/* SPDX-License-Identifier: GPL-2.0 */1/*2* Copyright (C) 2014 Steven Rostedt, Red Hat Inc3*/45#include <linux/export.h>6#include <linux/cfi_types.h>7#include <linux/linkage.h>8#include <asm/asm-offsets.h>9#include <asm/ptrace.h>10#include <asm/ftrace.h>11#include <asm/nospec-branch.h>12#include <asm/unwind_hints.h>13#include <asm/frame.h>1415.code6416.section .text, "ax"1718#ifdef CONFIG_FRAME_POINTER19/* Save parent and function stack frames (rip and rbp) */20# define MCOUNT_FRAME_SIZE (8+16*2)21#else22/* No need to save a stack frame */23# define MCOUNT_FRAME_SIZE 024#endif /* CONFIG_FRAME_POINTER */2526/* Size of stack used to save mcount regs in save_mcount_regs */27#define MCOUNT_REG_SIZE (FRAME_SIZE + MCOUNT_FRAME_SIZE)2829/*30* gcc -pg option adds a call to 'mcount' in most functions.31* When -mfentry is used, the call is to 'fentry' and not 'mcount'32* and is done before the function's stack frame is set up.33* They both require a set of regs to be saved before calling34* any C code and restored before returning back to the function.35*36* On boot up, all these calls are converted into nops. When tracing37* is enabled, the call can jump to either ftrace_caller or38* ftrace_regs_caller. Callbacks (tracing functions) that require39* ftrace_regs_caller (like kprobes) need to have pt_regs passed to40* it. For this reason, the size of the pt_regs structure will be41* allocated on the stack and the required mcount registers will42* be saved in the locations that pt_regs has them in.43*/4445/*46* @added: the amount of stack added before calling this47*48* After this is called, the following registers contain:49*50* %rdi - holds the address that called the trampoline51* %rsi - holds the parent function (traced function's return address)52* %rdx - holds the original %rbp53*/54.macro save_mcount_regs added=05556#ifdef CONFIG_FRAME_POINTER57/* Save the original rbp */58pushq %rbp5960/*61* Stack traces will stop at the ftrace trampoline if the frame pointer62* is not set up properly. If fentry is used, we need to save a frame63* pointer for the parent as well as the function traced, because the64* fentry is called before the stack frame is set up, where as mcount65* is called afterward.66*/6768/* Save the parent pointer (skip orig rbp and our return address) */69pushq \added+8*2(%rsp)70pushq %rbp71movq %rsp, %rbp72/* Save the return address (now skip orig rbp, rbp and parent) */73pushq \added+8*3(%rsp)74pushq %rbp75movq %rsp, %rbp76#endif /* CONFIG_FRAME_POINTER */7778/*79* We add enough stack to save all regs.80*/81subq $(FRAME_SIZE), %rsp82movq %rax, RAX(%rsp)83movq %rcx, RCX(%rsp)84movq %rdx, RDX(%rsp)85movq %rsi, RSI(%rsp)86movq %rdi, RDI(%rsp)87movq %r8, R8(%rsp)88movq %r9, R9(%rsp)89movq $0, ORIG_RAX(%rsp)90/*91* Save the original RBP. Even though the mcount ABI does not92* require this, it helps out callers.93*/94#ifdef CONFIG_FRAME_POINTER95movq MCOUNT_REG_SIZE-8(%rsp), %rdx96#else97movq %rbp, %rdx98#endif99movq %rdx, RBP(%rsp)100101/* Copy the parent address into %rsi (second parameter) */102movq MCOUNT_REG_SIZE+8+\added(%rsp), %rsi103104/* Move RIP to its proper location */105movq MCOUNT_REG_SIZE+\added(%rsp), %rdi106movq %rdi, RIP(%rsp)107108/*109* Now %rdi (the first parameter) has the return address of110* where ftrace_call returns. But the callbacks expect the111* address of the call itself.112*/113subq $MCOUNT_INSN_SIZE, %rdi114.endm115116.macro restore_mcount_regs save=0117118/* ftrace_regs_caller or frame pointers require this */119movq RBP(%rsp), %rbp120121movq R9(%rsp), %r9122movq R8(%rsp), %r8123movq RDI(%rsp), %rdi124movq RSI(%rsp), %rsi125movq RDX(%rsp), %rdx126movq RCX(%rsp), %rcx127movq RAX(%rsp), %rax128129addq $MCOUNT_REG_SIZE-\save, %rsp130131.endm132133SYM_TYPED_FUNC_START(ftrace_stub)134CALL_DEPTH_ACCOUNT135RET136SYM_FUNC_END(ftrace_stub)137138#ifdef CONFIG_FUNCTION_GRAPH_TRACER139SYM_TYPED_FUNC_START(ftrace_stub_graph)140CALL_DEPTH_ACCOUNT141RET142SYM_FUNC_END(ftrace_stub_graph)143#endif144145#ifdef CONFIG_DYNAMIC_FTRACE146147SYM_FUNC_START(__fentry__)148ANNOTATE_NOENDBR149CALL_DEPTH_ACCOUNT150RET151SYM_FUNC_END(__fentry__)152EXPORT_SYMBOL(__fentry__)153154SYM_FUNC_START(ftrace_caller)155ANNOTATE_NOENDBR156/* save_mcount_regs fills in first two parameters */157save_mcount_regs158159CALL_DEPTH_ACCOUNT160161/* Stack - skipping return address of ftrace_caller */162leaq MCOUNT_REG_SIZE+8(%rsp), %rcx163movq %rcx, RSP(%rsp)164165SYM_INNER_LABEL(ftrace_caller_op_ptr, SYM_L_GLOBAL)166ANNOTATE_NOENDBR167/* Load the ftrace_ops into the 3rd parameter */168movq function_trace_op(%rip), %rdx169170/* regs go into 4th parameter */171leaq (%rsp), %rcx172173/* Only ops with REGS flag set should have CS register set */174movq $0, CS(%rsp)175176/* Account for the function call below */177CALL_DEPTH_ACCOUNT178179SYM_INNER_LABEL(ftrace_call, SYM_L_GLOBAL)180ANNOTATE_NOENDBR181call ftrace_stub182183/* Handlers can change the RIP */184movq RIP(%rsp), %rax185movq %rax, MCOUNT_REG_SIZE(%rsp)186187restore_mcount_regs188189/*190* The code up to this label is copied into trampolines so191* think twice before adding any new code or changing the192* layout here.193*/194SYM_INNER_LABEL(ftrace_caller_end, SYM_L_GLOBAL)195ANNOTATE_NOENDBR196RET197SYM_FUNC_END(ftrace_caller);198STACK_FRAME_NON_STANDARD_FP(ftrace_caller)199200SYM_FUNC_START(ftrace_regs_caller)201ANNOTATE_NOENDBR202/* Save the current flags before any operations that can change them */203pushfq204205/* added 8 bytes to save flags */206save_mcount_regs 8207/* save_mcount_regs fills in first two parameters */208209CALL_DEPTH_ACCOUNT210211SYM_INNER_LABEL(ftrace_regs_caller_op_ptr, SYM_L_GLOBAL)212ANNOTATE_NOENDBR213/* Load the ftrace_ops into the 3rd parameter */214movq function_trace_op(%rip), %rdx215216/* Save the rest of pt_regs */217movq %r15, R15(%rsp)218movq %r14, R14(%rsp)219movq %r13, R13(%rsp)220movq %r12, R12(%rsp)221movq %r11, R11(%rsp)222movq %r10, R10(%rsp)223movq %rbx, RBX(%rsp)224/* Copy saved flags */225movq MCOUNT_REG_SIZE(%rsp), %rcx226movq %rcx, EFLAGS(%rsp)227/* Kernel segments */228movq $__KERNEL_DS, %rcx229movq %rcx, SS(%rsp)230movq $__KERNEL_CS, %rcx231movq %rcx, CS(%rsp)232/* Stack - skipping return address and flags */233leaq MCOUNT_REG_SIZE+8*2(%rsp), %rcx234movq %rcx, RSP(%rsp)235236ENCODE_FRAME_POINTER237238/* regs go into 4th parameter */239leaq (%rsp), %rcx240241/* Account for the function call below */242CALL_DEPTH_ACCOUNT243244SYM_INNER_LABEL(ftrace_regs_call, SYM_L_GLOBAL)245ANNOTATE_NOENDBR246call ftrace_stub247248/* Copy flags back to SS, to restore them */249movq EFLAGS(%rsp), %rax250movq %rax, MCOUNT_REG_SIZE(%rsp)251252/* Handlers can change the RIP */253movq RIP(%rsp), %rax254movq %rax, MCOUNT_REG_SIZE+8(%rsp)255256/* restore the rest of pt_regs */257movq R15(%rsp), %r15258movq R14(%rsp), %r14259movq R13(%rsp), %r13260movq R12(%rsp), %r12261movq R10(%rsp), %r10262movq RBX(%rsp), %rbx263264movq ORIG_RAX(%rsp), %rax265movq %rax, MCOUNT_REG_SIZE-8(%rsp)266267/*268* If ORIG_RAX is anything but zero, make this a call to that.269* See arch_ftrace_set_direct_caller().270*/271testq %rax, %rax272SYM_INNER_LABEL(ftrace_regs_caller_jmp, SYM_L_GLOBAL)273ANNOTATE_NOENDBR274jnz 1f275276restore_mcount_regs277/* Restore flags */278popfq279280/*281* The trampoline will add the return.282*/283SYM_INNER_LABEL(ftrace_regs_caller_end, SYM_L_GLOBAL)284ANNOTATE_NOENDBR285RET286287/* Swap the flags with orig_rax */2881: movq MCOUNT_REG_SIZE(%rsp), %rdi289movq %rdi, MCOUNT_REG_SIZE-8(%rsp)290movq %rax, MCOUNT_REG_SIZE(%rsp)291292restore_mcount_regs 8293/* Restore flags */294popfq295UNWIND_HINT_FUNC296297/*298* The above left an extra return value on the stack; effectively299* doing a tail-call without using a register. This PUSH;RET300* pattern unbalances the RSB, inject a pointless CALL to rebalance.301*/302ANNOTATE_INTRA_FUNCTION_CALL303CALL .Ldo_rebalance304int3305.Ldo_rebalance:306add $8, %rsp307ALTERNATIVE __stringify(RET), \308__stringify(ANNOTATE_UNRET_SAFE; ret; int3), \309X86_FEATURE_CALL_DEPTH310311SYM_FUNC_END(ftrace_regs_caller)312STACK_FRAME_NON_STANDARD_FP(ftrace_regs_caller)313314SYM_FUNC_START(ftrace_stub_direct_tramp)315ANNOTATE_NOENDBR316CALL_DEPTH_ACCOUNT317RET318SYM_FUNC_END(ftrace_stub_direct_tramp)319320#else /* ! CONFIG_DYNAMIC_FTRACE */321322SYM_FUNC_START(__fentry__)323ANNOTATE_NOENDBR324CALL_DEPTH_ACCOUNT325326cmpq $ftrace_stub, ftrace_trace_function327jnz trace328RET329330trace:331/* save_mcount_regs fills in first two parameters */332save_mcount_regs333334/*335* When DYNAMIC_FTRACE is not defined, ARCH_SUPPORTS_FTRACE_OPS is not336* set (see include/asm/ftrace.h and include/linux/ftrace.h). Only the337* ip and parent ip are used and the list function is called when338* function tracing is enabled.339*/340movq ftrace_trace_function, %r8341CALL_NOSPEC r8342restore_mcount_regs343344jmp ftrace_stub345SYM_FUNC_END(__fentry__)346EXPORT_SYMBOL(__fentry__)347STACK_FRAME_NON_STANDARD_FP(__fentry__)348349#endif /* CONFIG_DYNAMIC_FTRACE */350351#ifdef CONFIG_FUNCTION_GRAPH_TRACER352SYM_CODE_START(return_to_handler)353UNWIND_HINT_UNDEFINED354ANNOTATE_NOENDBR355356/* Save ftrace_regs for function exit context */357subq $(FRAME_SIZE), %rsp358359movq %rax, RAX(%rsp)360movq %rdx, RDX(%rsp)361movq %rbp, RBP(%rsp)362movq %rsp, %rdi363364call ftrace_return_to_handler365366movq %rax, %rdi367movq RDX(%rsp), %rdx368movq RAX(%rsp), %rax369370addq $(FRAME_SIZE), %rsp371/*372* Jump back to the old return address. This cannot be JMP_NOSPEC rdi373* since IBT would demand that contain ENDBR, which simply isn't so for374* return addresses. Use a retpoline here to keep the RSB balanced.375*/376ANNOTATE_INTRA_FUNCTION_CALL377call .Ldo_rop378int3379.Ldo_rop:380mov %rdi, (%rsp)381ALTERNATIVE __stringify(RET), \382__stringify(ANNOTATE_UNRET_SAFE; ret; int3), \383X86_FEATURE_CALL_DEPTH384SYM_CODE_END(return_to_handler)385#endif386387388