18 files changed, 484 insertions, 31 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ac22bb7719f7..352f63df1d80 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -29,11 +29,14 @@ config X86
         select HAVE_FTRACE_MCOUNT_RECORD
         select HAVE_DYNAMIC_FTRACE
         select HAVE_FUNCTION_TRACER
+        select HAVE_FUNCTION_RET_TRACER if X86_32
+        select HAVE_FUNCTION_TRACE_MCOUNT_TEST
         select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
         select HAVE_ARCH_KGDB if !X86_VOYAGER
         select HAVE_ARCH_TRACEHOOK
         select HAVE_GENERIC_DMA_COHERENT if X86_32
         select HAVE_EFFICIENT_UNALIGNED_ACCESS
+        select USER_STACKTRACE_SUPPORT
 
 config ARCH_DEFCONFIG
         string
@@ -367,10 +370,10 @@ config X86_RDC321X
           as R-8610-(G).
           If you don't have one of these chips, you should say N here.
 
-config SCHED_NO_NO_OMIT_FRAME_POINTER
+config SCHED_OMIT_FRAME_POINTER
         def_bool y
         prompt "Single-depth WCHAN output"
-        depends on X86_32
+        depends on X86
         help
           Calculate simpler /proc/<PID>/wchan values. If this option
           is disabled then wchan values will recurse back to the
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 2a3dfbd5e677..fa013f529b74 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -186,14 +186,10 @@ config IOMMU_LEAK
           Add a simple leak tracer to the IOMMU code. This is useful when you
           are debugging a buggy device driver that leaks IOMMU mappings.
 
-config MMIOTRACE_HOOKS
-        bool
-
 config MMIOTRACE
         bool "Memory mapped IO tracing"
         depends on DEBUG_KERNEL && PCI
         select TRACING
-        select MMIOTRACE_HOOKS
         help
           Mmiotrace traces Memory Mapped I/O access and is meant for
           debugging and reverse engineering. It is called from the ioremap
diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h
index 9e8bc29b8b17..754a3e082f94 100644
--- a/arch/x86/include/asm/ftrace.h
+++ b/arch/x86/include/asm/ftrace.h
@@ -17,8 +17,40 @@ static inline unsigned long ftrace_call_adjust(unsigned long addr)
          */
         return addr - 1;
 }
-#endif
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+
+struct dyn_arch_ftrace {
+        /* No extra data needed for x86 */
+};
+
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif /* CONFIG_FUNCTION_TRACER */
 
+#ifdef CONFIG_FUNCTION_RET_TRACER
+
+#ifndef __ASSEMBLY__
+
+/*
+ * Stack of return addresses for functions
+ * of a thread.
+ * Used in struct thread_info
+ */
+struct ftrace_ret_stack {
+        unsigned long ret;
+        unsigned long func;
+        unsigned long long calltime;
+};
+
+/*
+ * Primary handler of a function return.
+ * It relays on ftrace_return_to_handler.
+ * Defined in entry32.S
+ */
+extern void return_to_handler(void);
+
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_FUNCTION_RET_TRACER */
+
 #endif /* _ASM_X86_FTRACE_H */
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index e44d379faad2..0921b4018c11 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -20,6 +20,8 @@
 struct task_struct;
 struct exec_domain;
 #include <asm/processor.h>
+#include <asm/ftrace.h>
+#include <asm/atomic.h>
 
 struct thread_info {
         struct task_struct      *task;          /* main task structure */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 35c54921b2e4..99192bb55a53 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -157,6 +157,7 @@ extern int __get_user_bad(void);
         int __ret_gu;                                                   \
         unsigned long __val_gu;                                         \
         __chk_user_ptr(ptr);                                            \
+        might_fault();                                                  \
         switch (sizeof(*(ptr))) {                                       \
         case 1:                                                         \
                 __get_user_x(1, __ret_gu, __val_gu, ptr);               \
@@ -241,6 +242,7 @@ extern void __put_user_8(void);
         int __ret_pu;                                           \
         __typeof__(*(ptr)) __pu_val;                            \
         __chk_user_ptr(ptr);                                    \
+        might_fault();                                          \
         __pu_val = x;                                           \
         switch (sizeof(*(ptr))) {                               \
         case 1:                                                 \
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index d095a3aeea1b..5e06259e90e5 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -82,8 +82,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
 static __always_inline unsigned long __must_check
 __copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-       might_sleep();
-       return __copy_to_user_inatomic(to, from, n);
+        might_fault();
+        return __copy_to_user_inatomic(to, from, n);
 }
 
 static __always_inline unsigned long
@@ -137,7 +137,7 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long
 __copy_from_user(void *to, const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (__builtin_constant_p(n)) {
                 unsigned long ret;
 
@@ -159,7 +159,7 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long __copy_from_user_nocache(void *to,
                                 const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (__builtin_constant_p(n)) {
                 unsigned long ret;
 
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index f8cfd00db450..84210c479fca 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -29,6 +29,8 @@ static __always_inline __must_check
 int __copy_from_user(void *dst, const void __user *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic(dst, (__force void *)src, size);
         switch (size) {
@@ -71,6 +73,8 @@ static __always_inline __must_check
 int __copy_to_user(void __user *dst, const void *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic((__force void *)dst, src, size);
         switch (size) {
@@ -113,6 +117,8 @@ static __always_inline __must_check
 int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic((__force void *)dst,
                                          (__force void *)src, size);
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index b62a7667828e..af2bc36ca1c4 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -14,6 +14,11 @@ CFLAGS_REMOVE_paravirt-spinlocks.o = -pg
 CFLAGS_REMOVE_ftrace.o = -pg
 endif
 
+ifdef CONFIG_FUNCTION_RET_TRACER
+# Don't trace __switch_to() but let it for function tracer
+CFLAGS_REMOVE_process_32.o = -pg
+endif
+
 #
 # vsyscalls (which work on the user stack) should have
 # no stack-protector checks:
@@ -65,6 +70,7 @@ obj-$(CONFIG_X86_LOCAL_APIC)	+= apic.o nmi.o
 obj-$(CONFIG_X86_IO_APIC)       += io_apic.o
 obj-$(CONFIG_X86_REBOOTFIXUPS)  += reboot_fixups_32.o
 obj-$(CONFIG_DYNAMIC_FTRACE)    += ftrace.o
+obj-$(CONFIG_FUNCTION_RET_TRACER)       += ftrace.o
 obj-$(CONFIG_KEXEC)             += machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 28b597ef9ca1..74defe21ba42 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -1157,6 +1157,9 @@ ENTRY(mcount)
 END(mcount)
 
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         pushl %eax
         pushl %ecx
         pushl %edx
@@ -1180,8 +1183,15 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         cmpl $ftrace_stub, ftrace_trace_function
         jnz trace
+#ifdef CONFIG_FUNCTION_RET_TRACER
+        cmpl $ftrace_stub, ftrace_function_return
+        jnz ftrace_return_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
         ret
@@ -1200,12 +1210,42 @@ trace:
         popl %edx
         popl %ecx
         popl %eax
-
         jmp ftrace_stub
 END(mcount)
 #endif /* CONFIG_DYNAMIC_FTRACE */
 #endif /* CONFIG_FUNCTION_TRACER */
 
+#ifdef CONFIG_FUNCTION_RET_TRACER
+ENTRY(ftrace_return_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        movl 0xc(%esp), %edx
+        lea 0x4(%ebp), %eax
+        call prepare_ftrace_return
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+END(ftrace_return_caller)
+
+.globl return_to_handler
+return_to_handler:
+        pushl $0
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        call ftrace_return_to_handler
+        movl %eax, 0xc(%esp)
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+#endif
+
 .section .rodata,"a"
 #include "syscall_table_32.S"
 
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b86f332c96a6..08aa6b10933c 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -68,6 +68,8 @@ ENTRY(mcount)
 END(mcount)
 
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
 
         /* taken from glibc */
         subq $0x38, %rsp
@@ -103,6 +105,9 @@ END(ftrace_caller)
 
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         cmpq $ftrace_stub, ftrace_trace_function
         jnz trace
 .globl ftrace_stub
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 50ea0ac8c9bf..bb137f7297ed 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -14,14 +14,17 @@
 #include <linux/uaccess.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
+#include <linux/sched.h>
 #include <linux/init.h>
 #include <linux/list.h>
 
 #include <asm/ftrace.h>
+#include <linux/ftrace.h>
 #include <asm/nops.h>
+#include <asm/nmi.h>
 
 
-static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+#ifdef CONFIG_DYNAMIC_FTRACE
 
 union ftrace_code_union {
         char code[MCOUNT_INSN_SIZE];
@@ -31,18 +34,12 @@ union ftrace_code_union {
         } __attribute__((packed));
 };
 
-
 static int ftrace_calc_offset(long ip, long addr)
 {
         return (int)(addr - ip);
 }
 
-unsigned char *ftrace_nop_replace(void)
-{
-        return ftrace_nop;
-}
-
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
         static union ftrace_code_union calc;
 
@@ -56,7 +53,143 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
         return calc.code;
 }
 
-int
+/*
+ * Modifying code must take extra care. On an SMP machine, if
+ * the code being modified is also being executed on another CPU
+ * that CPU will have undefined results and possibly take a GPF.
+ * We use kstop_machine to stop other CPUS from exectuing code.
+ * But this does not stop NMIs from happening. We still need
+ * to protect against that. We separate out the modification of
+ * the code to take care of this.
+ *
+ * Two buffers are added: An IP buffer and a "code" buffer.
+ *
+ * 1) Put the instruction pointer into the IP buffer
+ *    and the new code into the "code" buffer.
+ * 2) Set a flag that says we are modifying code
+ * 3) Wait for any running NMIs to finish.
+ * 4) Write the code
+ * 5) clear the flag.
+ * 6) Wait for any running NMIs to finish.
+ *
+ * If an NMI is executed, the first thing it does is to call
+ * "ftrace_nmi_enter". This will check if the flag is set to write
+ * and if it is, it will write what is in the IP and "code" buffers.
+ *
+ * The trick is, it does not matter if everyone is writing the same
+ * content to the code location. Also, if a CPU is executing code
+ * it is OK to write to that code location if the contents being written
+ * are the same as what exists.
+ */
+
+static atomic_t in_nmi = ATOMIC_INIT(0);
+static int mod_code_status;             /* holds return value of text write */
+static int mod_code_write;              /* set when NMI should do the write */
+static void *mod_code_ip;               /* holds the IP to write to */
+static void *mod_code_newcode;          /* holds the text to write to the IP */
+
+static unsigned nmi_wait_count;
+static atomic_t nmi_update_count = ATOMIC_INIT(0);
+
+int ftrace_arch_read_dyn_info(char *buf, int size)
+{
+        int r;
+
+        r = snprintf(buf, size, "%u %u",
+                     nmi_wait_count,
+                     atomic_read(&nmi_update_count));
+        return r;
+}
+
+static void ftrace_mod_code(void)
+{
+        /*
+         * Yes, more than one CPU process can be writing to mod_code_status.
+         *    (and the code itself)
+         * But if one were to fail, then they all should, and if one were
+         * to succeed, then they all should.
+         */
+        mod_code_status = probe_kernel_write(mod_code_ip, mod_code_newcode,
+                                             MCOUNT_INSN_SIZE);
+
+}
+
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+        /* Must have in_nmi seen before reading write flag */
+        smp_mb();
+        if (mod_code_write) {
+                ftrace_mod_code();
+                atomic_inc(&nmi_update_count);
+        }
+}
+
+void ftrace_nmi_exit(void)
+{
+        /* Finish all executions before clearing in_nmi */
+        smp_wmb();
+        atomic_dec(&in_nmi);
+}
+
+static void wait_for_nmi(void)
+{
+        int waited = 0;
+
+        while (atomic_read(&in_nmi)) {
+                waited = 1;
+                cpu_relax();
+        }
+
+        if (waited)
+                nmi_wait_count++;
+}
+
+static int
+do_ftrace_mod_code(unsigned long ip, void *new_code)
+{
+        mod_code_ip = (void *)ip;
+        mod_code_newcode = new_code;
+
+        /* The buffers need to be visible before we let NMIs write them */
+        smp_wmb();
+
+        mod_code_write = 1;
+
+        /* Make sure write bit is visible before we wait on NMIs */
+        smp_mb();
+
+        wait_for_nmi();
+
+        /* Make sure all running NMIs have finished before we write the code */
+        smp_mb();
+
+        ftrace_mod_code();
+
+        /* Make sure the write happens before clearing the bit */
+        smp_wmb();
+
+        mod_code_write = 0;
+
+        /* make sure NMIs see the cleared bit */
+        smp_mb();
+
+        wait_for_nmi();
+
+        return mod_code_status;
+}
+
+
+
+
+static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+
+static unsigned char *ftrace_nop_replace(void)
+{
+        return ftrace_nop;
+}
+
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                    unsigned char *new_code)
 {
@@ -81,7 +214,7 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                 return -EINVAL;
 
         /* replace the text with the new text */
-        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
+        if (do_ftrace_mod_code(ip, new_code))
                 return -EPERM;
 
         sync_core();
@@ -89,6 +222,29 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
         return 0;
 }
 
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+
+        old = ftrace_call_replace(ip, addr);
+        new = ftrace_nop_replace();
+
+        return ftrace_modify_code(rec->ip, old, new);
+}
+
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+
+        old = ftrace_nop_replace();
+        new = ftrace_call_replace(ip, addr);
+
+        return ftrace_modify_code(rec->ip, old, new);
+}
+
 int ftrace_update_ftrace_func(ftrace_func_t func)
 {
         unsigned long ip = (unsigned long)(&ftrace_call);
@@ -165,3 +321,139 @@ int __init ftrace_dyn_arch_init(void *data)
 
         return 0;
 }
+#endif
+
+#ifdef CONFIG_FUNCTION_RET_TRACER
+
+#ifndef CONFIG_DYNAMIC_FTRACE
+
+/*
+ * These functions are picked from those used on
+ * this page for dynamic ftrace. They have been
+ * simplified to ignore all traces in NMI context.
+ */
+static atomic_t in_nmi;
+
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+}
+
+void ftrace_nmi_exit(void)
+{
+        atomic_dec(&in_nmi);
+}
+#endif /* !CONFIG_DYNAMIC_FTRACE */
+
+/* Add a function return address to the trace stack on thread info.*/
+static int push_return_trace(unsigned long ret, unsigned long long time,
+                                unsigned long func)
+{
+        int index;
+
+        if (!current->ret_stack)
+                return -EBUSY;
+
+        /* The return trace stack is full */
+        if (current->curr_ret_stack == FTRACE_RETFUNC_DEPTH - 1) {
+                atomic_inc(&current->trace_overrun);
+                return -EBUSY;
+        }
+
+        index = ++current->curr_ret_stack;
+        barrier();
+        current->ret_stack[index].ret = ret;
+        current->ret_stack[index].func = func;
+        current->ret_stack[index].calltime = time;
+
+        return 0;
+}
+
+/* Retrieve a function return address to the trace stack on thread info.*/
+static void pop_return_trace(unsigned long *ret, unsigned long long *time,
+                                unsigned long *func, unsigned long *overrun)
+{
+        int index;
+
+        index = current->curr_ret_stack;
+        *ret = current->ret_stack[index].ret;
+        *func = current->ret_stack[index].func;
+        *time = current->ret_stack[index].calltime;
+        *overrun = atomic_read(&current->trace_overrun);
+        current->curr_ret_stack--;
+}
+
+/*
+ * Send the trace to the ring-buffer.
+ * @return the original return address.
+ */
+unsigned long ftrace_return_to_handler(void)
+{
+        struct ftrace_retfunc trace;
+        pop_return_trace(&trace.ret, &trace.calltime, &trace.func,
+                        &trace.overrun);
+        trace.rettime = cpu_clock(raw_smp_processor_id());
+        ftrace_function_return(&trace);
+
+        return trace.ret;
+}
+
+/*
+ * Hook the return address and push it in the stack of return addrs
+ * in current thread info.
+ */
+void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr)
+{
+        unsigned long old;
+        unsigned long long calltime;
+        int faulted;
+        unsigned long return_hooker = (unsigned long)
+                                &return_to_handler;
+
+        /* Nmi's are currently unsupported */
+        if (atomic_read(&in_nmi))
+                return;
+
+        /*
+         * Protect against fault, even if it shouldn't
+         * happen. This tool is too much intrusive to
+         * ignore such a protection.
+         */
+        asm volatile(
+                "1: movl (%[parent_old]), %[old]\n"
+                "2: movl %[return_hooker], (%[parent_replaced])\n"
+                "   movl $0, %[faulted]\n"
+
+                ".section .fixup, \"ax\"\n"
+                "3: movl $1, %[faulted]\n"
+                ".previous\n"
+
+                ".section __ex_table, \"a\"\n"
+                "   .long 1b, 3b\n"
+                "   .long 2b, 3b\n"
+                ".previous\n"
+
+                : [parent_replaced] "=r" (parent), [old] "=r" (old),
+                  [faulted] "=r" (faulted)
+                : [parent_old] "0" (parent), [return_hooker] "r" (return_hooker)
+                : "memory"
+        );
+
+        if (WARN_ON(faulted)) {
+                unregister_ftrace_return();
+                return;
+        }
+
+        if (WARN_ON(!__kernel_text_address(old))) {
+                unregister_ftrace_return();
+                *parent = old;
+                return;
+        }
+
+        calltime = cpu_clock(raw_smp_processor_id());
+
+        if (push_return_trace(old, calltime, self_addr) == -EBUSY)
+                *parent = old;
+}
+
+#endif /* CONFIG_FUNCTION_RET_TRACER */
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index a03e7f6d90c3..10786af95545 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -6,6 +6,7 @@
 #include <linux/sched.h>
 #include <linux/stacktrace.h>
 #include <linux/module.h>
+#include <linux/uaccess.h>
 #include <asm/stacktrace.h>
 
 static void save_stack_warning(void *data, char *msg)
@@ -83,3 +84,66 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
                 trace->entries[trace->nr_entries++] = ULONG_MAX;
 }
 EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+
+/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */
+
+struct stack_frame {
+        const void __user       *next_fp;
+        unsigned long           ret_addr;
+};
+
+static int copy_stack_frame(const void __user *fp, struct stack_frame *frame)
+{
+        int ret;
+
+        if (!access_ok(VERIFY_READ, fp, sizeof(*frame)))
+                return 0;
+
+        ret = 1;
+        pagefault_disable();
+        if (__copy_from_user_inatomic(frame, fp, sizeof(*frame)))
+                ret = 0;
+        pagefault_enable();
+
+        return ret;
+}
+
+static inline void __save_stack_trace_user(struct stack_trace *trace)
+{
+        const struct pt_regs *regs = task_pt_regs(current);
+        const void __user *fp = (const void __user *)regs->bp;
+
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = regs->ip;
+
+        while (trace->nr_entries < trace->max_entries) {
+                struct stack_frame frame;
+
+                frame.next_fp = NULL;
+                frame.ret_addr = 0;
+                if (!copy_stack_frame(fp, &frame))
+                        break;
+                if ((unsigned long)fp < regs->sp)
+                        break;
+                if (frame.ret_addr) {
+                        trace->entries[trace->nr_entries++] =
+                                frame.ret_addr;
+                }
+                if (fp == frame.next_fp)
+                        break;
+                fp = frame.next_fp;
+        }
+}
+
+void save_stack_trace_user(struct stack_trace *trace)
+{
+        /*
+         * Trace user stack if we are not a kernel thread
+         */
+        if (current->mm) {
+                __save_stack_trace_user(trace);
+        }
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
+
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 0b8b6690a86d..6f3d3d4cd973 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -17,6 +17,9 @@
  *  want per guest time just set the kernel.vsyscall64 sysctl to 0.
  */
 
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
+
 #include <linux/time.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 9e68075544f6..4a20b2f9a381 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -39,7 +39,7 @@ static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned lon
 #define __do_strncpy_from_user(dst, src, count, res)                       \
 do {                                                                       \
         int __d0, __d1, __d2;                                              \
-        might_sleep();                                                     \
+        might_fault();                                                     \
         __asm__ __volatile__(                                              \
                 "       testl %1,%1\n"                                     \
                 "       jz 2f\n"                                           \
@@ -126,7 +126,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 #define __do_clear_user(addr,size)                                      \
 do {                                                                    \
         int __d0;                                                       \
-        might_sleep();                                                  \
+        might_fault();                                                  \
         __asm__ __volatile__(                                           \
                 "0:     rep; stosl\n"                                   \
                 "       movl %2,%0\n"                                   \
@@ -155,7 +155,7 @@ do {									\
 unsigned long
 clear_user(void __user *to, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (access_ok(VERIFY_WRITE, to, n))
                 __do_clear_user(to, n);
         return n;
@@ -197,7 +197,7 @@ long strnlen_user(const char __user *s, long n)
         unsigned long mask = -__addr_ok(s);
         unsigned long res, tmp;
 
-        might_sleep();
+        might_fault();
 
         __asm__ __volatile__(
                 "       testl %0, %0\n"
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index f4df6e7c718b..64d6c84e6353 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -15,7 +15,7 @@
 #define __do_strncpy_from_user(dst,src,count,res)                          \
 do {                                                                       \
         long __d0, __d1, __d2;                                             \
-        might_sleep();                                                     \
+        might_fault();                                                     \
         __asm__ __volatile__(                                              \
                 "       testq %1,%1\n"                                     \
                 "       jz 2f\n"                                           \
@@ -64,7 +64,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 unsigned long __clear_user(void __user *addr, unsigned long size)
 {
         long __d0;
-        might_sleep();
+        might_fault();
         /* no memory constraint because it doesn't change any memory gcc knows
            about */
         asm volatile(
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fea4565ff576..d8cc96a2738f 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -8,9 +8,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
 
-obj-$(CONFIG_MMIOTRACE_HOOKS)   += kmmio.o
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
-mmiotrace-y                     := pf_in.o mmio-mod.o
+mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
 
 obj-$(CONFIG_NUMA)              += numa_$(BITS).o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 31e8730fa246..4152d3c3b138 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -53,7 +53,7 @@
 
 static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
 {
-#ifdef CONFIG_MMIOTRACE_HOOKS
+#ifdef CONFIG_MMIOTRACE
         if (unlikely(is_kmmio_active()))
                 if (kmmio_handler(regs, addr) == 1)
                         return -1;
diff --git a/arch/x86/vdso/vclock_gettime.c b/arch/x86/vdso/vclock_gettime.c
index 1ef0f90813d6..d9d35824c56f 100644
--- a/arch/x86/vdso/vclock_gettime.c
+++ b/arch/x86/vdso/vclock_gettime.c
@@ -9,6 +9,9 @@
  * Also alternative() doesn't work.
  */
 
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
+
 #include <linux/kernel.h>
 #include <linux/posix-timers.h>
 #include <linux/time.h>