enable) 506 { 507 unsigned long ftrace_addr; 508 int ret; 509 510 ret = ftrace_update_record(rec, enable); 511 512 ftrace_addr = ftrace_get_addr_new(rec); 513 514 switch (ret) { 515 case FTRACE_UPDATE_IGNORE: 516 return 0; 517 518 case FTRACE_UPDATE_MODIFY_CALL: 519 case FTRACE_UPDATE_MAKE_CALL: 520 /* converting nop to call */ 521 return finish_update_call(rec, ftrace_addr); 522 523 case FTRACE_UPDATE_MAKE_NOP: 524 /* converting a call to a nop */ 525 return finish_update_nop(rec); 526 } 527 528 return 0; 529 } 530 531 static void do_sync_core(void *data) 532 { 533 sync_core(); 534 } 535 536 static void run_sync(void) 537 { 538 int enable_irqs; 539 540 /* No need to sync if there's only one CPU */ 541 if (num_online_cpus() == 1) 542 return; 543 544 enable_irqs = irqs_disabled(); 545 546 /* We may be called with interrupts disabled (on bootup). */ 547 if (enable_irqs) 548 local_irq_enable(); 549 on_each_cpu(do_sync_core, NULL, 1); 550 if (enable_irqs) 551 local_irq_disable(); 552 } 553 554 void ftrace_replace_code(int enable) 555 { 556 struct ftrace_rec_iter *iter; 557 struct dyn_ftrace *rec; 558 const char *report = "adding breakpoints"; 559 int count = 0; 560 int ret; 561 562 for_ftrace_rec_iter(iter) { 563 rec = ftrace_rec_iter_record(iter); 564 565 ret = add_breakpoints(rec, enable); 566 if (ret) 567 goto remove_breakpoints; 568 count++; 569 } 570 571 run_sync(); 572 573 report = "updating code"; 574 count = 0; 575 576 for_ftrace_rec_iter(iter) { 577 rec = ftrace_rec_iter_record(iter); 578 579 ret = add_update(rec, enable); 580 if (ret) 581 goto remove_breakpoints; 582 count++; 583 } 584 585 run_sync(); 586 587 report = "removing breakpoints"; 588 count = 0; 589 590 for_ftrace_rec_iter(iter) { 591 rec = ftrace_rec_iter_record(iter); 592 593 ret = finish_update(rec, enable); 594 if (ret) 595 goto remove_breakpoints; 596 count++; 597 } 598 599 run_sync(); 600 601 return; 602 603 remove_breakpoints: 604 pr_warn("Failed on %s (%d):\n", report, count); 605 ftrace_bug(ret, rec); 606 for_ftrace_rec_iter(iter) { 607 rec = ftrace_rec_iter_record(iter); 608 /* 609 * Breakpoints are handled only when this function is in 610 * progress. The system could not work with them. 611 */ 612 if (remove_breakpoint(rec)) 613 BUG(); 614 } 615 run_sync(); 616 } 617 618 static int 619 ftrace_modify_code(unsigned long ip, unsigned const char *old_code, 620 unsigned const char *new_code) 621 { 622 int ret; 623 624 ret = add_break(ip, old_code); 625 if (ret) 626 goto out; 627 628 run_sync(); 629 630 ret = add_update_code(ip, new_code); 631 if (ret) 632 goto fail_update; 633 634 run_sync(); 635 636 ret = ftrace_write(ip, new_code, 1); 637 /* 638 * The breakpoint is handled only when this function is in progress. 639 * The system could not work if we could not remove it. 640 */ 641 BUG_ON(ret); 642 out: 643 run_sync(); 644 return ret; 645 646 fail_update: 647 /* Also here the system could not work with the breakpoint */ 648 if (ftrace_write(ip, old_code, 1)) 649 BUG(); 650 goto out; 651 } 652 653 void arch_ftrace_update_code(int command) 654 { 655 /* See comment above by declaration of modifying_ftrace_code */ 656 atomic_inc(&modifying_ftrace_code); 657 658 ftrace_modify_all_code(command); 659 660 atomic_dec(&modifying_ftrace_code); 661 } 662 663 int __init ftrace_dyn_arch_init(void) 664 { 665 return 0; 666 } 667 668 #if defined(CONFIG_X86_64) || defined(CONFIG_FUNCTION_GRAPH_TRACER) 669 static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr) 670 { 671 static union ftrace_code_union calc; 672 673 /* Jmp not a call (ignore the .e8) */ 674 calc.e8 = 0xe9; 675 calc.offset = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr); 676 677 /* 678 * ftrace external locks synchronize the access to the static variable. 679 */ 680 return calc.code; 681 } 682 #endif 683 684 /* Currently only x86_64 supports dynamic trampolines */ 685 #ifdef CONFIG_X86_64 686 687 #ifdef CONFIG_MODULES 688 #include <linux/moduleloader.h> 689 /* Module allocation simplifies allocating memory for code */ 690 static inline void *alloc_tramp(unsigned long size) 691 { 692 return module_alloc(size); 693 } 694 static inline void tramp_free(void *tramp, int size) 695 { 696 int npages = PAGE_ALIGN(size) >> PAGE_SHIFT; 697 698 set_memory_nx((unsigned long)tramp, npages); 699 set_memory_rw((unsigned long)tramp, npages); 700 module_memfree(tramp); 701 } 702 #else 703 /* Trampolines can only be created if modules are supported */ 704 static inline void *alloc_tramp(unsigned long size) 705 { 706 return NULL; 707 } 708 static inline void tramp_free(void *tramp, int size) { } 709 #endif 710 711 /* Defined as markers to the end of the ftrace default trampolines */ 712 extern void ftrace_regs_caller_end(void); 713 extern void ftrace_epilogue(void); 714 extern void ftrace_caller_op_ptr(void); 715 extern void ftrace_regs_caller_op_ptr(void); 716 717 /* movq function_trace_op(%rip), %rdx */ 718 /* 0x48 0x8b 0x15 <offset-to-ftrace_trace_op (4 bytes)> */ 719 #define OP_REF_SIZE 7 720 721 /* 722 * The ftrace_ops is passed to the function callback. Since the 723 * trampoline only services a single ftrace_ops, we can pass in 724 * that ops directly. 725 * 726 * The ftrace_op_code_union is used to create a pointer to the 727 * ftrace_ops that will be passed to the callback function. 728 */ 729 union ftrace_op_code_union { 730 char code[OP_REF_SIZE]; 731 struct { 732 char op[3]; 733 int offset; 734 } __attribute__((packed)); 735 }; 736 737 #define RET_SIZE 1 738 739 static unsigned long 740 create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size) 741 { 742 unsigned long start_offset; 743 unsigned long end_offset; 744 unsigned long op_offset; 745 unsigned long offset; 746 unsigned long size; 747 unsigned long retq; 748 unsigned long *ptr; 749 void *trampoline; 750 void *ip; 751 /* 48 8b 15 <offset> is movq <offset>(%rip), %rdx */ 752 unsigned const char op_ref[] = { 0x48, 0x8b, 0x15 }; 753 union ftrace_op_code_union op_ptr; 754 int ret; 755 756 if (ops->flags & FTRACE_OPS_FL_SAVE_REGS) { 757 start_offset = (unsigned long)ftrace_regs_caller; 758 end_offset = (unsigned long)ftrace_regs_caller_end; 759 op_offset = (unsigned long)ftrace_regs_caller_op_ptr; 760 } else { 761 start_offset = (unsigned long)ftrace_caller; 762 end_offset = (unsigned long)ftrace_epilogue; 763 op_offset = (unsigned long)ftrace_caller_op_ptr; 764 } 765 766 size = end_offset - start_offset; 767 768 /* 769 * Allocate enough size to store the ftrace_caller code, 770 * the iret , as well as the address of the ftrace_ops this 771 * trampoline is used for. 772 */ 773 trampoline = alloc_tramp(size + RET_SIZE + sizeof(void *)); 774 if (!trampoline) 775 return 0; 776 777 *tramp_size = size + RET_SIZE + sizeof(void *); 778 779 /* Copy ftrace_caller onto the trampoline memory */ 780 ret = probe_kernel_read(trampoline, (void *)start_offset, size); 781 if (WARN_ON(ret < 0)) 782 goto fail; 783 784 ip = trampoline + size; 785 786 /* The trampoline ends with ret(q) */ 787 retq = (unsigned long)ftrace_stub; 788 ret = probe_kernel_read(ip, (void *)retq, RET_SIZE); 789 if (WARN_ON(ret < 0)) 790 goto fail; 791 792 /* 793 * The address of the ftrace_ops that is used for this trampoline 794 * is stored at the end of the trampoline. This will be used to 795 * load the third parameter for the callback. Basically, that 796 * location at the end of the trampoline takes the place of 797 * the global function_trace_op variable. 798 */ 799 800 ptr = (unsigned long *)(trampoline + size + RET_SIZE); 801 *ptr = (unsigned long)ops; 802 803 op_offset -= start_offset; 804 memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE); 805 806 /* Are we pointing to the reference? */ 807 if (WARN_ON(memcmp(op_ptr.op, op_ref, 3) != 0)) 808 goto fail; 809 810 /* Load the contents of ptr into the callback parameter */ 811 offset = (unsigned long)ptr; 812 offset -= (unsigned long)trampoline + op_offset + OP_REF_SIZE; 813 814 op_ptr.offset = offset; 815 816 /* put in the new offset to the ftrace_ops */ 817 memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE); 818 819 /* ALLOC_TRAMP flags lets us know we created it */ 820 ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP; 821 822 return (unsigned long)trampoline; 823 fail: 824 tramp_free(trampoline, *tramp_size); 825 return 0; 826 } 827 828 static unsigned long calc_trampoline_call_offset(bool save_regs) 829 { 830 unsigned long start_offset; 831 unsigned long call_offset; 832 833 if (save_regs) { 834 start_offset = (unsigned long)ftrace_regs_caller; 835 call_offset = (unsigned long)ftrace_regs_call; 836 } else { 837 start_offset = (unsigned long)ftrace_caller; 838 call_offset = (unsigned long)ftrace_call; 839 } 840 841 return call_offset - start_offset; 842 } 843 844 void arch_ftrace_update_trampoline(struct ftrace_ops *ops) 845 { 846 ftrace_func_t func; 847 unsigned char *new; 848 unsigned long offset; 849 unsigned long ip; 850 unsigned int size; 851 int ret, npages; 852 853 if (ops->trampoline) { 854 /* 855 * The ftrace_ops caller may set up its own trampoline. 856 * In such a case, this code must not modify it. 857 */ 858 if (!(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP)) 859 return; 860 npages = PAGE_ALIGN(ops->trampoline_size) >> PAGE_SHIFT; 861 set_memory_rw(ops->trampoline, npages); 862 } else { 863 ops->trampoline = create_trampoline(ops, &size); 864 if (!ops->trampoline) 865 return; 866 ops->trampoline_size = size; 867 npages = PAGE_ALIGN(size) >> PAGE_SHIFT; 868 } 869 870 offset = calc_trampoline_call_offset(ops->flags & FTRACE_OPS_FL_SAVE_REGS); 871 ip = ops->trampoline + offset; 872 873 func = ftrace_ops_get_func(ops); 874 875 /* Do a safe modify in case the trampoline is executing */ 876 new = ftrace_call_replace(ip, (unsigned long)func); 877 ret = update_ftrace_func(ip, new); 878 set_memory_ro(ops->trampoline, npages); 879 880 /* The update should never fail */ 881 WARN_ON(ret); 882 } 883 884 /* Return the address of the function the trampoline calls */ 885 static void *addr_from_call(void *ptr) 886 { 887 union ftrace_code_union calc; 888 int ret; 889 890 ret = probe_kernel_read(&calc, ptr, MCOUNT_INSN_SIZE); 891 if (WARN_ON_ONCE(ret < 0)) 892 return NULL; 893 894 /* Make sure this is a call */ 895 if (WARN_ON_ONCE(calc.e8 != 0xe8)) { 896 pr_warn("Expected e8, got %x\n", calc.e8); 897 return NULL; 898 } 899 900 return ptr + MCOUNT_INSN_SIZE + calc.offset; 901 } 902 903 void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, 904 unsigned long frame_pointer); 905 906 /* 907 * If the ops->trampoline was not allocated, then it probably 908 * has a static trampoline func, or is the ftrace caller itself. 909 */ 910 static void *static_tramp_func(struct ftrace_ops *ops, struct dyn_ftrace *rec) 911 { 912 unsigned long offset; 913 bool save_regs = rec->flags & FTRACE_FL_REGS_EN; 914 void *ptr; 915 916 if (ops && ops->trampoline) { 917 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 918 /* 919 * We only know about function graph tracer setting as static 920 * trampoline. 921 */ 922 if (ops->trampoline == FTRACE_GRAPH_ADDR) 923 return (void *)prepare_ftrace_return; 924 #endif 925 return NULL; 926 } 927 928 offset = calc_trampoline_call_offset(save_regs); 929 930 if (save_regs) 931 ptr = (void *)FTRACE_REGS_ADDR + offset; 932 else 933 ptr = (void *)FTRACE_ADDR + offset; 934 935 return addr_from_call(ptr); 936 } 937 938 void *arch_ftrace_trampoline_func(struct ftrace_ops *ops, struct dyn_ftrace *rec) 939 { 940 unsigned long offset; 941 942 /* If we didn't allocate this trampoline, consider it static */ 943 if (!ops || !(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP)) 944 return static_tramp_func(ops, rec); 945 946 offset = calc_trampoline_call_offset(ops->flags & FTRACE_OPS_FL_SAVE_REGS); 947 return addr_from_call((void *)ops->trampoline + offset); 948 } 949 950 void arch_ftrace_trampoline_free(struct ftrace_ops *ops) 951 { 952 if (!ops || !(ops->flags & FTRACE_OPS_FL_ALLOC_TRAMP)) 953 return; 954 955 tramp_free((void *)ops->trampoline, ops->trampoline_size); 956 ops->trampoline = 0; 957 } 958 959 #endif /* CONFIG_X86_64 */ 960 #endif /* CONFIG_DYNAMIC_FTRACE */ 961 962 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 963 964 #ifdef CONFIG_DYNAMIC_FTRACE 965 extern void ftrace_graph_call(void); 966 967 static int ftrace_mod_jmp(unsigned long ip, void *func) 968 { 969 unsigned char *new; 970 971 new = ftrace_jmp_replace(ip, (unsigned long)func); 972 973 return update_ftrace_func(ip, new); 974 } 975 976 int ftrace_enable_ftrace_graph_caller(void) 977 { 978 unsigned long ip = (unsigned long)(&ftrace_graph_call); 979 980 return ftrace_mod_jmp(ip, &ftrace_graph_caller); 981 } 982 983 int ftrace_disable_ftrace_graph_caller(void) 984 { 985 unsigned long ip = (unsigned long)(&ftrace_graph_call); 986 987 return ftrace_mod_jmp(ip, &ftrace_stub); 988 } 989 990 #endif /* !CONFIG_DYNAMIC_FTRACE */ 991 992 /* 993 * Hook the return address and push it in the stack of return addrs 994 * in current thread info. 995 */ 996 void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, 997 unsigned long frame_pointer) 998 { 999 unsigned long old; 1000 int faulted; 1001 unsigned long return_hooker = (unsigned long) 1002 &return_to_handler; 1003 1004 /* 1005 * When resuming from suspend-to-ram, this function can be indirectly 1006 * called from early CPU startup code while the CPU is in real mode, 1007 * which would fail miserably. Make sure the stack pointer is a 1008 * virtual address. 1009 * 1010 * This check isn't as accurate as virt_addr_valid(), but it should be 1011 * good enough for this purpose, and it's fast. 1012 */ 1013 if (unlikely((long)__builtin_frame_address(0) >= 0)) 1014 return; 1015 1016 if (unlikely(ftrace_graph_is_dead())) 1017 return; 1018 1019 if (unlikely(atomic_read(¤t->tracing_graph_pause))) 1020 return; 1021 1022 /* 1023 * Protect against fault, even if it shouldn't 1024 * happen. This tool is too much intrusive to 1025 * ignore such a protection. 1026 */ 1027 asm volatile( 1028 "1: " _ASM_MOV " (%[parent]), %[old]\n" 1029 "2: " _ASM_MOV " %[return_hooker], (%[parent])\n" 1030 " movl $0, %[faulted]\n" 1031 "3:\n" 1032 1033 ".section .fixup, \"ax\"\n" 1034 "4: movl $1, %[faulted]\n" 1035 " jmp 3b\n" 1036 ".previous\n" 1037 1038 _ASM_EXTABLE(1b, 4b) 1039 _ASM_EXTABLE(2b, 4b) 1040 1041 : [old] "=&r" (old), [faulted] "=r" (faulted) 1042 : [parent] "r" (parent), [return_hooker] "r" (return_hooker) 1043 : "memory" 1044 ); 1045 1046 if (unlikely(faulted)) { 1047 ftrace_graph_stop(); 1048 WARN_ON(1); 1049 return; 1050 } 1051 1052 if (function_graph_enter(old, self_addr, frame_pointer, parent)) 1053 *parent = old; 1054 } 1055 #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ 1056