1 #include <linux/module.h>
2 #include <linux/sched.h>
3 #include <linux/mutex.h>
4 #include <linux/list.h>
5 #include <linux/stringify.h>
6 #include <linux/kprobes.h>
8 #include <linux/vmalloc.h>
9 #include <linux/memory.h>
10 #include <linux/stop_machine.h>
11 #include <linux/slab.h>
12 #include <asm/alternative.h>
13 #include <asm/sections.h>
14 #include <asm/pgtable.h>
17 #include <asm/cacheflush.h>
18 #include <asm/tlbflush.h>
20 #include <asm/fixmap.h>
22 #define MAX_PATCH_LEN (255-1)
24 #ifdef CONFIG_HOTPLUG_CPU
25 static int smp_alt_once;
27 static int __init bootonly(char *str)
32 __setup("smp-alt-boot", bootonly);
34 #define smp_alt_once 1
37 static int __initdata_or_module debug_alternative;
39 static int __init debug_alt(char *str)
41 debug_alternative = 1;
44 __setup("debug-alternative", debug_alt);
46 static int noreplace_smp;
48 static int __init setup_noreplace_smp(char *str)
53 __setup("noreplace-smp", setup_noreplace_smp);
55 #ifdef CONFIG_PARAVIRT
56 static int __initdata_or_module noreplace_paravirt = 0;
58 static int __init setup_noreplace_paravirt(char *str)
60 noreplace_paravirt = 1;
63 __setup("noreplace-paravirt", setup_noreplace_paravirt);
66 #define DPRINTK(fmt, args...) if (debug_alternative) \
67 printk(KERN_DEBUG fmt, args)
70 * Each GENERIC_NOPX is of X bytes, and defined as an array of bytes
71 * that correspond to that nop. Getting from one nop to the next, we
72 * add to the array the offset that is equal to the sum of all sizes of
73 * nops preceding the one we are after.
75 * Note: The GENERIC_NOP5_ATOMIC is at the end, as it breaks the
76 * nice symmetry of sizes of the previous nops.
78 #if defined(GENERIC_NOP1) && !defined(CONFIG_X86_64)
79 static const unsigned char intelnops[] =
91 static const unsigned char * const intel_nops[ASM_NOP_MAX+2] =
97 intelnops + 1 + 2 + 3,
98 intelnops + 1 + 2 + 3 + 4,
99 intelnops + 1 + 2 + 3 + 4 + 5,
100 intelnops + 1 + 2 + 3 + 4 + 5 + 6,
101 intelnops + 1 + 2 + 3 + 4 + 5 + 6 + 7,
102 intelnops + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8,
107 static const unsigned char k8nops[] =
119 static const unsigned char * const k8_nops[ASM_NOP_MAX+2] =
126 k8nops + 1 + 2 + 3 + 4,
127 k8nops + 1 + 2 + 3 + 4 + 5,
128 k8nops + 1 + 2 + 3 + 4 + 5 + 6,
129 k8nops + 1 + 2 + 3 + 4 + 5 + 6 + 7,
130 k8nops + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8,
134 #if defined(K7_NOP1) && !defined(CONFIG_X86_64)
135 static const unsigned char k7nops[] =
147 static const unsigned char * const k7_nops[ASM_NOP_MAX+2] =
154 k7nops + 1 + 2 + 3 + 4,
155 k7nops + 1 + 2 + 3 + 4 + 5,
156 k7nops + 1 + 2 + 3 + 4 + 5 + 6,
157 k7nops + 1 + 2 + 3 + 4 + 5 + 6 + 7,
158 k7nops + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8,
163 static const unsigned char __initconst_or_module p6nops[] =
175 static const unsigned char * const p6_nops[ASM_NOP_MAX+2] =
182 p6nops + 1 + 2 + 3 + 4,
183 p6nops + 1 + 2 + 3 + 4 + 5,
184 p6nops + 1 + 2 + 3 + 4 + 5 + 6,
185 p6nops + 1 + 2 + 3 + 4 + 5 + 6 + 7,
186 p6nops + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8,
190 /* Initialize these to a safe default */
192 const unsigned char * const *ideal_nops = p6_nops;
194 const unsigned char * const *ideal_nops = intel_nops;
197 void __init arch_init_ideal_nops(void)
199 switch (boot_cpu_data.x86_vendor) {
200 case X86_VENDOR_INTEL:
202 * Due to a decoder implementation quirk, some
203 * specific Intel CPUs actually perform better with
204 * the "k8_nops" than with the SDM-recommended NOPs.
206 if (boot_cpu_data.x86 == 6 &&
207 boot_cpu_data.x86_model >= 0x0f &&
208 boot_cpu_data.x86_model != 0x1c &&
209 boot_cpu_data.x86_model != 0x26 &&
210 boot_cpu_data.x86_model != 0x27 &&
211 boot_cpu_data.x86_model < 0x30) {
212 ideal_nops = k8_nops;
213 } else if (boot_cpu_has(X86_FEATURE_NOPL)) {
214 ideal_nops = p6_nops;
217 ideal_nops = k8_nops;
219 ideal_nops = intel_nops;
225 ideal_nops = k8_nops;
227 if (boot_cpu_has(X86_FEATURE_K8))
228 ideal_nops = k8_nops;
229 else if (boot_cpu_has(X86_FEATURE_K7))
230 ideal_nops = k7_nops;
232 ideal_nops = intel_nops;
237 /* Use this to add nops to a buffer, then text_poke the whole buffer. */
238 static void __init_or_module add_nops(void *insns, unsigned int len)
241 unsigned int noplen = len;
242 if (noplen > ASM_NOP_MAX)
243 noplen = ASM_NOP_MAX;
244 memcpy(insns, ideal_nops[noplen], noplen);
250 extern struct alt_instr __alt_instructions[], __alt_instructions_end[];
251 extern s32 __smp_locks[], __smp_locks_end[];
252 void *text_poke_early(void *addr, const void *opcode, size_t len);
254 /* Replace instructions with better alternatives for this CPU type.
255 This runs before SMP is initialized to avoid SMP problems with
256 self modifying code. This implies that asymmetric systems where
257 APs have less capabilities than the boot processor are not handled.
258 Tough. Make sure you disable such features by hand. */
260 void __init_or_module apply_alternatives(struct alt_instr *start,
261 struct alt_instr *end)
264 u8 *instr, *replacement;
265 u8 insnbuf[MAX_PATCH_LEN];
267 DPRINTK("%s: alt table %p -> %p\n", __func__, start, end);
269 * The scan order should be from start to end. A later scanned
270 * alternative code can overwrite a previous scanned alternative code.
271 * Some kernel functions (e.g. memcpy, memset, etc) use this order to
274 * So be careful if you want to change the scan order to any other
277 for (a = start; a < end; a++) {
278 instr = (u8 *)&a->instr_offset + a->instr_offset;
279 replacement = (u8 *)&a->repl_offset + a->repl_offset;
280 BUG_ON(a->replacementlen > a->instrlen);
281 BUG_ON(a->instrlen > sizeof(insnbuf));
282 BUG_ON(a->cpuid >= NCAPINTS*32);
283 if (!boot_cpu_has(a->cpuid))
286 memcpy(insnbuf, replacement, a->replacementlen);
288 /* 0xe8 is a relative jump; fix the offset. */
289 if (*insnbuf == 0xe8 && a->replacementlen == 5)
290 *(s32 *)(insnbuf + 1) += replacement - instr;
292 add_nops(insnbuf + a->replacementlen,
293 a->instrlen - a->replacementlen);
295 text_poke_early(instr, insnbuf, a->instrlen);
301 static void alternatives_smp_lock(const s32 *start, const s32 *end,
302 u8 *text, u8 *text_end)
306 mutex_lock(&text_mutex);
307 for (poff = start; poff < end; poff++) {
308 u8 *ptr = (u8 *)poff + *poff;
310 if (!*poff || ptr < text || ptr >= text_end)
312 /* turn DS segment override prefix into lock prefix */
314 text_poke(ptr, ((unsigned char []){0xf0}), 1);
316 mutex_unlock(&text_mutex);
319 static void alternatives_smp_unlock(const s32 *start, const s32 *end,
320 u8 *text, u8 *text_end)
327 mutex_lock(&text_mutex);
328 for (poff = start; poff < end; poff++) {
329 u8 *ptr = (u8 *)poff + *poff;
331 if (!*poff || ptr < text || ptr >= text_end)
333 /* turn lock prefix into DS segment override prefix */
335 text_poke(ptr, ((unsigned char []){0x3E}), 1);
337 mutex_unlock(&text_mutex);
340 struct smp_alt_module {
341 /* what is this ??? */
345 /* ptrs to lock prefixes */
347 const s32 *locks_end;
349 /* .text segment, needed to avoid patching init code ;) */
353 struct list_head next;
355 static LIST_HEAD(smp_alt_modules);
356 static DEFINE_MUTEX(smp_alt);
357 static int smp_mode = 1; /* protected by smp_alt */
359 void __init_or_module alternatives_smp_module_add(struct module *mod,
361 void *locks, void *locks_end,
362 void *text, void *text_end)
364 struct smp_alt_module *smp;
370 if (boot_cpu_has(X86_FEATURE_UP))
371 alternatives_smp_unlock(locks, locks_end,
376 smp = kzalloc(sizeof(*smp), GFP_KERNEL);
378 return; /* we'll run the (safe but slow) SMP code then ... */
383 smp->locks_end = locks_end;
385 smp->text_end = text_end;
386 DPRINTK("%s: locks %p -> %p, text %p -> %p, name %s\n",
387 __func__, smp->locks, smp->locks_end,
388 smp->text, smp->text_end, smp->name);
390 mutex_lock(&smp_alt);
391 list_add_tail(&smp->next, &smp_alt_modules);
392 if (boot_cpu_has(X86_FEATURE_UP))
393 alternatives_smp_unlock(smp->locks, smp->locks_end,
394 smp->text, smp->text_end);
395 mutex_unlock(&smp_alt);
398 void __init_or_module alternatives_smp_module_del(struct module *mod)
400 struct smp_alt_module *item;
402 if (smp_alt_once || noreplace_smp)
405 mutex_lock(&smp_alt);
406 list_for_each_entry(item, &smp_alt_modules, next) {
407 if (mod != item->mod)
409 list_del(&item->next);
410 mutex_unlock(&smp_alt);
411 DPRINTK("%s: %s\n", __func__, item->name);
415 mutex_unlock(&smp_alt);
418 bool skip_smp_alternatives;
419 void alternatives_smp_switch(int smp)
421 struct smp_alt_module *mod;
423 #ifdef CONFIG_LOCKDEP
425 * Older binutils section handling bug prevented
426 * alternatives-replacement from working reliably.
428 * If this still occurs then you should see a hang
429 * or crash shortly after this line:
431 printk("lockdep: fixing up alternatives.\n");
434 if (noreplace_smp || smp_alt_once || skip_smp_alternatives)
436 BUG_ON(!smp && (num_online_cpus() > 1));
438 mutex_lock(&smp_alt);
441 * Avoid unnecessary switches because it forces JIT based VMs to
442 * throw away all cached translations, which can be quite costly.
444 if (smp == smp_mode) {
447 printk(KERN_INFO "SMP alternatives: switching to SMP code\n");
448 clear_cpu_cap(&boot_cpu_data, X86_FEATURE_UP);
449 clear_cpu_cap(&cpu_data(0), X86_FEATURE_UP);
450 list_for_each_entry(mod, &smp_alt_modules, next)
451 alternatives_smp_lock(mod->locks, mod->locks_end,
452 mod->text, mod->text_end);
454 printk(KERN_INFO "SMP alternatives: switching to UP code\n");
455 set_cpu_cap(&boot_cpu_data, X86_FEATURE_UP);
456 set_cpu_cap(&cpu_data(0), X86_FEATURE_UP);
457 list_for_each_entry(mod, &smp_alt_modules, next)
458 alternatives_smp_unlock(mod->locks, mod->locks_end,
459 mod->text, mod->text_end);
462 mutex_unlock(&smp_alt);
465 /* Return 1 if the address range is reserved for smp-alternatives */
466 int alternatives_text_reserved(void *start, void *end)
468 struct smp_alt_module *mod;
470 u8 *text_start = start;
473 list_for_each_entry(mod, &smp_alt_modules, next) {
474 if (mod->text > text_end || mod->text_end < text_start)
476 for (poff = mod->locks; poff < mod->locks_end; poff++) {
477 const u8 *ptr = (const u8 *)poff + *poff;
479 if (text_start <= ptr && text_end > ptr)
488 #ifdef CONFIG_PARAVIRT
489 void __init_or_module apply_paravirt(struct paravirt_patch_site *start,
490 struct paravirt_patch_site *end)
492 struct paravirt_patch_site *p;
493 char insnbuf[MAX_PATCH_LEN];
495 if (noreplace_paravirt)
498 for (p = start; p < end; p++) {
501 BUG_ON(p->len > MAX_PATCH_LEN);
502 /* prep the buffer with the original instructions */
503 memcpy(insnbuf, p->instr, p->len);
504 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
505 (unsigned long)p->instr, p->len);
507 BUG_ON(used > p->len);
509 /* Pad the rest with nops */
510 add_nops(insnbuf + used, p->len - used);
511 text_poke_early(p->instr, insnbuf, p->len);
514 extern struct paravirt_patch_site __start_parainstructions[],
515 __stop_parainstructions[];
516 #endif /* CONFIG_PARAVIRT */
518 void __init alternative_instructions(void)
520 /* The patching is not fully atomic, so try to avoid local interruptions
521 that might execute the to be patched code.
522 Other CPUs are not running. */
526 * Don't stop machine check exceptions while patching.
527 * MCEs only happen when something got corrupted and in this
528 * case we must do something about the corruption.
529 * Ignoring it is worse than a unlikely patching race.
530 * Also machine checks tend to be broadcast and if one CPU
531 * goes into machine check the others follow quickly, so we don't
532 * expect a machine check to cause undue problems during to code
536 apply_alternatives(__alt_instructions, __alt_instructions_end);
538 /* switch to patch-once-at-boottime-only mode and free the
539 * tables in case we know the number of CPUs will never ever
541 #ifdef CONFIG_HOTPLUG_CPU
542 if (num_possible_cpus() < 2)
548 if (1 == num_possible_cpus()) {
549 printk(KERN_INFO "SMP alternatives: switching to UP code\n");
550 set_cpu_cap(&boot_cpu_data, X86_FEATURE_UP);
551 set_cpu_cap(&cpu_data(0), X86_FEATURE_UP);
553 alternatives_smp_unlock(__smp_locks, __smp_locks_end,
557 alternatives_smp_module_add(NULL, "core kernel",
558 __smp_locks, __smp_locks_end,
561 /* Only switch to UP mode if we don't immediately boot others */
562 if (num_present_cpus() == 1 || setup_max_cpus <= 1)
563 alternatives_smp_switch(0);
566 apply_paravirt(__parainstructions, __parainstructions_end);
569 free_init_pages("SMP alternatives",
570 (unsigned long)__smp_locks,
571 (unsigned long)__smp_locks_end);
577 * text_poke_early - Update instructions on a live kernel at boot time
578 * @addr: address to modify
579 * @opcode: source of the copy
580 * @len: length to copy
582 * When you use this code to patch more than one byte of an instruction
583 * you need to make sure that other CPUs cannot execute this code in parallel.
584 * Also no thread must be currently preempted in the middle of these
585 * instructions. And on the local CPU you need to be protected again NMI or MCE
586 * handlers seeing an inconsistent instruction while you patch.
588 void *__init_or_module text_poke_early(void *addr, const void *opcode,
592 local_irq_save(flags);
593 memcpy(addr, opcode, len);
595 local_irq_restore(flags);
596 /* Could also do a CLFLUSH here to speed up CPU recovery; but
597 that causes hangs on some VIA CPUs. */
602 * text_poke - Update instructions on a live kernel
603 * @addr: address to modify
604 * @opcode: source of the copy
605 * @len: length to copy
607 * Only atomic text poke/set should be allowed when not doing early patching.
608 * It means the size must be writable atomically and the address must be aligned
609 * in a way that permits an atomic write. It also makes sure we fit on a single
612 * Note: Must be called under text_mutex.
614 void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
618 struct page *pages[2];
621 if (!core_kernel_text((unsigned long)addr)) {
622 pages[0] = vmalloc_to_page(addr);
623 pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
625 pages[0] = virt_to_page(addr);
626 WARN_ON(!PageReserved(pages[0]));
627 pages[1] = virt_to_page(addr + PAGE_SIZE);
630 local_irq_save(flags);
631 set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
633 set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1]));
634 vaddr = (char *)fix_to_virt(FIX_TEXT_POKE0);
635 memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
636 clear_fixmap(FIX_TEXT_POKE0);
638 clear_fixmap(FIX_TEXT_POKE1);
641 /* Could also do a CLFLUSH here to speed up CPU recovery; but
642 that causes hangs on some VIA CPUs. */
643 for (i = 0; i < len; i++)
644 BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
645 local_irq_restore(flags);
650 * Cross-modifying kernel text with stop_machine().
651 * This code originally comes from immediate value.
653 static atomic_t stop_machine_first;
654 static int wrote_text;
656 struct text_poke_params {
657 struct text_poke_param *params;
661 static int __kprobes stop_machine_text_poke(void *data)
663 struct text_poke_params *tpp = data;
664 struct text_poke_param *p;
667 if (atomic_dec_and_test(&stop_machine_first)) {
668 for (i = 0; i < tpp->nparams; i++) {
670 text_poke(p->addr, p->opcode, p->len);
672 smp_wmb(); /* Make sure other cpus see that this has run */
677 smp_mb(); /* Load wrote_text before following execution */
680 for (i = 0; i < tpp->nparams; i++) {
682 flush_icache_range((unsigned long)p->addr,
683 (unsigned long)p->addr + p->len);
686 * Intel Archiecture Software Developer's Manual section 7.1.3 specifies
687 * that a core serializing instruction such as "cpuid" should be
688 * executed on _each_ core before the new instruction is made visible.
695 * text_poke_smp - Update instructions on a live kernel on SMP
696 * @addr: address to modify
697 * @opcode: source of the copy
698 * @len: length to copy
700 * Modify multi-byte instruction by using stop_machine() on SMP. This allows
701 * user to poke/set multi-byte text on SMP. Only non-NMI/MCE code modifying
702 * should be allowed, since stop_machine() does _not_ protect code against
705 * Note: Must be called under get_online_cpus() and text_mutex.
707 void *__kprobes text_poke_smp(void *addr, const void *opcode, size_t len)
709 struct text_poke_params tpp;
710 struct text_poke_param p;
717 atomic_set(&stop_machine_first, 1);
719 /* Use __stop_machine() because the caller already got online_cpus. */
720 __stop_machine(stop_machine_text_poke, (void *)&tpp, cpu_online_mask);
725 * text_poke_smp_batch - Update instructions on a live kernel on SMP
726 * @params: an array of text_poke parameters
727 * @n: the number of elements in params.
729 * Modify multi-byte instruction by using stop_machine() on SMP. Since the
730 * stop_machine() is heavy task, it is better to aggregate text_poke requests
731 * and do it once if possible.
733 * Note: Must be called under get_online_cpus() and text_mutex.
735 void __kprobes text_poke_smp_batch(struct text_poke_param *params, int n)
737 struct text_poke_params tpp = {.params = params, .nparams = n};
739 atomic_set(&stop_machine_first, 1);
741 __stop_machine(stop_machine_text_poke, (void *)&tpp, NULL);
git.openpandora.org / pandora-kernel.git / blob