19 files changed, 627 insertions, 46 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 4f55c736be1..d0e37c9d5f6 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -65,6 +65,23 @@ config OPTPROBES
        depends on KPROBES && HAVE_OPTPROBES
        depends on !PREEMPT
+config UPROBES
+        bool "Transparent user-space probes (EXPERIMENTAL)"
+        depends on ARCH_SUPPORTS_UPROBES && PERF_EVENTS
+        default n
+        help
+          Uprobes is the user-space counterpart to kprobes: they
+          enable instrumentation applications (such as 'perf probe')
+          to establish unintrusive probes in user-space binaries and
+          libraries, by executing handler functions when the probes
+          are hit by user-space applications.
+          ( These probes come in the form of single-byte breakpoints,
+            managed by the kernel and kept transparent to the probed
+            application. )
+          If in doubt, say "N".
 config HAVE_EFFICIENT_UNALIGNED_ACCESS
        bool
        help
diff --git a/arch/arm/include/asm/perf_event.h b/arch/arm/include/asm/perf_event.h
index 99cfe360798..7523340afb8 100644
--- a/arch/arm/include/asm/perf_event.h
+++ b/arch/arm/include/asm/perf_event.h
@@ -12,10 +12,6 @@
 #ifndef __ARM_PERF_EVENT_H__
 #define __ARM_PERF_EVENT_H__
-/* ARM performance counters start from 1 (in the cp15 accesses) so use the
- * same indexes here for consistency. */
-#define PERF_EVENT_INDEX_OFFSET 1
 /* ARM perf PMU IDs for use by internal perf clients. */
 enum arm_perf_pmu_ids {
        ARM_PERF_PMU_ID_XSCALE1 = 0,
diff --git a/arch/frv/include/asm/perf_event.h b/arch/frv/include/asm/perf_event.h
index a69e0155d14..c52ea5546b5 100644
--- a/arch/frv/include/asm/perf_event.h
+++ b/arch/frv/include/asm/perf_event.h
@@ -12,6 +12,4 @@
 #ifndef _ASM_PERF_EVENT_H
 #define _ASM_PERF_EVENT_H
-#define PERF_EVENT_INDEX_OFFSET 0
 #endif /* _ASM_PERF_EVENT_H */
diff --git a/arch/hexagon/include/asm/perf_event.h b/arch/hexagon/include/asm/perf_event.h
index 6c2910f9118..8b8526b491c 100644
--- a/arch/hexagon/include/asm/perf_event.h
+++ b/arch/hexagon/include/asm/perf_event.h
@@ -19,6 +19,4 @@
 #ifndef _ASM_PERF_EVENT_H
 #define _ASM_PERF_EVENT_H
-#define PERF_EVENT_INDEX_OFFSET 0
 #endif /* _ASM_PERF_EVENT_H */
diff --git a/arch/powerpc/include/asm/perf_event_server.h b/arch/powerpc/include/asm/perf_event_server.h
index 8f1df1208d2..1a8093fa8f7 100644
--- a/arch/powerpc/include/asm/perf_event_server.h
+++ b/arch/powerpc/include/asm/perf_event_server.h
@@ -61,8 +61,6 @@ struct pt_regs;
 extern unsigned long perf_misc_flags(struct pt_regs *regs);
 extern unsigned long perf_instruction_pointer(struct pt_regs *regs);
-#define PERF_EVENT_INDEX_OFFSET 1
 /*
 * Only override the default definitions in include/linux/perf_event.h
 * if we have hardware PMU support.
diff --git a/arch/powerpc/kernel/perf_event.c b/arch/powerpc/kernel/perf_event.c
index 64483fde95c..f04c2301725 100644
--- a/arch/powerpc/kernel/perf_event.c
+++ b/arch/powerpc/kernel/perf_event.c
@@ -1193,6 +1193,11 @@ static int power_pmu_event_init(struct perf_event *event)
        return err;
 }
+static int power_pmu_event_idx(struct perf_event *event)
+{
+        return event->hw.idx;
+}
 struct pmu power_pmu = {
        .pmu_enable     = power_pmu_enable,
        .pmu_disable    = power_pmu_disable,
@@ -1205,6 +1210,7 @@ struct pmu power_pmu = {
        .start_txn      = power_pmu_start_txn,
        .cancel_txn     = power_pmu_cancel_txn,
        .commit_txn     = power_pmu_commit_txn,
+        .event_idx      = power_pmu_event_idx,
 };
 /*
diff --git a/arch/s390/include/asm/perf_event.h b/arch/s390/include/asm/perf_event.h
index a75f168d271..4eb444edbe4 100644
--- a/arch/s390/include/asm/perf_event.h
+++ b/arch/s390/include/asm/perf_event.h
@@ -6,4 +6,3 @@
 /* Empty, just to avoid compiling error */
-#define PERF_EVENT_INDEX_OFFSET 0
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index e2b38b4bffd..d2a540f7d6c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -84,7 +84,7 @@ config X86
        select GENERIC_IOMAP
 config INSTRUCTION_DECODER
-        def_bool (KPROBES || PERF_EVENTS)
+        def_bool (KPROBES || PERF_EVENTS || UPROBES)
 config OUTPUT_FORMAT
        string
@@ -240,6 +240,9 @@ config ARCH_CPU_PROBE_RELEASE
        def_bool y
        depends on HOTPLUG_CPU
+config ARCH_SUPPORTS_UPROBES
+        def_bool y
 source "init/Kconfig"
 source "kernel/Kconfig.freezer"
diff --git a/arch/x86/include/asm/inat.h b/arch/x86/include/asm/inat.h
index 205b063e3e3..74a2e312e8a 100644
--- a/arch/x86/include/asm/inat.h
+++ b/arch/x86/include/asm/inat.h
@@ -97,11 +97,12 @@
 /* Attribute search APIs */
 extern insn_attr_t inat_get_opcode_attribute(insn_byte_t opcode);
+extern int inat_get_last_prefix_id(insn_byte_t last_pfx);
 extern insn_attr_t inat_get_escape_attribute(insn_byte_t opcode,
-                                             insn_byte_t last_pfx,
+                                             int lpfx_id,
                                             insn_attr_t esc_attr);
 extern insn_attr_t inat_get_group_attribute(insn_byte_t modrm,
-                                            insn_byte_t last_pfx,
+                                            int lpfx_id,
                                            insn_attr_t esc_attr);
 extern insn_attr_t inat_get_avx_attribute(insn_byte_t opcode,
                                          insn_byte_t vex_m,
diff --git a/arch/x86/include/asm/insn.h b/arch/x86/include/asm/insn.h
index 74df3f1eddf..48eb30a8606 100644
--- a/arch/x86/include/asm/insn.h
+++ b/arch/x86/include/asm/insn.h
@@ -96,12 +96,6 @@ struct insn {
 #define X86_VEX_P(vex)  ((vex) & 0x03)          /* VEX3 Byte2, VEX2 Byte1 */
 #define X86_VEX_M_MAX   0x1f                    /* VEX3.M Maximum value */
-/* The last prefix is needed for two-byte and three-byte opcodes */
-static inline insn_byte_t insn_last_prefix(struct insn *insn)
-{
-        return insn->prefixes.bytes[3];
-}
 extern void insn_init(struct insn *insn, const void *kaddr, int x86_64);
 extern void insn_get_prefixes(struct insn *insn);
 extern void insn_get_opcode(struct insn *insn);
@@ -160,6 +154,18 @@ static inline insn_byte_t insn_vex_p_bits(struct insn *insn)
                return X86_VEX_P(insn->vex_prefix.bytes[2]);
 }
+/* Get the last prefix id from last prefix or VEX prefix */
+static inline int insn_last_prefix_id(struct insn *insn)
+{
+        if (insn_is_avx(insn))
+                return insn_vex_p_bits(insn);   /* VEX_p is a SIMD prefix id */
+        if (insn->prefixes.bytes[3])
+                return inat_get_last_prefix_id(insn->prefixes.bytes[3]);
+        return 0;
+}
 /* Offset of each field from kaddr */
 static inline int insn_offset_rex_prefix(struct insn *insn)
 {
diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h
index 461ce432b1c..e8fb2c7a5f4 100644
--- a/arch/x86/include/asm/perf_event.h
+++ b/arch/x86/include/asm/perf_event.h
@@ -188,8 +188,6 @@ extern u32 get_ibs_caps(void);
 #ifdef CONFIG_PERF_EVENTS
 extern void perf_events_lapic_init(void);
-#define PERF_EVENT_INDEX_OFFSET                 0
 /*
 * Abuse bit 3 of the cpu eflags register to indicate proper PEBS IP fixups.
 * This flag is otherwise unused and ABI specified to be 0, so nobody should
diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h
new file mode 100644
index 00000000000..0500391f57d
--- /dev/null
+++ b/arch/x86/include/asm/uprobes.h
@@ -0,0 +1,43 @@
+#ifndef _ASM_UPROBES_H
+#define _ASM_UPROBES_H
+/*
+ * User-space Probes (UProbes) for x86
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) IBM Corporation, 2008-2011
+ * Authors:
+ *      Srikar Dronamraju
+ *      Jim Keniston
+ */
+typedef u8 uprobe_opcode_t;
+#define MAX_UINSN_BYTES                   16
+#define UPROBE_XOL_SLOT_BYTES            128    /* to keep it cache aligned */
+#define UPROBE_SWBP_INSN                0xcc
+#define UPROBE_SWBP_INSN_SIZE              1
+struct arch_uprobe {
+        u16                             fixups;
+        u8                              insn[MAX_UINSN_BYTES];
+#ifdef CONFIG_X86_64
+        unsigned long                   rip_rela_target_address;
+#endif
+};
+extern int arch_uprobes_analyze_insn(struct arch_uprobe *aup, struct mm_struct *mm);
+#endif  /* _ASM_UPROBES_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 5369059c07a..8c8c365a3bc 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -100,6 +100,7 @@ obj-$(CONFIG_X86_CHECK_BIOS_CORRUPTION) += check.o
 obj-$(CONFIG_SWIOTLB)                   += pci-swiotlb.o
 obj-$(CONFIG_OF)                        += devicetree.o
+obj-$(CONFIG_UPROBES)                   += uprobes.o
 ###
 # 64 bit specific files
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index f4773f4aae3..0a44b90602b 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -5,6 +5,7 @@
 #include <linux/mm.h>
 #include <linux/io.h>
+#include <linux/sched.h>
 #include <asm/processor.h>
 #include <asm/apic.h>
 #include <asm/cpu.h>
@@ -456,6 +457,8 @@ static void __cpuinit early_init_amd(struct cpuinfo_x86 *c)
        if (c->x86_power & (1 << 8)) {
                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
                set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC);
+                if (!check_tsc_unstable())
+                        sched_clock_stable = 1;
        }
 #ifdef CONFIG_X86_64
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
index 63c0e058a40..1c52bdbb9b8 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
@@ -24,12 +24,14 @@
 #include <linux/slab.h>
 #include <linux/cpu.h>
 #include <linux/bitops.h>
+#include <linux/device.h>
 #include <asm/apic.h>
 #include <asm/stacktrace.h>
 #include <asm/nmi.h>
 #include <asm/smp.h>
 #include <asm/alternative.h>
+#include <asm/timer.h>
 #include "perf_event.h"
@@ -1209,6 +1211,8 @@ x86_pmu_notifier(struct notifier_block *self, unsigned long action, void *hcpu)
                break;
        case CPU_STARTING:
+                if (x86_pmu.attr_rdpmc)
+                        set_in_cr4(X86_CR4_PCE);
                if (x86_pmu.cpu_starting)
                        x86_pmu.cpu_starting(cpu);
                break;
@@ -1318,6 +1322,8 @@ static int __init init_hw_perf_events(void)
                }
        }
+        x86_pmu.attr_rdpmc = 1; /* enable userspace RDPMC usage by default */
        pr_info("... version:                %d\n",     x86_pmu.version);
        pr_info("... bit width:              %d\n",     x86_pmu.cntval_bits);
        pr_info("... generic registers:      %d\n",     x86_pmu.num_counters);
@@ -1541,10 +1547,71 @@ static int x86_pmu_event_init(struct perf_event *event)
        return err;
 }
+static int x86_pmu_event_idx(struct perf_event *event)
+{
+        int idx = event->hw.idx;
+        if (x86_pmu.num_counters_fixed && idx >= X86_PMC_IDX_FIXED) {
+                idx -= X86_PMC_IDX_FIXED;
+                idx |= 1 << 30;
+        }
+        return idx + 1;
+}
+static ssize_t get_attr_rdpmc(struct device *cdev,
+                              struct device_attribute *attr,
+                              char *buf)
+{
+        return snprintf(buf, 40, "%d\n", x86_pmu.attr_rdpmc);
+}
+static void change_rdpmc(void *info)
+{
+        bool enable = !!(unsigned long)info;
+        if (enable)
+                set_in_cr4(X86_CR4_PCE);
+        else
+                clear_in_cr4(X86_CR4_PCE);
+}
+static ssize_t set_attr_rdpmc(struct device *cdev,
+                              struct device_attribute *attr,
+                              const char *buf, size_t count)
+{
+        unsigned long val = simple_strtoul(buf, NULL, 0);
+        if (!!val != !!x86_pmu.attr_rdpmc) {
+                x86_pmu.attr_rdpmc = !!val;
+                smp_call_function(change_rdpmc, (void *)val, 1);
+        }
+        return count;
+}
+static DEVICE_ATTR(rdpmc, S_IRUSR | S_IWUSR, get_attr_rdpmc, set_attr_rdpmc);
+static struct attribute *x86_pmu_attrs[] = {
+        &dev_attr_rdpmc.attr,
+        NULL,
+};
+static struct attribute_group x86_pmu_attr_group = {
+        .attrs = x86_pmu_attrs,
+};
+static const struct attribute_group *x86_pmu_attr_groups[] = {
+        &x86_pmu_attr_group,
+        NULL,
+};
 static struct pmu pmu = {
        .pmu_enable     = x86_pmu_enable,
        .pmu_disable    = x86_pmu_disable,
+        .attr_groups    = x86_pmu_attr_groups,
        .event_init     = x86_pmu_event_init,
        .add            = x86_pmu_add,
@@ -1556,8 +1623,23 @@ static struct pmu pmu = {
        .start_txn      = x86_pmu_start_txn,
        .cancel_txn     = x86_pmu_cancel_txn,
        .commit_txn     = x86_pmu_commit_txn,
+        .event_idx      = x86_pmu_event_idx,
 };
+void perf_update_user_clock(struct perf_event_mmap_page *userpg, u64 now)
+{
+        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
+                return;
+        if (!boot_cpu_has(X86_FEATURE_NONSTOP_TSC))
+                return;
+        userpg->time_mult = this_cpu_read(cyc2ns);
+        userpg->time_shift = CYC2NS_SCALE_FACTOR;
+        userpg->time_offset = this_cpu_read(cyc2ns_offset) - now;
+}
 /*
 * callchain support
 */
diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index c30c807ddc7..82db83b5c3b 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -309,6 +309,14 @@ struct x86_pmu {
        struct x86_pmu_quirk *quirks;
        int             perfctr_second_write;
+        /*
+         * sysfs attrs
+         */
+        int             attr_rdpmc;
+        /*
+         * CPU Hotplug hooks
+         */
        int             (*cpu_prepare)(int cpu);
        void            (*cpu_starting)(int cpu);
        void            (*cpu_dying)(int cpu);
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
new file mode 100644
index 00000000000..851a11b0d38
--- /dev/null
+++ b/arch/x86/kernel/uprobes.c
@@ -0,0 +1,423 @@
+/*
+ * User-space Probes (UProbes) for x86
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Copyright (C) IBM Corporation, 2008-2011
+ * Authors:
+ *      Srikar Dronamraju
+ *      Jim Keniston
+ */
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/ptrace.h>
+#include <linux/uprobes.h>
+#include <linux/kdebug.h>
+#include <asm/insn.h>
+/* Post-execution fixups. */
+/* No fixup needed */
+#define UPROBE_FIX_NONE 0x0
+/* Adjust IP back to vicinity of actual insn */
+#define UPROBE_FIX_IP           0x1
+/* Adjust the return address of a call insn */
+#define UPROBE_FIX_CALL 0x2
+#define UPROBE_FIX_RIP_AX       0x8000
+#define UPROBE_FIX_RIP_CX       0x4000
+/* Adaptations for mhiramat x86 decoder v14. */
+#define OPCODE1(insn)           ((insn)->opcode.bytes[0])
+#define OPCODE2(insn)           ((insn)->opcode.bytes[1])
+#define OPCODE3(insn)           ((insn)->opcode.bytes[2])
+#define MODRM_REG(insn)         X86_MODRM_REG(insn->modrm.value)
+#define W(row, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, ba, bb, bc, bd, be, bf)\
+        (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) |   \
+          (b4##UL << 0x4)|(b5##UL << 0x5)|(b6##UL << 0x6)|(b7##UL << 0x7) |   \
+          (b8##UL << 0x8)|(b9##UL << 0x9)|(ba##UL << 0xa)|(bb##UL << 0xb) |   \
+          (bc##UL << 0xc)|(bd##UL << 0xd)|(be##UL << 0xe)|(bf##UL << 0xf))    \
+         << (row % 32))
+/*
+ * Good-instruction tables for 32-bit apps.  This is non-const and volatile
+ * to keep gcc from statically optimizing it out, as variable_test_bit makes
+ * some versions of gcc to think only *(unsigned long*) is used.
+ */
+static volatile u32 good_insns_32[256 / 32] = {
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+        /*      ----------------------------------------------         */
+        W(0x00, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0) | /* 00 */
+        W(0x10, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0) , /* 10 */
+        W(0x20, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1) | /* 20 */
+        W(0x30, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1) , /* 30 */
+        W(0x40, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 40 */
+        W(0x50, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 50 */
+        W(0x60, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* 60 */
+        W(0x70, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 70 */
+        W(0x80, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 80 */
+        W(0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 90 */
+        W(0xa0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* a0 */
+        W(0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* b0 */
+        W(0xc0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0) | /* c0 */
+        W(0xd0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* d0 */
+        W(0xe0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* e0 */
+        W(0xf0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1)   /* f0 */
+        /*      ----------------------------------------------         */
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+};
+/* Using this for both 64-bit and 32-bit apps */
+static volatile u32 good_2byte_insns[256 / 32] = {
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+        /*      ----------------------------------------------         */
+        W(0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1) | /* 00 */
+        W(0x10, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1) , /* 10 */
+        W(0x20, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1) | /* 20 */
+        W(0x30, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) , /* 30 */
+        W(0x40, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 40 */
+        W(0x50, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 50 */
+        W(0x60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 60 */
+        W(0x70, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1) , /* 70 */
+        W(0x80, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 80 */
+        W(0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 90 */
+        W(0xa0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1) | /* a0 */
+        W(0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1) , /* b0 */
+        W(0xc0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* c0 */
+        W(0xd0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* d0 */
+        W(0xe0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* e0 */
+        W(0xf0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0)   /* f0 */
+        /*      ----------------------------------------------         */
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+};
+#ifdef CONFIG_X86_64
+/* Good-instruction tables for 64-bit apps */
+static volatile u32 good_insns_64[256 / 32] = {
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+        /*      ----------------------------------------------         */
+        W(0x00, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) | /* 00 */
+        W(0x10, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) , /* 10 */
+        W(0x20, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) | /* 20 */
+        W(0x30, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) , /* 30 */
+        W(0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 40 */
+        W(0x50, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 50 */
+        W(0x60, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* 60 */
+        W(0x70, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 70 */
+        W(0x80, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 80 */
+        W(0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* 90 */
+        W(0xa0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* a0 */
+        W(0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* b0 */
+        W(0xc0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0) | /* c0 */
+        W(0xd0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1) , /* d0 */
+        W(0xe0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0) | /* e0 */
+        W(0xf0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1)   /* f0 */
+        /*      ----------------------------------------------         */
+        /*      0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f         */
+};
+#endif
+#undef W
+/*
+ * opcodes we'll probably never support:
+ *
+ *  6c-6d, e4-e5, ec-ed - in
+ *  6e-6f, e6-e7, ee-ef - out
+ *  cc, cd - int3, int
+ *  cf - iret
+ *  d6 - illegal instruction
+ *  f1 - int1/icebp
+ *  f4 - hlt
+ *  fa, fb - cli, sti
+ *  0f - lar, lsl, syscall, clts, sysret, sysenter, sysexit, invd, wbinvd, ud2
+ *
+ * invalid opcodes in 64-bit mode:
+ *
+ *  06, 0e, 16, 1e, 27, 2f, 37, 3f, 60-62, 82, c4-c5, d4-d5
+ *  63 - we support this opcode in x86_64 but not in i386.
+ *
+ * opcodes we may need to refine support for:
+ *
+ *  0f - 2-byte instructions: For many of these instructions, the validity
+ *  depends on the prefix and/or the reg field.  On such instructions, we
+ *  just consider the opcode combination valid if it corresponds to any
+ *  valid instruction.
+ *
+ *  8f - Group 1 - only reg = 0 is OK
+ *  c6-c7 - Group 11 - only reg = 0 is OK
+ *  d9-df - fpu insns with some illegal encodings
+ *  f2, f3 - repnz, repz prefixes.  These are also the first byte for
+ *  certain floating-point instructions, such as addsd.
+ *
+ *  fe - Group 4 - only reg = 0 or 1 is OK
+ *  ff - Group 5 - only reg = 0-6 is OK
+ *
+ * others -- Do we need to support these?
+ *
+ *  0f - (floating-point?) prefetch instructions
+ *  07, 17, 1f - pop es, pop ss, pop ds
+ *  26, 2e, 36, 3e - es:, cs:, ss:, ds: segment prefixes --
+ *      but 64 and 65 (fs: and gs:) seem to be used, so we support them
+ *  67 - addr16 prefix
+ *  ce - into
+ *  f0 - lock prefix
+ */
+/*
+ * TODO:
+ * - Where necessary, examine the modrm byte and allow only valid instructions
+ * in the different Groups and fpu instructions.
+ */
+static bool is_prefix_bad(struct insn *insn)
+{
+        int i;
+        for (i = 0; i < insn->prefixes.nbytes; i++) {
+                switch (insn->prefixes.bytes[i]) {
+                case 0x26:      /* INAT_PFX_ES   */
+                case 0x2E:      /* INAT_PFX_CS   */
+                case 0x36:      /* INAT_PFX_DS   */
+                case 0x3E:      /* INAT_PFX_SS   */
+                case 0xF0:      /* INAT_PFX_LOCK */
+                        return true;
+                }
+        }
+        return false;
+}
+static int validate_insn_32bits(struct arch_uprobe *auprobe, struct insn *insn)
+{
+        insn_init(insn, auprobe->insn, false);
+        /* Skip good instruction prefixes; reject "bad" ones. */
+        insn_get_opcode(insn);
+        if (is_prefix_bad(insn))
+                return -ENOTSUPP;
+        if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_32))
+                return 0;
+        if (insn->opcode.nbytes == 2) {
+                if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns))
+                        return 0;
+        }
+        return -ENOTSUPP;
+}
+/*
+ * Figure out which fixups post_xol() will need to perform, and annotate
+ * arch_uprobe->fixups accordingly.  To start with,
+ * arch_uprobe->fixups is either zero or it reflects rip-related
+ * fixups.
+ */
+static void prepare_fixups(struct arch_uprobe *auprobe, struct insn *insn)
+{
+        bool fix_ip = true, fix_call = false;   /* defaults */
+        int reg;
+        insn_get_opcode(insn);  /* should be a nop */
+        switch (OPCODE1(insn)) {
+        case 0xc3:              /* ret/lret */
+        case 0xcb:
+        case 0xc2:
+        case 0xca:
+                /* ip is correct */
+                fix_ip = false;
+                break;
+        case 0xe8:              /* call relative - Fix return addr */
+                fix_call = true;
+                break;
+        case 0x9a:              /* call absolute - Fix return addr, not ip */
+                fix_call = true;
+                fix_ip = false;
+                break;
+        case 0xff:
+                insn_get_modrm(insn);
+                reg = MODRM_REG(insn);
+                if (reg == 2 || reg == 3) {
+                        /* call or lcall, indirect */
+                        /* Fix return addr; ip is correct. */
+                        fix_call = true;
+                        fix_ip = false;
+                } else if (reg == 4 || reg == 5) {
+                        /* jmp or ljmp, indirect */
+                        /* ip is correct. */
+                        fix_ip = false;
+                }
+                break;
+        case 0xea:              /* jmp absolute -- ip is correct */
+                fix_ip = false;
+                break;
+        default:
+                break;
+        }
+        if (fix_ip)
+                auprobe->fixups |= UPROBE_FIX_IP;
+        if (fix_call)
+                auprobe->fixups |= UPROBE_FIX_CALL;
+}
+#ifdef CONFIG_X86_64
+/*
+ * If arch_uprobe->insn doesn't use rip-relative addressing, return
+ * immediately.  Otherwise, rewrite the instruction so that it accesses
+ * its memory operand indirectly through a scratch register.  Set
+ * arch_uprobe->fixups and arch_uprobe->rip_rela_target_address
+ * accordingly.  (The contents of the scratch register will be saved
+ * before we single-step the modified instruction, and restored
+ * afterward.)
+ *
+ * We do this because a rip-relative instruction can access only a
+ * relatively small area (+/- 2 GB from the instruction), and the XOL
+ * area typically lies beyond that area.  At least for instructions
+ * that store to memory, we can't execute the original instruction
+ * and "fix things up" later, because the misdirected store could be
+ * disastrous.
+ *
+ * Some useful facts about rip-relative instructions:
+ *
+ *  - There's always a modrm byte.
+ *  - There's never a SIB byte.
+ *  - The displacement is always 4 bytes.
+ */
+static void
+handle_riprel_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, struct insn *insn)
+{
+        u8 *cursor;
+        u8 reg;
+        if (mm->context.ia32_compat)
+                return;
+        auprobe->rip_rela_target_address = 0x0;
+        if (!insn_rip_relative(insn))
+                return;
+        /*
+         * insn_rip_relative() would have decoded rex_prefix, modrm.
+         * Clear REX.b bit (extension of MODRM.rm field):
+         * we want to encode rax/rcx, not r8/r9.
+         */
+        if (insn->rex_prefix.nbytes) {
+                cursor = auprobe->insn + insn_offset_rex_prefix(insn);
+                *cursor &= 0xfe;        /* Clearing REX.B bit */
+        }
+        /*
+         * Point cursor at the modrm byte.  The next 4 bytes are the
+         * displacement.  Beyond the displacement, for some instructions,
+         * is the immediate operand.
+         */
+        cursor = auprobe->insn + insn_offset_modrm(insn);
+        insn_get_length(insn);
+        /*
+         * Convert from rip-relative addressing to indirect addressing
+         * via a scratch register.  Change the r/m field from 0x5 (%rip)
+         * to 0x0 (%rax) or 0x1 (%rcx), and squeeze out the offset field.
+         */
+        reg = MODRM_REG(insn);
+        if (reg == 0) {
+                /*
+                 * The register operand (if any) is either the A register
+                 * (%rax, %eax, etc.) or (if the 0x4 bit is set in the
+                 * REX prefix) %r8.  In any case, we know the C register
+                 * is NOT the register operand, so we use %rcx (register
+                 * #1) for the scratch register.
+                 */
+                auprobe->fixups = UPROBE_FIX_RIP_CX;
+                /* Change modrm from 00 000 101 to 00 000 001. */
+                *cursor = 0x1;
+        } else {
+                /* Use %rax (register #0) for the scratch register. */
+                auprobe->fixups = UPROBE_FIX_RIP_AX;
+                /* Change modrm from 00 xxx 101 to 00 xxx 000 */
+                *cursor = (reg << 3);
+        }
+        /* Target address = address of next instruction + (signed) offset */
+        auprobe->rip_rela_target_address = (long)insn->length + insn->displacement.value;
+        /* Displacement field is gone; slide immediate field (if any) over. */
+        if (insn->immediate.nbytes) {
+                cursor++;
+                memmove(cursor, cursor + insn->displacement.nbytes, insn->immediate.nbytes);
+        }
+        return;
+}
+static int validate_insn_64bits(struct arch_uprobe *auprobe, struct insn *insn)
+{
+        insn_init(insn, auprobe->insn, true);
+        /* Skip good instruction prefixes; reject "bad" ones. */
+        insn_get_opcode(insn);
+        if (is_prefix_bad(insn))
+                return -ENOTSUPP;
+        if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_64))
+                return 0;
+        if (insn->opcode.nbytes == 2) {
+                if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns))
+                        return 0;
+        }
+        return -ENOTSUPP;
+}
+static int validate_insn_bits(struct arch_uprobe *auprobe, struct mm_struct *mm, struct insn *insn)
+{
+        if (mm->context.ia32_compat)
+                return validate_insn_32bits(auprobe, insn);
+        return validate_insn_64bits(auprobe, insn);
+}
+#else /* 32-bit: */
+static void handle_riprel_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, struct insn *insn)
+{
+        /* No RIP-relative addressing on 32-bit */
+}
+static int validate_insn_bits(struct arch_uprobe *auprobe, struct mm_struct *mm,  struct insn *insn)
+{
+        return validate_insn_32bits(auprobe, insn);
+}
+#endif /* CONFIG_X86_64 */
+/**
+ * arch_uprobes_analyze_insn - instruction analysis including validity and fixups.
+ * @mm: the probed address space.
+ * @arch_uprobe: the probepoint information.
+ * Return 0 on success or a -ve number on error.
+ */
+int arch_uprobes_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm)
+{
+        int ret;
+        struct insn insn;
+        auprobe->fixups = 0;
+        ret = validate_insn_bits(auprobe, mm, &insn);
+        if (ret != 0)
+                return ret;
+        handle_riprel_insn(auprobe, mm, &insn);
+        prepare_fixups(auprobe, &insn);
+        return 0;
+}
diff --git a/arch/x86/lib/inat.c b/arch/x86/lib/inat.c
index 88ad5fbda6e..c1f01a8e9f6 100644
--- a/arch/x86/lib/inat.c
+++ b/arch/x86/lib/inat.c
@@ -29,46 +29,46 @@ insn_attr_t inat_get_opcode_attribute(insn_byte_t opcode)
        return inat_primary_table[opcode];
 }
-insn_attr_t inat_get_escape_attribute(insn_byte_t opcode, insn_byte_t last_pfx,
+int inat_get_last_prefix_id(insn_byte_t last_pfx)
+{
+        insn_attr_t lpfx_attr;
+        lpfx_attr = inat_get_opcode_attribute(last_pfx);
+        return inat_last_prefix_id(lpfx_attr);
+}
+insn_attr_t inat_get_escape_attribute(insn_byte_t opcode, int lpfx_id,
                                      insn_attr_t esc_attr)
 {
        const insn_attr_t *table;
-        insn_attr_t lpfx_attr;
+        int n;
-        int n, m = 0;
        n = inat_escape_id(esc_attr);
-        if (last_pfx) {
-                lpfx_attr = inat_get_opcode_attribute(last_pfx);
-                m = inat_last_prefix_id(lpfx_attr);
-        }
        table = inat_escape_tables[n][0];
        if (!table)
                return 0;
-        if (inat_has_variant(table[opcode]) && m) {
+        if (inat_has_variant(table[opcode]) && lpfx_id) {
-                table = inat_escape_tables[n][m];
+                table = inat_escape_tables[n][lpfx_id];
                if (!table)
                        return 0;
        }
        return table[opcode];
 }
-insn_attr_t inat_get_group_attribute(insn_byte_t modrm, insn_byte_t last_pfx,
+insn_attr_t inat_get_group_attribute(insn_byte_t modrm, int lpfx_id,
                                     insn_attr_t grp_attr)
 {
        const insn_attr_t *table;
-        insn_attr_t lpfx_attr;
+        int n;
-        int n, m = 0;
        n = inat_group_id(grp_attr);
-        if (last_pfx) {
-                lpfx_attr = inat_get_opcode_attribute(last_pfx);
-                m = inat_last_prefix_id(lpfx_attr);
-        }
        table = inat_group_tables[n][0];
        if (!table)
                return inat_group_common_attribute(grp_attr);
-        if (inat_has_variant(table[X86_MODRM_REG(modrm)]) && m) {
+        if (inat_has_variant(table[X86_MODRM_REG(modrm)]) && lpfx_id) {
-                table = inat_group_tables[n][m];
+                table = inat_group_tables[n][lpfx_id];
                if (!table)
                        return inat_group_common_attribute(grp_attr);
        }
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
index 5a1f9f3e3fb..25feb1ae71c 100644
--- a/arch/x86/lib/insn.c
+++ b/arch/x86/lib/insn.c
@@ -185,7 +185,8 @@ err_out:
 void insn_get_opcode(struct insn *insn)
 {
        struct insn_field *opcode = &insn->opcode;
-        insn_byte_t op, pfx;
+        insn_byte_t op;
+        int pfx_id;
        if (opcode->got)
                return;
        if (!insn->prefixes.got)
@@ -212,8 +213,8 @@ void insn_get_opcode(struct insn *insn)
                /* Get escaped opcode */
                op = get_next(insn_byte_t, insn);
                opcode->bytes[opcode->nbytes++] = op;
-                pfx = insn_last_prefix(insn);
+                pfx_id = insn_last_prefix_id(insn);
-                insn->attr = inat_get_escape_attribute(op, pfx, insn->attr);
+                insn->attr = inat_get_escape_attribute(op, pfx_id, insn->attr);
        }
        if (inat_must_vex(insn->attr))
                insn->attr = 0; /* This instruction is bad */
@@ -235,7 +236,7 @@ err_out:
 void insn_get_modrm(struct insn *insn)
 {
        struct insn_field *modrm = &insn->modrm;
-        insn_byte_t pfx, mod;
+        insn_byte_t pfx_id, mod;
        if (modrm->got)
                return;
        if (!insn->opcode.got)
@@ -246,8 +247,8 @@ void insn_get_modrm(struct insn *insn)
                modrm->value = mod;
                modrm->nbytes = 1;
                if (inat_is_group(insn->attr)) {
-                        pfx = insn_last_prefix(insn);
+                        pfx_id = insn_last_prefix_id(insn);
-                        insn->attr = inat_get_group_attribute(mod, pfx,
+                        insn->attr = inat_get_group_attribute(mod, pfx_id,
                                                              insn->attr);
                        if (insn_is_avx(insn) && !inat_accept_vex(insn->attr))
                                insn->attr = 0; /* This is bad */