42 files changed, 2515 insertions, 1791 deletions
diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h
index b298f7a631e6..e5f2ae8362f7 100644
--- a/arch/powerpc/include/asm/ftrace.h
+++ b/arch/powerpc/include/asm/ftrace.h
@@ -7,7 +7,19 @@
 #ifndef __ASSEMBLY__
 extern void _mcount(void);
-#endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+static inline unsigned long ftrace_call_adjust(unsigned long addr)
+{
+       /* reloction of mcount call site is the same as the address */
+       return addr;
+}
+struct dyn_arch_ftrace {
+        struct module *mod;
+};
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif
diff --git a/arch/powerpc/include/asm/module.h b/arch/powerpc/include/asm/module.h
index e5f14b13ccf0..08454880a2c0 100644
--- a/arch/powerpc/include/asm/module.h
+++ b/arch/powerpc/include/asm/module.h
@@ -34,11 +34,19 @@ struct mod_arch_specific {
 #ifdef __powerpc64__
        unsigned int stubs_section;     /* Index of stubs section in module */
        unsigned int toc_section;       /* What section is the TOC? */
-#else
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long toc;
+        unsigned long tramp;
+#endif
+#else /* powerpc64 */
        /* Indices of PLT sections within module. */
        unsigned int core_plt_section;
        unsigned int init_plt_section;
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long tramp;
 #endif
+#endif /* powerpc64 */
        /* List of BUG addresses, source line numbers and filenames */
        struct list_head bug_list;
@@ -68,6 +76,12 @@ struct mod_arch_specific {
 #    endif      /* MODULE */
 #endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+#    ifdef MODULE
+        asm(".section .ftrace.tramp,\"ax\",@nobits; .align 3; .previous");
+#    endif      /* MODULE */
+#endif
 struct exception_table_entry;
 void sort_ex_table(struct exception_table_entry *start,
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 92673b43858d..d17edb4a2f9d 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -17,6 +17,7 @@ ifdef CONFIG_FUNCTION_TRACER
 CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog
 CFLAGS_REMOVE_prom_init.o = -pg -mno-sched-epilog
 CFLAGS_REMOVE_btext.o = -pg -mno-sched-epilog
+CFLAGS_REMOVE_prom.o = -pg -mno-sched-epilog
 ifdef CONFIG_DYNAMIC_FTRACE
 # dynamic ftrace setup.
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 7ecc0d1855c3..6f7eb7e00c79 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -1162,39 +1162,17 @@ machine_check_in_rtas:
 #ifdef CONFIG_DYNAMIC_FTRACE
 _GLOBAL(mcount)
 _GLOBAL(_mcount)
-        stwu    r1,-48(r1)
+        /*
-        stw     r3, 12(r1)
+         * It is required that _mcount on PPC32 must preserve the
-        stw     r4, 16(r1)
+         * link register. But we have r0 to play with. We use r0
-        stw     r5, 20(r1)
+         * to push the return address back to the caller of mcount
-        stw     r6, 24(r1)
+         * into the ctr register, restore the link register and
-        mflr    r3
+         * then jump back using the ctr register.
-        stw     r7, 28(r1)
+         */
-        mfcr    r5
+        mflr    r0
-        stw     r8, 32(r1)
-        stw     r9, 36(r1)
-        stw     r10,40(r1)
-        stw     r3, 44(r1)
-        stw     r5, 8(r1)
-        subi    r3, r3, MCOUNT_INSN_SIZE
-        .globl mcount_call
-mcount_call:
-        bl      ftrace_stub
-        nop
-        lwz     r6, 8(r1)
-        lwz     r0, 44(r1)
-        lwz     r3, 12(r1)
        mtctr   r0
-        lwz     r4, 16(r1)
+        lwz     r0, 4(r1)
-        mtcr    r6
-        lwz     r5, 20(r1)
-        lwz     r6, 24(r1)
-        lwz     r0, 52(r1)
-        lwz     r7, 28(r1)
-        lwz     r8, 32(r1)
        mtlr    r0
-        lwz     r9, 36(r1)
-        lwz     r10,40(r1)
-        addi    r1, r1, 48
        bctr
 _GLOBAL(ftrace_caller)
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index e0bcf9354286..383ed6eb0085 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -894,18 +894,6 @@ _GLOBAL(enter_prom)
 #ifdef CONFIG_DYNAMIC_FTRACE
 _GLOBAL(mcount)
 _GLOBAL(_mcount)
-        /* Taken from output of objdump from lib64/glibc */
-        mflr    r3
-        stdu    r1, -112(r1)
-        std     r3, 128(r1)
-        subi    r3, r3, MCOUNT_INSN_SIZE
-        .globl mcount_call
-mcount_call:
-        bl      ftrace_stub
-        nop
-        ld      r0, 128(r1)
-        mtlr    r0
-        addi    r1, r1, 112
        blr
 _GLOBAL(ftrace_caller)
diff --git a/arch/powerpc/kernel/ftrace.c b/arch/powerpc/kernel/ftrace.c
index f4b006ed0ab1..5355244c99ff 100644
--- a/arch/powerpc/kernel/ftrace.c
+++ b/arch/powerpc/kernel/ftrace.c
@@ -9,22 +9,30 @@
 #include <linux/spinlock.h>
 #include <linux/hardirq.h>
+#include <linux/uaccess.h>
+#include <linux/module.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <asm/cacheflush.h>
+#include <asm/code-patching.h>
 #include <asm/ftrace.h>
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(fmt , ...)       do { } while (0)
+#endif
-static unsigned int ftrace_nop = 0x60000000;
+static unsigned int ftrace_nop = PPC_NOP_INSTR;
 #ifdef CONFIG_PPC32
 # define GET_ADDR(addr) addr
 #else
 /* PowerPC64's functions are data that points to the functions */
-# define GET_ADDR(addr) *(unsigned long *)addr
+# define GET_ADDR(addr) (*(unsigned long *)addr)
 #endif
@@ -33,12 +41,12 @@ static unsigned int ftrace_calc_offset(long ip, long addr)
        return (int)(addr - ip);
 }
-unsigned char *ftrace_nop_replace(void)
+static unsigned char *ftrace_nop_replace(void)
 {
        return (char *)&ftrace_nop;
 }
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
        static unsigned int op;
@@ -68,49 +76,422 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 # define _ASM_PTR       " .long "
 #endif
-int
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                   unsigned char *new_code)
 {
-        unsigned replaced;
+        unsigned char replaced[MCOUNT_INSN_SIZE];
-        unsigned old = *(unsigned *)old_code;
-        unsigned new = *(unsigned *)new_code;
-        int faulted = 0;
        /*
         * Note: Due to modules and __init, code can
         *  disappear and change, we need to protect against faulting
-         *  as well as code changing.
+         *  as well as code changing. We do this by using the
+         *  probe_kernel_* functions.
         *
         * No real locking needed, this code is run through
-         * kstop_machine.
+         * kstop_machine, or before SMP starts.
         */
-        asm volatile (
-                "1: lwz         %1, 0(%2)\n"
+        /* read the text we want to modify */
-                "   cmpw        %1, %5\n"
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
-                "   bne         2f\n"
+                return -EFAULT;
-                "   stwu        %3, 0(%2)\n"
-                "2:\n"
+        /* Make sure it is what we expect it to be */
-                ".section .fixup, \"ax\"\n"
+        if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
-                "3:     li %0, 1\n"
+                return -EINVAL;
-                "       b 2b\n"
-                ".previous\n"
+        /* replace the text with the new text */
-                ".section __ex_table,\"a\"\n"
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
-                _ASM_ALIGN "\n"
+                return -EPERM;
-                _ASM_PTR "1b, 3b\n"
-                ".previous"
+        flush_icache_range(ip, ip + 8);
-                : "=r"(faulted), "=r"(replaced)
-                : "r"(ip), "r"(new),
+        return 0;
-                  "0"(faulted), "r"(old)
+}
-                : "memory");
+/*
-        if (replaced != old && replaced != new)
+ * Helper functions that are the same for both PPC64 and PPC32.
-                faulted = 2;
+ */
+static int test_24bit_addr(unsigned long ip, unsigned long addr)
-        if (!faulted)
+{
-                flush_icache_range(ip, ip + 8);
+        /* use the create_branch to verify that this offset can be branched */
-        return faulted;
+        return create_branch((unsigned int *)ip, addr, 0);
+}
+static int is_bl_op(unsigned int op)
+{
+        return (op & 0xfc000003) == 0x48000001;
+}
+static unsigned long find_bl_target(unsigned long ip, unsigned int op)
+{
+        static int offset;
+        offset = (op & 0x03fffffc);
+        /* make it signed */
+        if (offset & 0x02000000)
+                offset |= 0xfe000000;
+        return ip + (long)offset;
+}
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned int jmp[5];
+        unsigned long ptr;
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        int offset;
+        /* read where this goes */
+        if (probe_kernel_read(&op, (void *)ip, sizeof(int)))
+                return -EFAULT;
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
+                return -EINVAL;
+        }
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, op);
+        /*
+         * On PPC64 the trampoline looks like:
+         * 0x3d, 0x82, 0x00, 0x00,    addis   r12,r2, <high>
+         * 0x39, 0x8c, 0x00, 0x00,    addi    r12,r12, <low>
+         *   Where the bytes 2,3,6 and 7 make up the 32bit offset
+         *   to the TOC that holds the pointer.
+         *   to jump to.
+         * 0xf8, 0x41, 0x00, 0x28,    std     r2,40(r1)
+         * 0xe9, 0x6c, 0x00, 0x20,    ld      r11,32(r12)
+         *   The actually address is 32 bytes from the offset
+         *   into the TOC.
+         * 0xe8, 0x4c, 0x00, 0x28,    ld      r2,40(r12)
+         */
+        DEBUGP("ip:%lx jumps to %lx r2: %lx", ip, tramp, mod->arch.toc);
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x", jmp[0], jmp[1]);
+        /* verify that this is what we expect it to be */
+        if (((jmp[0] & 0xffff0000) != 0x3d820000) ||
+            ((jmp[1] & 0xffff0000) != 0x398c0000) ||
+            (jmp[2] != 0xf8410028) ||
+            (jmp[3] != 0xe96c0020) ||
+            (jmp[4] != 0xe84c0028)) {
+                printk(KERN_ERR "Not a trampoline\n");
+                return -EINVAL;
+        }
+        offset = (unsigned)((unsigned short)jmp[0]) << 16 |
+                (unsigned)((unsigned short)jmp[1]);
+        DEBUGP(" %x ", offset);
+        /* get the address this jumps too */
+        tramp = mod->arch.toc + offset + 32;
+        DEBUGP("toc: %lx", tramp);
+        if (probe_kernel_read(jmp, (void *)tramp, 8)) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x\n", jmp[0], jmp[1]);
+        ptr = ((unsigned long)jmp[0] << 32) + jmp[1];
+        /* This should match what was called */
+        if (ptr != GET_ADDR(addr)) {
+                printk(KERN_ERR "addr does not match %lx\n", ptr);
+                return -EINVAL;
+        }
+        /*
+         * We want to nop the line, but the next line is
+         *  0xe8, 0x41, 0x00, 0x28   ld r2,40(r1)
+         * This needs to be turned to a nop too.
+         */
+        if (probe_kernel_read(&op, (void *)(ip+4), MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        if (op != 0xe8410028) {
+                printk(KERN_ERR "Next line is not ld! (%08x)\n", op);
+                return -EINVAL;
+        }
+        /*
+         * Milton Miller pointed out that we can not blindly do nops.
+         * If a task was preempted when calling a trace function,
+         * the nops will remove the way to restore the TOC in r2
+         * and the r2 TOC will get corrupted.
+         */
+        /*
+         * Replace:
+         *   bl <tramp>  <==== will be replaced with "b 1f"
+         *   ld r2,40(r1)
+         *  1:
+         */
+        op = 0x48000008;        /* b +8 */
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#else /* !PPC64 */
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned int jmp[4];
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
+                return -EINVAL;
+        }
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, op);
+        /*
+         * On PPC32 the trampoline looks like:
+         *  0x3d, 0x60, 0x00, 0x00  lis r11,sym@ha
+         *  0x39, 0x6b, 0x00, 0x00  addi r11,r11,sym@l
+         *  0x7d, 0x69, 0x03, 0xa6  mtctr r11
+         *  0x4e, 0x80, 0x04, 0x20  bctr
+         */
+        DEBUGP("ip:%lx jumps to %lx", ip, tramp);
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x ", jmp[0], jmp[1]);
+        /* verify that this is what we expect it to be */
+        if (((jmp[0] & 0xffff0000) != 0x3d600000) ||
+            ((jmp[1] & 0xffff0000) != 0x396b0000) ||
+            (jmp[2] != 0x7d6903a6) ||
+            (jmp[3] != 0x4e800420)) {
+                printk(KERN_ERR "Not a trampoline\n");
+                return -EINVAL;
+        }
+        tramp = (jmp[1] & 0xffff) |
+                ((jmp[0] & 0xffff) << 16);
+        if (tramp & 0x8000)
+                tramp -= 0x10000;
+        DEBUGP(" %x ", tramp);
+        if (tramp != addr) {
+                printk(KERN_ERR
+                       "Trampoline location %08lx does not match addr\n",
+                       tramp);
+                return -EINVAL;
+        }
+        op = PPC_NOP_INSTR;
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#endif /* PPC64 */
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_call_replace(ip, addr);
+                new = ftrace_nop_replace();
+                return ftrace_modify_code(ip, old, new);
+        }
+        /*
+         * Out of range jumps are called from modules.
+         * We should either already have a pointer to the module
+         * or it has been passed in.
+         */
+        if (!rec->arch.mod) {
+                if (!mod) {
+                        printk(KERN_ERR "No module loaded addr=%lx\n",
+                               addr);
+                        return -EFAULT;
+                }
+                rec->arch.mod = mod;
+        } else if (mod) {
+                if (mod != rec->arch.mod) {
+                        printk(KERN_ERR
+                               "Record mod %p not equal to passed in mod %p\n",
+                               rec->arch.mod, mod);
+                        return -EINVAL;
+                }
+                /* nothing to do if mod == rec->arch.mod */
+        } else
+                mod = rec->arch.mod;
+        return __ftrace_make_nop(mod, rec, addr);
+}
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op[2];
+        unsigned long ip = rec->ip;
+        /* read where this goes */
+        if (probe_kernel_read(op, (void *)ip, MCOUNT_INSN_SIZE * 2))
+                return -EFAULT;
+        /*
+         * It should be pointing to two nops or
+         *  b +8; ld r2,40(r1)
+         */
+        if (((op[0] != 0x48000008) || (op[1] != 0xe8410028)) &&
+            ((op[0] != PPC_NOP_INSTR) || (op[1] != PPC_NOP_INSTR))) {
+                printk(KERN_ERR "Expected NOPs but have %x %x\n", op[0], op[1]);
+                return -EINVAL;
+        }
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+        /* create the branch to the trampoline */
+        op[0] = create_branch((unsigned int *)ip,
+                              rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
+        if (!op[0]) {
+                printk(KERN_ERR "REL24 out of range!\n");
+                return -EINVAL;
+        }
+        /* ld r2,40(r1) */
+        op[1] = 0xe8410028;
+        DEBUGP("write to %lx\n", rec->ip);
+        if (probe_kernel_write((void *)ip, op, MCOUNT_INSN_SIZE * 2))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#else
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned long ip = rec->ip;
+        /* read where this goes */
+        if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        /* It should be pointing to a nop */
+        if (op != PPC_NOP_INSTR) {
+                printk(KERN_ERR "Expected NOP but have %x\n", op);
+                return -EINVAL;
+        }
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+        /* create the branch to the trampoline */
+        op = create_branch((unsigned int *)ip,
+                           rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
+        if (!op) {
+                printk(KERN_ERR "REL24 out of range!\n");
+                return -EINVAL;
+        }
+        DEBUGP("write to %lx\n", rec->ip);
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#endif /* CONFIG_PPC64 */
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_nop_replace();
+                new = ftrace_call_replace(ip, addr);
+                return ftrace_modify_code(ip, old, new);
+        }
+        /*
+         * Out of range jumps are called from modules.
+         * Being that we are converting from nop, it had better
+         * already have a module defined.
+         */
+        if (!rec->arch.mod) {
+                printk(KERN_ERR "No module loaded\n");
+                return -EINVAL;
+        }
+        return __ftrace_make_call(rec, addr);
 }
 int ftrace_update_ftrace_func(ftrace_func_t func)
@@ -128,10 +509,10 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
 int __init ftrace_dyn_arch_init(void *data)
 {
-        /* This is running in kstop_machine */
+        /* caller expects data to be zero */
+        unsigned long *p = data;
-        ftrace_mcount_set(data);
+        *p = 0;
        return 0;
 }
diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c
index 31982d05d81a..88d9c1d5e5fb 100644
--- a/arch/powerpc/kernel/idle.c
+++ b/arch/powerpc/kernel/idle.c
@@ -69,10 +69,15 @@ void cpu_idle(void)
                                smp_mb();
                                local_irq_disable();
+                                /* Don't trace irqs off for idle */
+                                stop_critical_timings();
                                /* check again after disabling irqs */
                                if (!need_resched() && !cpu_should_die())
                                        ppc_md.power_save();
+                                start_critical_timings();
                                local_irq_enable();
                                set_thread_flag(TIF_POLLING_NRFLAG);
diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
index 2df91a03462a..f832773fc28e 100644
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -22,6 +22,7 @@
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
+#include <linux/ftrace.h>
 #include <linux/cache.h>
 #include <linux/bug.h>
 #include <linux/sort.h>
@@ -53,6 +54,9 @@ static unsigned int count_relocs(const Elf32_Rela *rela, unsigned int num)
                        r_addend = rela[i].r_addend;
                }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        _count_relocs++;        /* add one for ftrace_caller */
+#endif
        return _count_relocs;
 }
@@ -306,5 +310,11 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
                        return -ENOEXEC;
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        module->arch.tramp =
+                do_plt_call(module->module_core,
+                            (unsigned long)ftrace_caller,
+                            sechdrs, module);
+#endif
        return 0;
 }
diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c
index 1af2377e4992..8992b031a7b6 100644
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -20,6 +20,7 @@
 #include <linux/moduleloader.h>
 #include <linux/err.h>
 #include <linux/vmalloc.h>
+#include <linux/ftrace.h>
 #include <linux/bug.h>
 #include <asm/module.h>
 #include <asm/firmware.h>
@@ -163,6 +164,11 @@ static unsigned long get_stubs_size(const Elf64_Ehdr *hdr,
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        /* make the trampoline to the ftrace_caller */
+        relocs++;
+#endif
        DEBUGP("Looks like a total of %lu stubs, max\n", relocs);
        return relocs * sizeof(struct ppc64_stub_entry);
 }
@@ -441,5 +447,12 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        me->arch.toc = my_r2(sechdrs, me);
+        me->arch.tramp = stub_for_addr(sechdrs,
+                                       (unsigned long)ftrace_caller,
+                                       me);
+#endif
        return 0;
 }
diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile
index d69912c07ce7..8db35278a4b4 100644
--- a/arch/powerpc/lib/Makefile
+++ b/arch/powerpc/lib/Makefile
@@ -6,6 +6,9 @@ ifeq ($(CONFIG_PPC64),y)
 EXTRA_CFLAGS            += -mno-minimal-toc
 endif
+CFLAGS_REMOVE_code-patching.o = -pg
+CFLAGS_REMOVE_feature-fixups.o = -pg
 obj-y                   := string.o alloc.o \
                           checksum_$(CONFIG_WORD_SIZE).o
 obj-$(CONFIG_PPC32)     += div64.o copy_32.o crtsavres.o
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ac22bb7719f7..45c86fb94132 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -29,11 +29,14 @@ config X86
        select HAVE_FTRACE_MCOUNT_RECORD
        select HAVE_DYNAMIC_FTRACE
        select HAVE_FUNCTION_TRACER
+        select HAVE_FUNCTION_GRAPH_TRACER
+        select HAVE_FUNCTION_TRACE_MCOUNT_TEST
        select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
        select HAVE_ARCH_KGDB if !X86_VOYAGER
        select HAVE_ARCH_TRACEHOOK
        select HAVE_GENERIC_DMA_COHERENT if X86_32
        select HAVE_EFFICIENT_UNALIGNED_ACCESS
+        select USER_STACKTRACE_SUPPORT
 config ARCH_DEFCONFIG
        string
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index b815664fe370..85a78575956c 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -515,6 +515,7 @@ config CPU_SUP_UMC_32
 config X86_DS
        def_bool X86_PTRACE_BTS
        depends on X86_DEBUGCTLMSR
+        select HAVE_HW_BRANCH_TRACER
 config X86_PTRACE_BTS
        bool "Branch Trace Store"
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 2a3dfbd5e677..fa013f529b74 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -186,14 +186,10 @@ config IOMMU_LEAK
          Add a simple leak tracer to the IOMMU code. This is useful when you
          are debugging a buggy device driver that leaks IOMMU mappings.
-config MMIOTRACE_HOOKS
-        bool
 config MMIOTRACE
        bool "Memory mapped IO tracing"
        depends on DEBUG_KERNEL && PCI
        select TRACING
-        select MMIOTRACE_HOOKS
        help
          Mmiotrace traces Memory Mapped I/O access and is meant for
          debugging and reverse engineering. It is called from the ioremap
diff --git a/arch/x86/include/asm/ds.h b/arch/x86/include/asm/ds.h
index a95008457ea4..ee0ea3a96c11 100644
--- a/arch/x86/include/asm/ds.h
+++ b/arch/x86/include/asm/ds.h
@@ -6,14 +6,13 @@
 * precise-event based sampling (PEBS).
 *
 * It manages:
- * - per-thread and per-cpu allocation of BTS and PEBS
+ * - DS and BTS hardware configuration
- * - buffer memory allocation (optional)
+ * - buffer overflow handling (to be done)
- * - buffer overflow handling
 * - buffer access
 *
- * It assumes:
+ * It does not do:
- * - get_task_struct on all parameter tasks
+ * - security checking (is the caller allowed to trace the task)
- * - current is allowed to trace parameter tasks
+ * - buffer allocation (memory accounting)
 *
 *
 * Copyright (C) 2007-2008 Intel Corporation.
@@ -26,11 +25,51 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/err.h>
 #ifdef CONFIG_X86_DS
 struct task_struct;
+struct ds_context;
+struct ds_tracer;
+struct bts_tracer;
+struct pebs_tracer;
+typedef void (*bts_ovfl_callback_t)(struct bts_tracer *);
+typedef void (*pebs_ovfl_callback_t)(struct pebs_tracer *);
+/*
+ * A list of features plus corresponding macros to talk about them in
+ * the ds_request function's flags parameter.
+ *
+ * We use the enum to index an array of corresponding control bits;
+ * we use the macro to index a flags bit-vector.
+ */
+enum ds_feature {
+        dsf_bts = 0,
+        dsf_bts_kernel,
+#define BTS_KERNEL (1 << dsf_bts_kernel)
+        /* trace kernel-mode branches */
+        dsf_bts_user,
+#define BTS_USER (1 << dsf_bts_user)
+        /* trace user-mode branches */
+        dsf_bts_overflow,
+        dsf_bts_max,
+        dsf_pebs = dsf_bts_max,
+        dsf_pebs_max,
+        dsf_ctl_max = dsf_pebs_max,
+        dsf_bts_timestamps = dsf_ctl_max,
+#define BTS_TIMESTAMPS (1 << dsf_bts_timestamps)
+        /* add timestamps into BTS trace */
+#define BTS_USER_FLAGS (BTS_KERNEL | BTS_USER | BTS_TIMESTAMPS)
+};
 /*
 * Request BTS or PEBS
@@ -38,163 +77,169 @@ struct task_struct;
 * Due to alignement constraints, the actual buffer may be slightly
 * smaller than the requested or provided buffer.
 *
- * Returns 0 on success; -Eerrno otherwise
+ * Returns a pointer to a tracer structure on success, or
+ * ERR_PTR(errcode) on failure.
+ *
+ * The interrupt threshold is independent from the overflow callback
+ * to allow users to use their own overflow interrupt handling mechanism.
 *
 * task: the task to request recording for;
 *       NULL for per-cpu recording on the current cpu
 * base: the base pointer for the (non-pageable) buffer;
- *       NULL if buffer allocation requested
+ * size: the size of the provided buffer in bytes
- * size: the size of the requested or provided buffer
 * ovfl: pointer to a function to be called on buffer overflow;
 *       NULL if cyclic buffer requested
+ * th: the interrupt threshold in records from the end of the buffer;
+ *     -1 if no interrupt threshold is requested.
+ * flags: a bit-mask of the above flags
 */
-typedef void (*ds_ovfl_callback_t)(struct task_struct *);
+extern struct bts_tracer *ds_request_bts(struct task_struct *task,
-extern int ds_request_bts(struct task_struct *task, void *base, size_t size,
+                                         void *base, size_t size,
-                          ds_ovfl_callback_t ovfl);
+                                         bts_ovfl_callback_t ovfl,
-extern int ds_request_pebs(struct task_struct *task, void *base, size_t size,
+                                         size_t th, unsigned int flags);
-                           ds_ovfl_callback_t ovfl);
+extern struct pebs_tracer *ds_request_pebs(struct task_struct *task,
+                                           void *base, size_t size,
+                                           pebs_ovfl_callback_t ovfl,
+                                           size_t th, unsigned int flags);
 /*
 * Release BTS or PEBS resources
+ * Suspend and resume BTS or PEBS tracing
 *
- * Frees buffers allocated on ds_request.
+ * tracer: the tracer handle returned from ds_request_~()
- *
- * Returns 0 on success; -Eerrno otherwise
- *
- * task: the task to release resources for;
- *       NULL to release resources for the current cpu
 */
-extern int ds_release_bts(struct task_struct *task);
+extern void ds_release_bts(struct bts_tracer *tracer);
-extern int ds_release_pebs(struct task_struct *task);
+extern void ds_suspend_bts(struct bts_tracer *tracer);
+extern void ds_resume_bts(struct bts_tracer *tracer);
+extern void ds_release_pebs(struct pebs_tracer *tracer);
+extern void ds_suspend_pebs(struct pebs_tracer *tracer);
+extern void ds_resume_pebs(struct pebs_tracer *tracer);
-/*
- * Return the (array) index of the write pointer.
- * (assuming an array of BTS/PEBS records)
- *
- * Returns -Eerrno on error
- *
- * task: the task to access;
- *       NULL to access the current cpu
- * pos (out): if not NULL, will hold the result
- */
-extern int ds_get_bts_index(struct task_struct *task, size_t *pos);
-extern int ds_get_pebs_index(struct task_struct *task, size_t *pos);
 /*
- * Return the (array) index one record beyond the end of the array.
+ * The raw DS buffer state as it is used for BTS and PEBS recording.
- * (assuming an array of BTS/PEBS records)
- *
- * Returns -Eerrno on error
 *
- * task: the task to access;
+ * This is the low-level, arch-dependent interface for working
- *       NULL to access the current cpu
+ * directly on the raw trace data.
- * pos (out): if not NULL, will hold the result
 */
-extern int ds_get_bts_end(struct task_struct *task, size_t *pos);
+struct ds_trace {
-extern int ds_get_pebs_end(struct task_struct *task, size_t *pos);
+        /* the number of bts/pebs records */
+        size_t n;
+        /* the size of a bts/pebs record in bytes */
+        size_t size;
+        /* pointers into the raw buffer:
+           - to the first entry */
+        void *begin;
+        /* - one beyond the last entry */
+        void *end;
+        /* - one beyond the newest entry */
+        void *top;
+        /* - the interrupt threshold */
+        void *ith;
+        /* flags given on ds_request() */
+        unsigned int flags;
+};
 /*
- * Provide a pointer to the BTS/PEBS record at parameter index.
+ * An arch-independent view on branch trace data.
- * (assuming an array of BTS/PEBS records)
- *
- * The pointer points directly into the buffer. The user is
- * responsible for copying the record.
- *
- * Returns the size of a single record on success; -Eerrno on error
- *
- * task: the task to access;
- *       NULL to access the current cpu
- * index: the index of the requested record
- * record (out): pointer to the requested record
 */
-extern int ds_access_bts(struct task_struct *task,
+enum bts_qualifier {
-                         size_t index, const void **record);
+        bts_invalid,
-extern int ds_access_pebs(struct task_struct *task,
+#define BTS_INVALID bts_invalid
-                          size_t index, const void **record);
+        bts_branch,
+#define BTS_BRANCH bts_branch
+        bts_task_arrives,
+#define BTS_TASK_ARRIVES bts_task_arrives
+        bts_task_departs,
+#define BTS_TASK_DEPARTS bts_task_departs
+        bts_qual_bit_size = 4,
+        bts_qual_max = (1 << bts_qual_bit_size),
+};
+struct bts_struct {
+        __u64 qualifier;
+        union {
+                /* BTS_BRANCH */
+                struct {
+                        __u64 from;
+                        __u64 to;
+                } lbr;
+                /* BTS_TASK_ARRIVES or BTS_TASK_DEPARTS */
+                struct {
+                        __u64 jiffies;
+                        pid_t pid;
+                } timestamp;
+        } variant;
+};
-/*
- * Write one or more BTS/PEBS records at the write pointer index and
- * advance the write pointer.
- *
- * If size is not a multiple of the record size, trailing bytes are
- * zeroed out.
- *
- * May result in one or more overflow notifications.
- *
- * If called during overflow handling, that is, with index >=
- * interrupt threshold, the write will wrap around.
- *
- * An overflow notification is given if and when the interrupt
- * threshold is reached during or after the write.
- *
- * Returns the number of bytes written or -Eerrno.
- *
- * task: the task to access;
- *       NULL to access the current cpu
- * buffer: the buffer to write
- * size: the size of the buffer
- */
-extern int ds_write_bts(struct task_struct *task,
-                        const void *buffer, size_t size);
-extern int ds_write_pebs(struct task_struct *task,
-                         const void *buffer, size_t size);
 /*
- * Same as ds_write_bts/pebs, but omit ownership checks.
+ * The BTS state.
 *
- * This is needed to have some other task than the owner of the
+ * This gives access to the raw DS state and adds functions to provide
- * BTS/PEBS buffer or the parameter task itself write into the
+ * an arch-independent view of the BTS data.
- * respective buffer.
 */
-extern int ds_unchecked_write_bts(struct task_struct *task,
+struct bts_trace {
-                                  const void *buffer, size_t size);
+        struct ds_trace ds;
-extern int ds_unchecked_write_pebs(struct task_struct *task,
-                                   const void *buffer, size_t size);
+        int (*read)(struct bts_tracer *tracer, const void *at,
+                    struct bts_struct *out);
+        int (*write)(struct bts_tracer *tracer, const struct bts_struct *in);
+};
 /*
- * Reset the write pointer of the BTS/PEBS buffer.
+ * The PEBS state.
- *
- * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * This gives access to the raw DS state and the PEBS-specific counter
- *       NULL to access the current cpu
+ * reset value.
 */
-extern int ds_reset_bts(struct task_struct *task);
+struct pebs_trace {
-extern int ds_reset_pebs(struct task_struct *task);
+        struct ds_trace ds;
+        /* the PEBS reset value */
+        unsigned long long reset_value;
+};
 /*
- * Clear the BTS/PEBS buffer and reset the write pointer.
+ * Read the BTS or PEBS trace.
- * The entire buffer will be zeroed out.
 *
- * Returns 0 on success; -Eerrno on error
+ * Returns a view on the trace collected for the parameter tracer.
 *
- * task: the task to access;
+ * The view remains valid as long as the traced task is not running or
- *       NULL to access the current cpu
+ * the tracer is suspended.
+ * Writes into the trace buffer are not reflected.
+ *
+ * tracer: the tracer handle returned from ds_request_~()
 */
-extern int ds_clear_bts(struct task_struct *task);
+extern const struct bts_trace *ds_read_bts(struct bts_tracer *tracer);
-extern int ds_clear_pebs(struct task_struct *task);
+extern const struct pebs_trace *ds_read_pebs(struct pebs_tracer *tracer);
 /*
- * Provide the PEBS counter reset value.
+ * Reset the write pointer of the BTS/PEBS buffer.
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
- * value (out): the counter reset value
 */
-extern int ds_get_pebs_reset(struct task_struct *task, u64 *value);
+extern int ds_reset_bts(struct bts_tracer *tracer);
+extern int ds_reset_pebs(struct pebs_tracer *tracer);
 /*
 * Set the PEBS counter reset value.
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_pebs()
- *       NULL to access the current cpu
 * value: the new counter reset value
 */
-extern int ds_set_pebs_reset(struct task_struct *task, u64 value);
+extern int ds_set_pebs_reset(struct pebs_tracer *tracer, u64 value);
 /*
 * Initialization
@@ -202,39 +247,17 @@ extern int ds_set_pebs_reset(struct task_struct *task, u64 value);
 struct cpuinfo_x86;
 extern void __cpuinit ds_init_intel(struct cpuinfo_x86 *);
 /*
- * The DS context - part of struct thread_struct.
+ * Context switch work
 */
-struct ds_context {
+extern void ds_switch_to(struct task_struct *prev, struct task_struct *next);
-        /* pointer to the DS configuration; goes into MSR_IA32_DS_AREA */
-        unsigned char *ds;
-        /* the owner of the BTS and PEBS configuration, respectively */
-        struct task_struct *owner[2];
-        /* buffer overflow notification function for BTS and PEBS */
-        ds_ovfl_callback_t callback[2];
-        /* the original buffer address */
-        void *buffer[2];
-        /* the number of allocated pages for on-request allocated buffers */
-        unsigned int pages[2];
-        /* use count */
-        unsigned long count;
-        /* a pointer to the context location inside the thread_struct
-         * or the per_cpu context array */
-        struct ds_context **this;
-        /* a pointer to the task owning this context, or NULL, if the
-         * context is owned by a cpu */
-        struct task_struct *task;
-};
-/* called by exit_thread() to free leftover contexts */
-extern void ds_free(struct ds_context *context);
 #else /* CONFIG_X86_DS */
 struct cpuinfo_x86;
 static inline void __cpuinit ds_init_intel(struct cpuinfo_x86 *ignored) {}
+static inline void ds_switch_to(struct task_struct *prev,
+                                struct task_struct *next) {}
 #endif /* CONFIG_X86_DS */
 #endif /* _ASM_X86_DS_H */
diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h
index 9e8bc29b8b17..b55b4a7fbefd 100644
--- a/arch/x86/include/asm/ftrace.h
+++ b/arch/x86/include/asm/ftrace.h
@@ -1,6 +1,33 @@
 #ifndef _ASM_X86_FTRACE_H
 #define _ASM_X86_FTRACE_H
+#ifdef __ASSEMBLY__
+        .macro MCOUNT_SAVE_FRAME
+        /* taken from glibc */
+        subq $0x38, %rsp
+        movq %rax, (%rsp)
+        movq %rcx, 8(%rsp)
+        movq %rdx, 16(%rsp)
+        movq %rsi, 24(%rsp)
+        movq %rdi, 32(%rsp)
+        movq %r8, 40(%rsp)
+        movq %r9, 48(%rsp)
+        .endm
+        .macro MCOUNT_RESTORE_FRAME
+        movq 48(%rsp), %r9
+        movq 40(%rsp), %r8
+        movq 32(%rsp), %rdi
+        movq 24(%rsp), %rsi
+        movq 16(%rsp), %rdx
+        movq 8(%rsp), %rcx
+        movq (%rsp), %rax
+        addq $0x38, %rsp
+        .endm
+#endif
 #ifdef CONFIG_FUNCTION_TRACER
 #define MCOUNT_ADDR             ((long)(mcount))
 #define MCOUNT_INSN_SIZE        5 /* sizeof mcount call */
@@ -17,8 +44,40 @@ static inline unsigned long ftrace_call_adjust(unsigned long addr)
         */
        return addr - 1;
 }
-#endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+struct dyn_arch_ftrace {
+        /* No extra data needed for x86 */
+};
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+#ifndef __ASSEMBLY__
+/*
+ * Stack of return addresses for functions
+ * of a thread.
+ * Used in struct thread_info
+ */
+struct ftrace_ret_stack {
+        unsigned long ret;
+        unsigned long func;
+        unsigned long long calltime;
+};
+/*
+ * Primary handler of a function return.
+ * It relays on ftrace_return_to_handler.
+ * Defined in entry_32/64.S
+ */
+extern void return_to_handler(void);
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
 #endif /* _ASM_X86_FTRACE_H */
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 5ca01e383269..aa5914f8e501 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -752,6 +752,19 @@ extern void switch_to_new_gdt(void);
 extern void cpu_init(void);
 extern void init_gdt(int cpu);
+static inline unsigned long get_debugctlmsr(void)
+{
+    unsigned long debugctlmsr = 0;
+#ifndef CONFIG_X86_DEBUGCTLMSR
+        if (boot_cpu_data.x86 < 6)
+                return 0;
+#endif
+        rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctlmsr);
+    return debugctlmsr;
+}
 static inline void update_debugctlmsr(unsigned long debugctlmsr)
 {
 #ifndef CONFIG_X86_DEBUGCTLMSR
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index eefb0594b058..fbf744215911 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -6,7 +6,6 @@
 #include <asm/processor-flags.h>
 #ifdef __KERNEL__
-#include <asm/ds.h>             /* the DS BTS struct is used for ptrace too */
 #include <asm/segment.h>
 #endif
@@ -128,34 +127,6 @@ struct pt_regs {
 #endif /* !__i386__ */
-#ifdef CONFIG_X86_PTRACE_BTS
-/* a branch trace record entry
- *
- * In order to unify the interface between various processor versions,
- * we use the below data structure for all processors.
- */
-enum bts_qualifier {
-        BTS_INVALID = 0,
-        BTS_BRANCH,
-        BTS_TASK_ARRIVES,
-        BTS_TASK_DEPARTS
-};
-struct bts_struct {
-        __u64 qualifier;
-        union {
-                /* BTS_BRANCH */
-                struct {
-                        __u64 from_ip;
-                        __u64 to_ip;
-                } lbr;
-                /* BTS_TASK_ARRIVES or
-                   BTS_TASK_DEPARTS */
-                __u64 jiffies;
-        } variant;
-};
-#endif /* CONFIG_X86_PTRACE_BTS */
 #ifdef __KERNEL__
 #include <linux/init.h>
@@ -163,13 +134,6 @@ struct bts_struct {
 struct cpuinfo_x86;
 struct task_struct;
-#ifdef CONFIG_X86_PTRACE_BTS
-extern void __cpuinit ptrace_bts_init_intel(struct cpuinfo_x86 *);
-extern void ptrace_bts_take_timestamp(struct task_struct *, enum bts_qualifier);
-#else
-#define ptrace_bts_init_intel(config) do {} while (0)
-#endif /* CONFIG_X86_PTRACE_BTS */
 extern unsigned long profile_pc(struct pt_regs *regs);
 extern unsigned long
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index e44d379faad2..bf8113d16a33 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -20,6 +20,8 @@
 struct task_struct;
 struct exec_domain;
 #include <asm/processor.h>
+#include <asm/ftrace.h>
+#include <asm/atomic.h>
 struct thread_info {
        struct task_struct      *task;          /* main task structure */
@@ -91,7 +93,6 @@ struct thread_info {
 #define TIF_FORCED_TF           24      /* true if TF in eflags artificially */
 #define TIF_DEBUGCTLMSR         25      /* uses thread_struct.debugctlmsr */
 #define TIF_DS_AREA_MSR         26      /* uses thread_struct.ds_area_msr */
-#define TIF_BTS_TRACE_TS        27      /* record scheduling event timestamps */
 #define _TIF_SYSCALL_TRACE      (1 << TIF_SYSCALL_TRACE)
 #define _TIF_NOTIFY_RESUME      (1 << TIF_NOTIFY_RESUME)
@@ -113,7 +114,6 @@ struct thread_info {
 #define _TIF_FORCED_TF          (1 << TIF_FORCED_TF)
 #define _TIF_DEBUGCTLMSR        (1 << TIF_DEBUGCTLMSR)
 #define _TIF_DS_AREA_MSR        (1 << TIF_DS_AREA_MSR)
-#define _TIF_BTS_TRACE_TS       (1 << TIF_BTS_TRACE_TS)
 /* work to do in syscall_trace_enter() */
 #define _TIF_WORK_SYSCALL_ENTRY \
@@ -139,8 +139,7 @@ struct thread_info {
 /* flags to check in __switch_to() */
 #define _TIF_WORK_CTXSW                                                 \
-        (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR|_TIF_BTS_TRACE_TS| \
+        (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR|_TIF_NOTSC)
-                                                                _TIF_NOTSC)
 #define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
 #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index b62a7667828e..1cad9318d217 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -25,7 +25,7 @@ CFLAGS_tsc.o		:= $(nostackp)
 obj-y                   := process_$(BITS).o signal_$(BITS).o entry_$(BITS).o
 obj-y                   += traps.o irq.o irq_$(BITS).o dumpstack_$(BITS).o
-obj-y                   += time_$(BITS).o ioport.o ldt.o
+obj-y                   += time_$(BITS).o ioport.o ldt.o dumpstack.o
 obj-y                   += setup.o i8259.o irqinit_$(BITS).o setup_percpu.o
 obj-$(CONFIG_X86_VISWS) += visws_quirks.o
 obj-$(CONFIG_X86_32)    += probe_roms_32.o
@@ -65,6 +65,7 @@ obj-$(CONFIG_X86_LOCAL_APIC)	+= apic.o nmi.o
 obj-$(CONFIG_X86_IO_APIC)       += io_apic.o
 obj-$(CONFIG_X86_REBOOTFIXUPS)  += reboot_fixups_32.o
 obj-$(CONFIG_DYNAMIC_FTRACE)    += ftrace.o
+obj-$(CONFIG_FUNCTION_GRAPH_TRACER)     += ftrace.o
 obj-$(CONFIG_KEXEC)             += machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
diff --git a/arch/x86/kernel/apic.c b/arch/x86/kernel/apic.c
index 16f94879b525..b946ac19753b 100644
--- a/arch/x86/kernel/apic.c
+++ b/arch/x86/kernel/apic.c
@@ -30,6 +30,7 @@
 #include <linux/module.h>
 #include <linux/dmi.h>
 #include <linux/dmar.h>
+#include <linux/ftrace.h>
 #include <asm/atomic.h>
 #include <asm/smp.h>
@@ -800,7 +801,7 @@ static void local_apic_timer_interrupt(void)
 * [ if a single-CPU system runs an SMP kernel then we call the local
 *   interrupt as well. Thus we cannot inline the local irq ... ]
 */
-void smp_apic_timer_interrupt(struct pt_regs *regs)
+void __irq_entry smp_apic_timer_interrupt(struct pt_regs *regs)
 {
        struct pt_regs *old_regs = set_irq_regs(regs);
diff --git a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
index 8e48c5d4467d..88ea02dcb622 100644
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -33,6 +33,7 @@
 #include <linux/cpufreq.h>
 #include <linux/compiler.h>
 #include <linux/dmi.h>
+#include <linux/ftrace.h>
 #include <linux/acpi.h>
 #include <acpi/processor.h>
@@ -391,6 +392,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
        unsigned int next_perf_state = 0; /* Index into perf table */
        unsigned int i;
        int result = 0;
+        struct power_trace it;
        dprintk("acpi_cpufreq_target %d (%d)\n", target_freq, policy->cpu);
@@ -427,6 +429,8 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
                }
        }
+        trace_power_mark(&it, POWER_PSTATE, next_perf_state);
        switch (data->cpu_feature) {
        case SYSTEM_INTEL_MSR_CAPABLE:
                cmd.type = SYSTEM_INTEL_MSR_CAPABLE;
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index cce0b6118d55..cd413d9a0218 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -11,7 +11,6 @@
 #include <asm/pgtable.h>
 #include <asm/msr.h>
 #include <asm/uaccess.h>
-#include <asm/ptrace.h>
 #include <asm/ds.h>
 #include <asm/bugs.h>
@@ -307,10 +306,6 @@ static void __cpuinit init_intel(struct cpuinfo_x86 *c)
                set_cpu_cap(c, X86_FEATURE_P4);
        if (c->x86 == 6)
                set_cpu_cap(c, X86_FEATURE_P3);
-        if (cpu_has_bts)
-                ptrace_bts_init_intel(c);
 #endif
        detect_extended_topology(c);
diff --git a/arch/x86/kernel/ds.c b/arch/x86/kernel/ds.c
index a2d1176c38ee..98d271e60e08 100644
--- a/arch/x86/kernel/ds.c
+++ b/arch/x86/kernel/ds.c
@@ -6,14 +6,13 @@
 * precise-event based sampling (PEBS).
 *
 * It manages:
- * - per-thread and per-cpu allocation of BTS and PEBS
+ * - DS and BTS hardware configuration
- * - buffer memory allocation (optional)
+ * - buffer overflow handling (to be done)
- * - buffer overflow handling
 * - buffer access
 *
- * It assumes:
+ * It does not do:
- * - get_task_struct on all parameter tasks
+ * - security checking (is the caller allowed to trace the task)
- * - current is allowed to trace parameter tasks
+ * - buffer allocation (memory accounting)
 *
 *
 * Copyright (C) 2007-2008 Intel Corporation.
@@ -28,22 +27,69 @@
 #include <linux/slab.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
+#include <linux/kernel.h>
 /*
 * The configuration for a particular DS hardware implementation.
 */
 struct ds_configuration {
-        /* the size of the DS structure in bytes */
+        /* the name of the configuration */
-        unsigned char  sizeof_ds;
+        const char *name;
-        /* the size of one pointer-typed field in the DS structure in bytes;
+        /* the size of one pointer-typed field in the DS structure and
-           this covers the first 8 fields related to buffer management. */
+           in the BTS and PEBS buffers in bytes;
+           this covers the first 8 DS fields related to buffer management. */
        unsigned char  sizeof_field;
        /* the size of a BTS/PEBS record in bytes */
        unsigned char  sizeof_rec[2];
+        /* a series of bit-masks to control various features indexed
+         * by enum ds_feature */
+        unsigned long ctl[dsf_ctl_max];
 };
-static struct ds_configuration ds_cfg;
+static DEFINE_PER_CPU(struct ds_configuration, ds_cfg_array);
+#define ds_cfg per_cpu(ds_cfg_array, smp_processor_id())
+#define MAX_SIZEOF_DS (12 * 8)  /* maximal size of a DS configuration */
+#define MAX_SIZEOF_BTS (3 * 8)  /* maximal size of a BTS record */
+#define DS_ALIGNMENT (1 << 3)   /* BTS and PEBS buffer alignment */
+#define BTS_CONTROL \
+ (ds_cfg.ctl[dsf_bts] | ds_cfg.ctl[dsf_bts_kernel] | ds_cfg.ctl[dsf_bts_user] |\
+  ds_cfg.ctl[dsf_bts_overflow])
+/*
+ * A BTS or PEBS tracer.
+ *
+ * This holds the configuration of the tracer and serves as a handle
+ * to identify tracers.
+ */
+struct ds_tracer {
+        /* the DS context (partially) owned by this tracer */
+        struct ds_context *context;
+        /* the buffer provided on ds_request() and its size in bytes */
+        void *buffer;
+        size_t size;
+};
+struct bts_tracer {
+        /* the common DS part */
+        struct ds_tracer ds;
+        /* the trace including the DS configuration */
+        struct bts_trace trace;
+        /* buffer overflow notification function */
+        bts_ovfl_callback_t ovfl;
+};
+struct pebs_tracer {
+        /* the common DS part */
+        struct ds_tracer ds;
+        /* the trace including the DS configuration */
+        struct pebs_trace trace;
+        /* buffer overflow notification function */
+        pebs_ovfl_callback_t ovfl;
+};
 /*
 * Debug Store (DS) save area configuration (see Intel64 and IA32
@@ -109,32 +155,9 @@ static inline void ds_set(unsigned char *base, enum ds_qualifier qual,
 /*
- * Locking is done only for allocating BTS or PEBS resources and for
+ * Locking is done only for allocating BTS or PEBS resources.
- * guarding context and buffer memory allocation.
- *
- * Most functions require the current task to own the ds context part
- * they are going to access. All the locking is done when validating
- * access to the context.
 */
-static spinlock_t ds_lock = __SPIN_LOCK_UNLOCKED(ds_lock);
+static DEFINE_SPINLOCK(ds_lock);
-/*
- * Validate that the current task is allowed to access the BTS/PEBS
- * buffer of the parameter task.
- *
- * Returns 0, if access is granted; -Eerrno, otherwise.
- */
-static inline int ds_validate_access(struct ds_context *context,
-                                     enum ds_qualifier qual)
-{
-        if (!context)
-                return -EPERM;
-        if (context->owner[qual] == current)
-                return 0;
-        return -EPERM;
-}
 /*
@@ -150,27 +173,32 @@ static inline int ds_validate_access(struct ds_context *context,
 *   >0  number of per-thread tracers
 *   <0  number of per-cpu tracers
 *
- * The below functions to get and put tracers and to check the
- * allocation type require the ds_lock to be held by the caller.
- *
 * Tracers essentially gives the number of ds contexts for a certain
 * type of allocation.
 */
-static long tracers;
+static atomic_t tracers = ATOMIC_INIT(0);
 static inline void get_tracer(struct task_struct *task)
 {
-        tracers += (task ? 1 : -1);
+        if (task)
+                atomic_inc(&tracers);
+        else
+                atomic_dec(&tracers);
 }
 static inline void put_tracer(struct task_struct *task)
 {
-        tracers -= (task ? 1 : -1);
+        if (task)
+                atomic_dec(&tracers);
+        else
+                atomic_inc(&tracers);
 }
 static inline int check_tracer(struct task_struct *task)
 {
-        return (task ? (tracers >= 0) : (tracers <= 0));
+        return task ?
+                (atomic_read(&tracers) >= 0) :
+                (atomic_read(&tracers) <= 0);
 }
@@ -183,99 +211,70 @@ static inline int check_tracer(struct task_struct *task)
 *
 * Contexts are use-counted. They are allocated on first access and
 * deallocated when the last user puts the context.
- *
- * We distinguish between an allocating and a non-allocating get of a
- * context:
- * - the allocating get is used for requesting BTS/PEBS resources. It
- *   requires the caller to hold the global ds_lock.
- * - the non-allocating get is used for all other cases. A
- *   non-existing context indicates an error. It acquires and releases
- *   the ds_lock itself for obtaining the context.
- *
- * A context and its DS configuration are allocated and deallocated
- * together. A context always has a DS configuration of the
- * appropriate size.
 */
-static DEFINE_PER_CPU(struct ds_context *, system_context);
+struct ds_context {
+        /* pointer to the DS configuration; goes into MSR_IA32_DS_AREA */
-#define this_system_context per_cpu(system_context, smp_processor_id())
+        unsigned char ds[MAX_SIZEOF_DS];
+        /* the owner of the BTS and PEBS configuration, respectively */
-/*
+        struct bts_tracer *bts_master;
- * Returns the pointer to the parameter task's context or to the
+        struct pebs_tracer *pebs_master;
- * system-wide context, if task is NULL.
+        /* use count */
- *
+        unsigned long count;
- * Increases the use count of the returned context, if not NULL.
+        /* a pointer to the context location inside the thread_struct
- */
+         * or the per_cpu context array */
-static inline struct ds_context *ds_get_context(struct task_struct *task)
+        struct ds_context **this;
-{
+        /* a pointer to the task owning this context, or NULL, if the
-        struct ds_context *context;
+         * context is owned by a cpu */
-        unsigned long irq;
+        struct task_struct *task;
+};
-        spin_lock_irqsave(&ds_lock, irq);
+static DEFINE_PER_CPU(struct ds_context *, system_context_array);
-        context = (task ? task->thread.ds_ctx : this_system_context);
+#define system_context per_cpu(system_context_array, smp_processor_id())
-        if (context)
-                context->count++;
-        spin_unlock_irqrestore(&ds_lock, irq);
-        return context;
-}
-/*
+static inline struct ds_context *ds_get_context(struct task_struct *task)
- * Same as ds_get_context, but allocates the context and it's DS
- * structure, if necessary; returns NULL; if out of memory.
- */
-static inline struct ds_context *ds_alloc_context(struct task_struct *task)
 {
        struct ds_context **p_context =
-                (task ? &task->thread.ds_ctx : &this_system_context);
+                (task ? &task->thread.ds_ctx : &system_context);
-        struct ds_context *context = *p_context;
+        struct ds_context *context = NULL;
+        struct ds_context *new_context = NULL;
        unsigned long irq;
-        if (!context) {
+        /* Chances are small that we already have a context. */
-                context = kzalloc(sizeof(*context), GFP_KERNEL);
+        new_context = kzalloc(sizeof(*new_context), GFP_KERNEL);
-                if (!context)
+        if (!new_context)
-                        return NULL;
+                return NULL;
-                context->ds = kzalloc(ds_cfg.sizeof_ds, GFP_KERNEL);
-                if (!context->ds) {
-                        kfree(context);
-                        return NULL;
-                }
-                spin_lock_irqsave(&ds_lock, irq);
+        spin_lock_irqsave(&ds_lock, irq);
-                if (*p_context) {
+        context = *p_context;
-                        kfree(context->ds);
+        if (!context) {
-                        kfree(context);
+                context = new_context;
-                        context = *p_context;
+                context->this = p_context;
-                } else {
+                context->task = task;
-                        *p_context = context;
+                context->count = 0;
-                        context->this = p_context;
+                if (task)
-                        context->task = task;
+                        set_tsk_thread_flag(task, TIF_DS_AREA_MSR);
-                        if (task)
+                if (!task || (task == current))
-                                set_tsk_thread_flag(task, TIF_DS_AREA_MSR);
+                        wrmsrl(MSR_IA32_DS_AREA, (unsigned long)context->ds);
-                        if (!task || (task == current))
+                *p_context = context;
-                                wrmsrl(MSR_IA32_DS_AREA,
-                                       (unsigned long)context->ds);
-                }
-                spin_unlock_irqrestore(&ds_lock, irq);
        }
        context->count++;
+        spin_unlock_irqrestore(&ds_lock, irq);
+        if (context != new_context)
+                kfree(new_context);
        return context;
 }
-/*
- * Decreases the use count of the parameter context, if not NULL.
- * Deallocates the context, if the use count reaches zero.
- */
 static inline void ds_put_context(struct ds_context *context)
 {
        unsigned long irq;
@@ -285,8 +284,10 @@ static inline void ds_put_context(struct ds_context *context)
        spin_lock_irqsave(&ds_lock, irq);
-        if (--context->count)
+        if (--context->count) {
-                goto out;
+                spin_unlock_irqrestore(&ds_lock, irq);
+                return;
+        }
        *(context->this) = NULL;
@@ -296,135 +297,263 @@ static inline void ds_put_context(struct ds_context *context)
        if (!context->task || (context->task == current))
                wrmsrl(MSR_IA32_DS_AREA, 0);
-        put_tracer(context->task);
+        spin_unlock_irqrestore(&ds_lock, irq);
-        /* free any leftover buffers from tracers that did not
-         * deallocate them properly. */
-        kfree(context->buffer[ds_bts]);
-        kfree(context->buffer[ds_pebs]);
-        kfree(context->ds);
        kfree(context);
- out:
-        spin_unlock_irqrestore(&ds_lock, irq);
 }
 /*
- * Handle a buffer overflow
+ * Call the tracer's callback on a buffer overflow.
 *
- * task: the task whose buffers are overflowing;
- *       NULL for a buffer overflow on the current cpu
 * context: the ds context
 * qual: the buffer type
 */
-static void ds_overflow(struct task_struct *task, struct ds_context *context,
+static void ds_overflow(struct ds_context *context, enum ds_qualifier qual)
-                        enum ds_qualifier qual)
 {
-        if (!context)
+        switch (qual) {
-                return;
+        case ds_bts:
+                if (context->bts_master &&
-        if (context->callback[qual])
+                    context->bts_master->ovfl)
-                (*context->callback[qual])(task);
+                        context->bts_master->ovfl(context->bts_master);
+                break;
-        /* todo: do some more overflow handling */
+        case ds_pebs:
+                if (context->pebs_master &&
+                    context->pebs_master->ovfl)
+                        context->pebs_master->ovfl(context->pebs_master);
+                break;
+        }
 }
 /*
- * Allocate a non-pageable buffer of the parameter size.
+ * Write raw data into the BTS or PEBS buffer.
- * Checks the memory and the locked memory rlimit.
 *
- * Returns the buffer, if successful;
+ * The remainder of any partially written record is zeroed out.
- *         NULL, if out of memory or rlimit exceeded.
 *
- * size: the requested buffer size in bytes
+ * context: the DS context
- * pages (out): if not NULL, contains the number of pages reserved
+ * qual: the buffer type
+ * record: the data to write
+ * size: the size of the data
 */
-static inline void *ds_allocate_buffer(size_t size, unsigned int *pages)
+static int ds_write(struct ds_context *context, enum ds_qualifier qual,
+                    const void *record, size_t size)
 {
-        unsigned long rlim, vm, pgsz;
+        int bytes_written = 0;
-        void *buffer;
-        pgsz = PAGE_ALIGN(size) >> PAGE_SHIFT;
+        if (!record)
+                return -EINVAL;
-        rlim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
+        while (size) {
-        vm   = current->mm->total_vm  + pgsz;
+                unsigned long base, index, end, write_end, int_th;
-        if (rlim < vm)
+                unsigned long write_size, adj_write_size;
-                return NULL;
-        rlim = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
+                /*
-        vm   = current->mm->locked_vm  + pgsz;
+                 * write as much as possible without producing an
-        if (rlim < vm)
+                 * overflow interrupt.
-                return NULL;
+                 *
+                 * interrupt_threshold must either be
+                 * - bigger than absolute_maximum or
+                 * - point to a record between buffer_base and absolute_maximum
+                 *
+                 * index points to a valid record.
+                 */
+                base   = ds_get(context->ds, qual, ds_buffer_base);
+                index  = ds_get(context->ds, qual, ds_index);
+                end    = ds_get(context->ds, qual, ds_absolute_maximum);
+                int_th = ds_get(context->ds, qual, ds_interrupt_threshold);
-        buffer = kzalloc(size, GFP_KERNEL);
+                write_end = min(end, int_th);
-        if (!buffer)
-                return NULL;
-        current->mm->total_vm  += pgsz;
+                /* if we are already beyond the interrupt threshold,
-        current->mm->locked_vm += pgsz;
+                 * we fill the entire buffer */
+                if (write_end <= index)
+                        write_end = end;
-        if (pages)
+                if (write_end <= index)
-                *pages = pgsz;
+                        break;
+                write_size = min((unsigned long) size, write_end - index);
+                memcpy((void *)index, record, write_size);
+                record = (const char *)record + write_size;
+                size -= write_size;
+                bytes_written += write_size;
+                adj_write_size = write_size / ds_cfg.sizeof_rec[qual];
+                adj_write_size *= ds_cfg.sizeof_rec[qual];
-        return buffer;
+                /* zero out trailing bytes */
+                memset((char *)index + write_size, 0,
+                       adj_write_size - write_size);
+                index += adj_write_size;
+                if (index >= end)
+                        index = base;
+                ds_set(context->ds, qual, ds_index, index);
+                if (index >= int_th)
+                        ds_overflow(context, qual);
+        }
+        return bytes_written;
 }
-static int ds_request(struct task_struct *task, void *base, size_t size,
-                      ds_ovfl_callback_t ovfl, enum ds_qualifier qual)
+/*
+ * Branch Trace Store (BTS) uses the following format. Different
+ * architectures vary in the size of those fields.
+ * - source linear address
+ * - destination linear address
+ * - flags
+ *
+ * Later architectures use 64bit pointers throughout, whereas earlier
+ * architectures use 32bit pointers in 32bit mode.
+ *
+ * We compute the base address for the first 8 fields based on:
+ * - the field size stored in the DS configuration
+ * - the relative field position
+ *
+ * In order to store additional information in the BTS buffer, we use
+ * a special source address to indicate that the record requires
+ * special interpretation.
+ *
+ * Netburst indicated via a bit in the flags field whether the branch
+ * was predicted; this is ignored.
+ *
+ * We use two levels of abstraction:
+ * - the raw data level defined here
+ * - an arch-independent level defined in ds.h
+ */
+enum bts_field {
+        bts_from,
+        bts_to,
+        bts_flags,
+        bts_qual = bts_from,
+        bts_jiffies = bts_to,
+        bts_pid = bts_flags,
+        bts_qual_mask = (bts_qual_max - 1),
+        bts_escape = ((unsigned long)-1 & ~bts_qual_mask)
+};
+static inline unsigned long bts_get(const char *base, enum bts_field field)
 {
-        struct ds_context *context;
+        base += (ds_cfg.sizeof_field * field);
-        unsigned long buffer, adj;
+        return *(unsigned long *)base;
-        const unsigned long alignment = (1 << 3);
+}
-        unsigned long irq;
-        int error = 0;
-        if (!ds_cfg.sizeof_ds)
+static inline void bts_set(char *base, enum bts_field field, unsigned long val)
-                return -EOPNOTSUPP;
+{
+        base += (ds_cfg.sizeof_field * field);;
+        (*(unsigned long *)base) = val;
+}
-        /* we require some space to do alignment adjustments below */
-        if (size < (alignment + ds_cfg.sizeof_rec[qual]))
+/*
+ * The raw BTS data is architecture dependent.
+ *
+ * For higher-level users, we give an arch-independent view.
+ * - ds.h defines struct bts_struct
+ * - bts_read translates one raw bts record into a bts_struct
+ * - bts_write translates one bts_struct into the raw format and
+ *   writes it into the top of the parameter tracer's buffer.
+ *
+ * return: bytes read/written on success; -Eerrno, otherwise
+ */
+static int bts_read(struct bts_tracer *tracer, const void *at,
+                    struct bts_struct *out)
+{
+        if (!tracer)
                return -EINVAL;
-        /* buffer overflow notification is not yet implemented */
+        if (at < tracer->trace.ds.begin)
-        if (ovfl)
+                return -EINVAL;
-                return -EOPNOTSUPP;
+        if (tracer->trace.ds.end < (at + tracer->trace.ds.size))
+                return -EINVAL;
-        context = ds_alloc_context(task);
+        memset(out, 0, sizeof(*out));
-        if (!context)
+        if ((bts_get(at, bts_qual) & ~bts_qual_mask) == bts_escape) {
-                return -ENOMEM;
+                out->qualifier = (bts_get(at, bts_qual) & bts_qual_mask);
+                out->variant.timestamp.jiffies = bts_get(at, bts_jiffies);
+                out->variant.timestamp.pid = bts_get(at, bts_pid);
+        } else {
+                out->qualifier = bts_branch;
+                out->variant.lbr.from = bts_get(at, bts_from);
+                out->variant.lbr.to   = bts_get(at, bts_to);
+                if (!out->variant.lbr.from && !out->variant.lbr.to)
+                        out->qualifier = bts_invalid;
+        }
-        spin_lock_irqsave(&ds_lock, irq);
+        return ds_cfg.sizeof_rec[ds_bts];
+}
-        error = -EPERM;
+static int bts_write(struct bts_tracer *tracer, const struct bts_struct *in)
-        if (!check_tracer(task))
+{
-                goto out_unlock;
+        unsigned char raw[MAX_SIZEOF_BTS];
-        get_tracer(task);
+        if (!tracer)
+                return -EINVAL;
-        error = -EALREADY;
+        if (MAX_SIZEOF_BTS < ds_cfg.sizeof_rec[ds_bts])
-        if (context->owner[qual] == current)
+                return -EOVERFLOW;
-                goto out_put_tracer;
-        error = -EPERM;
-        if (context->owner[qual] != NULL)
-                goto out_put_tracer;
-        context->owner[qual] = current;
-        spin_unlock_irqrestore(&ds_lock, irq);
+        switch (in->qualifier) {
+        case bts_invalid:
+                bts_set(raw, bts_from, 0);
+                bts_set(raw, bts_to, 0);
+                bts_set(raw, bts_flags, 0);
+                break;
+        case bts_branch:
+                bts_set(raw, bts_from, in->variant.lbr.from);
+                bts_set(raw, bts_to,   in->variant.lbr.to);
+                bts_set(raw, bts_flags, 0);
+                break;
+        case bts_task_arrives:
+        case bts_task_departs:
+                bts_set(raw, bts_qual, (bts_escape | in->qualifier));
+                bts_set(raw, bts_jiffies, in->variant.timestamp.jiffies);
+                bts_set(raw, bts_pid, in->variant.timestamp.pid);
+                break;
+        default:
+                return -EINVAL;
+        }
+        return ds_write(tracer->ds.context, ds_bts, raw,
+                        ds_cfg.sizeof_rec[ds_bts]);
+}
-        error = -ENOMEM;
-        if (!base) {
-                base = ds_allocate_buffer(size, &context->pages[qual]);
-                if (!base)
-                        goto out_release;
-                context->buffer[qual]   = base;
+static void ds_write_config(struct ds_context *context,
-        }
+                            struct ds_trace *cfg, enum ds_qualifier qual)
-        error = 0;
+{
+        unsigned char *ds = context->ds;
-        context->callback[qual] = ovfl;
+        ds_set(ds, qual, ds_buffer_base, (unsigned long)cfg->begin);
+        ds_set(ds, qual, ds_index, (unsigned long)cfg->top);
+        ds_set(ds, qual, ds_absolute_maximum, (unsigned long)cfg->end);
+        ds_set(ds, qual, ds_interrupt_threshold, (unsigned long)cfg->ith);
+}
+static void ds_read_config(struct ds_context *context,
+                           struct ds_trace *cfg, enum ds_qualifier qual)
+{
+        unsigned char *ds = context->ds;
+        cfg->begin = (void *)ds_get(ds, qual, ds_buffer_base);
+        cfg->top = (void *)ds_get(ds, qual, ds_index);
+        cfg->end = (void *)ds_get(ds, qual, ds_absolute_maximum);
+        cfg->ith = (void *)ds_get(ds, qual, ds_interrupt_threshold);
+}
+static void ds_init_ds_trace(struct ds_trace *trace, enum ds_qualifier qual,
+                             void *base, size_t size, size_t ith,
+                             unsigned int flags) {
+        unsigned long buffer, adj;
        /* adjust the buffer address and size to meet alignment
         * constraints:
@@ -436,410 +565,383 @@ static int ds_request(struct task_struct *task, void *base, size_t size,
         */
        buffer = (unsigned long)base;
-        adj = ALIGN(buffer, alignment) - buffer;
+        adj = ALIGN(buffer, DS_ALIGNMENT) - buffer;
        buffer += adj;
        size   -= adj;
-        size /= ds_cfg.sizeof_rec[qual];
+        trace->n = size / ds_cfg.sizeof_rec[qual];
-        size *= ds_cfg.sizeof_rec[qual];
+        trace->size = ds_cfg.sizeof_rec[qual];
-        ds_set(context->ds, qual, ds_buffer_base, buffer);
-        ds_set(context->ds, qual, ds_index, buffer);
-        ds_set(context->ds, qual, ds_absolute_maximum, buffer + size);
-        if (ovfl) {
-                /* todo: select a suitable interrupt threshold */
-        } else
-                ds_set(context->ds, qual,
-                       ds_interrupt_threshold, buffer + size + 1);
-        /* we keep the context until ds_release */
+        size = (trace->n * trace->size);
-        return error;
- out_release:
-        context->owner[qual] = NULL;
-        ds_put_context(context);
-        put_tracer(task);
-        return error;
- out_put_tracer:
+        trace->begin = (void *)buffer;
-        spin_unlock_irqrestore(&ds_lock, irq);
+        trace->top = trace->begin;
-        ds_put_context(context);
+        trace->end = (void *)(buffer + size);
-        put_tracer(task);
+        /* The value for 'no threshold' is -1, which will set the
-        return error;
+         * threshold outside of the buffer, just like we want it.
+         */
+        trace->ith = (void *)(buffer + size - ith);
- out_unlock:
+        trace->flags = flags;
-        spin_unlock_irqrestore(&ds_lock, irq);
-        ds_put_context(context);
-        return error;
 }
-int ds_request_bts(struct task_struct *task, void *base, size_t size,
-                   ds_ovfl_callback_t ovfl)
-{
-        return ds_request(task, base, size, ovfl, ds_bts);
-}
-int ds_request_pebs(struct task_struct *task, void *base, size_t size,
+static int ds_request(struct ds_tracer *tracer, struct ds_trace *trace,
-                    ds_ovfl_callback_t ovfl)
+                      enum ds_qualifier qual, struct task_struct *task,
-{
+                      void *base, size_t size, size_t th, unsigned int flags)
-        return ds_request(task, base, size, ovfl, ds_pebs);
-}
-static int ds_release(struct task_struct *task, enum ds_qualifier qual)
 {
        struct ds_context *context;
        int error;
-        context = ds_get_context(task);
+        error = -EINVAL;
-        error = ds_validate_access(context, qual);
+        if (!base)
-        if (error < 0)
                goto out;
-        kfree(context->buffer[qual]);
+        /* we require some space to do alignment adjustments below */
-        context->buffer[qual] = NULL;
+        error = -EINVAL;
+        if (size < (DS_ALIGNMENT + ds_cfg.sizeof_rec[qual]))
-        current->mm->total_vm  -= context->pages[qual];
+                goto out;
-        current->mm->locked_vm -= context->pages[qual];
-        context->pages[qual] = 0;
-        context->owner[qual] = NULL;
-        /*
-         * we put the context twice:
-         *   once for the ds_get_context
-         *   once for the corresponding ds_request
-         */
-        ds_put_context(context);
- out:
-        ds_put_context(context);
-        return error;
-}
-int ds_release_bts(struct task_struct *task)
+        if (th != (size_t)-1) {
-{
+                th *= ds_cfg.sizeof_rec[qual];
-        return ds_release(task, ds_bts);
-}
-int ds_release_pebs(struct task_struct *task)
+                error = -EINVAL;
-{
+                if (size <= th)
-        return ds_release(task, ds_pebs);
+                        goto out;
-}
+        }
-static int ds_get_index(struct task_struct *task, size_t *pos,
+        tracer->buffer = base;
-                        enum ds_qualifier qual)
+        tracer->size = size;
-{
-        struct ds_context *context;
-        unsigned long base, index;
-        int error;
+        error = -ENOMEM;
        context = ds_get_context(task);
-        error = ds_validate_access(context, qual);
+        if (!context)
-        if (error < 0)
                goto out;
+        tracer->context = context;
-        base  = ds_get(context->ds, qual, ds_buffer_base);
+        ds_init_ds_trace(trace, qual, base, size, th, flags);
-        index = ds_get(context->ds, qual, ds_index);
-        error = ((index - base) / ds_cfg.sizeof_rec[qual]);
+        error = 0;
-        if (pos)
-                *pos = error;
 out:
-        ds_put_context(context);
        return error;
 }
-int ds_get_bts_index(struct task_struct *task, size_t *pos)
+struct bts_tracer *ds_request_bts(struct task_struct *task,
-{
+                                  void *base, size_t size,
-        return ds_get_index(task, pos, ds_bts);
+                                  bts_ovfl_callback_t ovfl, size_t th,
-}
+                                  unsigned int flags)
-int ds_get_pebs_index(struct task_struct *task, size_t *pos)
-{
-        return ds_get_index(task, pos, ds_pebs);
-}
-static int ds_get_end(struct task_struct *task, size_t *pos,
-                      enum ds_qualifier qual)
 {
-        struct ds_context *context;
+        struct bts_tracer *tracer;
-        unsigned long base, end;
+        unsigned long irq;
        int error;
-        context = ds_get_context(task);
+        error = -EOPNOTSUPP;
-        error = ds_validate_access(context, qual);
+        if (!ds_cfg.ctl[dsf_bts])
-        if (error < 0)
                goto out;
-        base = ds_get(context->ds, qual, ds_buffer_base);
+        /* buffer overflow notification is not yet implemented */
-        end  = ds_get(context->ds, qual, ds_absolute_maximum);
+        error = -EOPNOTSUPP;
+        if (ovfl)
+                goto out;
-        error = ((end - base) / ds_cfg.sizeof_rec[qual]);
+        error = -ENOMEM;
-        if (pos)
+        tracer = kzalloc(sizeof(*tracer), GFP_KERNEL);
-                *pos = error;
+        if (!tracer)
- out:
+                goto out;
-        ds_put_context(context);
+        tracer->ovfl = ovfl;
-        return error;
-}
-int ds_get_bts_end(struct task_struct *task, size_t *pos)
+        error = ds_request(&tracer->ds, &tracer->trace.ds,
-{
+                           ds_bts, task, base, size, th, flags);
-        return ds_get_end(task, pos, ds_bts);
+        if (error < 0)
-}
+                goto out_tracer;
-int ds_get_pebs_end(struct task_struct *task, size_t *pos)
-{
-        return ds_get_end(task, pos, ds_pebs);
-}
-static int ds_access(struct task_struct *task, size_t index,
+        spin_lock_irqsave(&ds_lock, irq);
-                     const void **record, enum ds_qualifier qual)
-{
-        struct ds_context *context;
-        unsigned long base, idx;
-        int error;
-        if (!record)
+        error = -EPERM;
-                return -EINVAL;
+        if (!check_tracer(task))
+                goto out_unlock;
+        get_tracer(task);
-        context = ds_get_context(task);
+        error = -EPERM;
-        error = ds_validate_access(context, qual);
+        if (tracer->ds.context->bts_master)
-        if (error < 0)
+                goto out_put_tracer;
-                goto out;
+        tracer->ds.context->bts_master = tracer;
-        base = ds_get(context->ds, qual, ds_buffer_base);
+        spin_unlock_irqrestore(&ds_lock, irq);
-        idx = base + (index * ds_cfg.sizeof_rec[qual]);
-        error = -EINVAL;
-        if (idx > ds_get(context->ds, qual, ds_absolute_maximum))
-                goto out;
-        *record = (const void *)idx;
+        tracer->trace.read  = bts_read;
-        error = ds_cfg.sizeof_rec[qual];
+        tracer->trace.write = bts_write;
- out:
-        ds_put_context(context);
-        return error;
-}
-int ds_access_bts(struct task_struct *task, size_t index, const void **record)
+        ds_write_config(tracer->ds.context, &tracer->trace.ds, ds_bts);
-{
+        ds_resume_bts(tracer);
-        return ds_access(task, index, record, ds_bts);
-}
-int ds_access_pebs(struct task_struct *task, size_t index, const void **record)
+        return tracer;
-{
-        return ds_access(task, index, record, ds_pebs);
+ out_put_tracer:
+        put_tracer(task);
+ out_unlock:
+        spin_unlock_irqrestore(&ds_lock, irq);
+        ds_put_context(tracer->ds.context);
+ out_tracer:
+        kfree(tracer);
+ out:
+        return ERR_PTR(error);
 }
-static int ds_write(struct task_struct *task, const void *record, size_t size,
+struct pebs_tracer *ds_request_pebs(struct task_struct *task,
-                    enum ds_qualifier qual, int force)
+                                    void *base, size_t size,
+                                    pebs_ovfl_callback_t ovfl, size_t th,
+                                    unsigned int flags)
 {
-        struct ds_context *context;
+        struct pebs_tracer *tracer;
+        unsigned long irq;
        int error;
-        if (!record)
+        /* buffer overflow notification is not yet implemented */
-                return -EINVAL;
+        error = -EOPNOTSUPP;
+        if (ovfl)
+                goto out;
-        error = -EPERM;
+        error = -ENOMEM;
-        context = ds_get_context(task);
+        tracer = kzalloc(sizeof(*tracer), GFP_KERNEL);
-        if (!context)
+        if (!tracer)
                goto out;
+        tracer->ovfl = ovfl;
-        if (!force) {
+        error = ds_request(&tracer->ds, &tracer->trace.ds,
-                error = ds_validate_access(context, qual);
+                           ds_pebs, task, base, size, th, flags);
-                if (error < 0)
+        if (error < 0)
-                        goto out;
+                goto out_tracer;
-        }
-        error = 0;
+        spin_lock_irqsave(&ds_lock, irq);
-        while (size) {
-                unsigned long base, index, end, write_end, int_th;
-                unsigned long write_size, adj_write_size;
-                /*
+        error = -EPERM;
-                 * write as much as possible without producing an
+        if (!check_tracer(task))
-                 * overflow interrupt.
+                goto out_unlock;
-                 *
+        get_tracer(task);
-                 * interrupt_threshold must either be
-                 * - bigger than absolute_maximum or
-                 * - point to a record between buffer_base and absolute_maximum
-                 *
-                 * index points to a valid record.
-                 */
-                base   = ds_get(context->ds, qual, ds_buffer_base);
-                index  = ds_get(context->ds, qual, ds_index);
-                end    = ds_get(context->ds, qual, ds_absolute_maximum);
-                int_th = ds_get(context->ds, qual, ds_interrupt_threshold);
-                write_end = min(end, int_th);
+        error = -EPERM;
+        if (tracer->ds.context->pebs_master)
+                goto out_put_tracer;
+        tracer->ds.context->pebs_master = tracer;
-                /* if we are already beyond the interrupt threshold,
+        spin_unlock_irqrestore(&ds_lock, irq);
-                 * we fill the entire buffer */
-                if (write_end <= index)
-                        write_end = end;
-                if (write_end <= index)
+        ds_write_config(tracer->ds.context, &tracer->trace.ds, ds_bts);
-                        goto out;
+        ds_resume_pebs(tracer);
-                write_size = min((unsigned long) size, write_end - index);
+        return tracer;
-                memcpy((void *)index, record, write_size);
-                record = (const char *)record + write_size;
+ out_put_tracer:
-                size  -= write_size;
+        put_tracer(task);
-                error += write_size;
+ out_unlock:
+        spin_unlock_irqrestore(&ds_lock, irq);
+        ds_put_context(tracer->ds.context);
+ out_tracer:
+        kfree(tracer);
+ out:
+        return ERR_PTR(error);
+}
-                adj_write_size = write_size / ds_cfg.sizeof_rec[qual];
+void ds_release_bts(struct bts_tracer *tracer)
-                adj_write_size *= ds_cfg.sizeof_rec[qual];
+{
+        if (!tracer)
+                return;
-                /* zero out trailing bytes */
+        ds_suspend_bts(tracer);
-                memset((char *)index + write_size, 0,
-                       adj_write_size - write_size);
-                index += adj_write_size;
-                if (index >= end)
+        WARN_ON_ONCE(tracer->ds.context->bts_master != tracer);
-                        index = base;
+        tracer->ds.context->bts_master = NULL;
-                ds_set(context->ds, qual, ds_index, index);
-                if (index >= int_th)
+        put_tracer(tracer->ds.context->task);
-                        ds_overflow(task, context, qual);
+        ds_put_context(tracer->ds.context);
-        }
- out:
+        kfree(tracer);
-        ds_put_context(context);
-        return error;
 }
-int ds_write_bts(struct task_struct *task, const void *record, size_t size)
+void ds_suspend_bts(struct bts_tracer *tracer)
 {
-        return ds_write(task, record, size, ds_bts, /* force = */ 0);
+        struct task_struct *task;
-}
-int ds_write_pebs(struct task_struct *task, const void *record, size_t size)
+        if (!tracer)
-{
+                return;
-        return ds_write(task, record, size, ds_pebs, /* force = */ 0);
-}
-int ds_unchecked_write_bts(struct task_struct *task,
+        task = tracer->ds.context->task;
-                           const void *record, size_t size)
-{
-        return ds_write(task, record, size, ds_bts, /* force = */ 1);
-}
-int ds_unchecked_write_pebs(struct task_struct *task,
+        if (!task || (task == current))
-                            const void *record, size_t size)
+                update_debugctlmsr(get_debugctlmsr() & ~BTS_CONTROL);
-{
-        return ds_write(task, record, size, ds_pebs, /* force = */ 1);
+        if (task) {
+                task->thread.debugctlmsr &= ~BTS_CONTROL;
+                if (!task->thread.debugctlmsr)
+                        clear_tsk_thread_flag(task, TIF_DEBUGCTLMSR);
+        }
 }
-static int ds_reset_or_clear(struct task_struct *task,
+void ds_resume_bts(struct bts_tracer *tracer)
-                             enum ds_qualifier qual, int clear)
 {
-        struct ds_context *context;
+        struct task_struct *task;
-        unsigned long base, end;
+        unsigned long control;
-        int error;
-        context = ds_get_context(task);
+        if (!tracer)
-        error = ds_validate_access(context, qual);
+                return;
-        if (error < 0)
-                goto out;
-        base = ds_get(context->ds, qual, ds_buffer_base);
+        task = tracer->ds.context->task;
-        end  = ds_get(context->ds, qual, ds_absolute_maximum);
-        if (clear)
+        control = ds_cfg.ctl[dsf_bts];
-                memset((void *)base, 0, end - base);
+        if (!(tracer->trace.ds.flags & BTS_KERNEL))
+                control |= ds_cfg.ctl[dsf_bts_kernel];
+        if (!(tracer->trace.ds.flags & BTS_USER))
+                control |= ds_cfg.ctl[dsf_bts_user];
-        ds_set(context->ds, qual, ds_index, base);
+        if (task) {
+                task->thread.debugctlmsr |= control;
+                set_tsk_thread_flag(task, TIF_DEBUGCTLMSR);
+        }
-        error = 0;
+        if (!task || (task == current))
- out:
+                update_debugctlmsr(get_debugctlmsr() | control);
-        ds_put_context(context);
-        return error;
 }
-int ds_reset_bts(struct task_struct *task)
+void ds_release_pebs(struct pebs_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_bts, /* clear = */ 0);
+        if (!tracer)
+                return;
+        ds_suspend_pebs(tracer);
+        WARN_ON_ONCE(tracer->ds.context->pebs_master != tracer);
+        tracer->ds.context->pebs_master = NULL;
+        put_tracer(tracer->ds.context->task);
+        ds_put_context(tracer->ds.context);
+        kfree(tracer);
 }
-int ds_reset_pebs(struct task_struct *task)
+void ds_suspend_pebs(struct pebs_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 0);
 }
-int ds_clear_bts(struct task_struct *task)
+void ds_resume_pebs(struct pebs_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_bts, /* clear = */ 1);
 }
-int ds_clear_pebs(struct task_struct *task)
+const struct bts_trace *ds_read_bts(struct bts_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 1);
+        if (!tracer)
+                return NULL;
+        ds_read_config(tracer->ds.context, &tracer->trace.ds, ds_bts);
+        return &tracer->trace;
 }
-int ds_get_pebs_reset(struct task_struct *task, u64 *value)
+const struct pebs_trace *ds_read_pebs(struct pebs_tracer *tracer)
 {
-        struct ds_context *context;
+        if (!tracer)
-        int error;
+                return NULL;
-        if (!value)
+        ds_read_config(tracer->ds.context, &tracer->trace.ds, ds_pebs);
+        tracer->trace.reset_value =
+                *(u64 *)(tracer->ds.context->ds + (ds_cfg.sizeof_field * 8));
+        return &tracer->trace;
+}
+int ds_reset_bts(struct bts_tracer *tracer)
+{
+        if (!tracer)
                return -EINVAL;
-        context = ds_get_context(task);
+        tracer->trace.ds.top = tracer->trace.ds.begin;
-        error = ds_validate_access(context, ds_pebs);
-        if (error < 0)
-                goto out;
-        *value = *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8));
+        ds_set(tracer->ds.context->ds, ds_bts, ds_index,
+               (unsigned long)tracer->trace.ds.top);
-        error = 0;
+        return 0;
- out:
-        ds_put_context(context);
-        return error;
 }
-int ds_set_pebs_reset(struct task_struct *task, u64 value)
+int ds_reset_pebs(struct pebs_tracer *tracer)
 {
-        struct ds_context *context;
+        if (!tracer)
-        int error;
+                return -EINVAL;
-        context = ds_get_context(task);
+        tracer->trace.ds.top = tracer->trace.ds.begin;
-        error = ds_validate_access(context, ds_pebs);
-        if (error < 0)
-                goto out;
-        *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8)) = value;
+        ds_set(tracer->ds.context->ds, ds_bts, ds_index,
+               (unsigned long)tracer->trace.ds.top);
-        error = 0;
+        return 0;
- out:
+}
-        ds_put_context(context);
-        return error;
+int ds_set_pebs_reset(struct pebs_tracer *tracer, u64 value)
+{
+        if (!tracer)
+                return -EINVAL;
+        *(u64 *)(tracer->ds.context->ds + (ds_cfg.sizeof_field * 8)) = value;
+        return 0;
 }
-static const struct ds_configuration ds_cfg_var = {
+static const struct ds_configuration ds_cfg_netburst = {
-        .sizeof_ds    = sizeof(long) * 12,
+        .name = "netburst",
-        .sizeof_field = sizeof(long),
+        .ctl[dsf_bts]           = (1 << 2) | (1 << 3),
-        .sizeof_rec[ds_bts]   = sizeof(long) * 3,
+        .ctl[dsf_bts_kernel]    = (1 << 5),
+        .ctl[dsf_bts_user]      = (1 << 6),
+        .sizeof_field           = sizeof(long),
+        .sizeof_rec[ds_bts]     = sizeof(long) * 3,
 #ifdef __i386__
-        .sizeof_rec[ds_pebs]  = sizeof(long) * 10
+        .sizeof_rec[ds_pebs]    = sizeof(long) * 10,
 #else
-        .sizeof_rec[ds_pebs]  = sizeof(long) * 18
+        .sizeof_rec[ds_pebs]    = sizeof(long) * 18,
 #endif
 };
-static const struct ds_configuration ds_cfg_64 = {
+static const struct ds_configuration ds_cfg_pentium_m = {
-        .sizeof_ds    = 8 * 12,
+        .name = "pentium m",
-        .sizeof_field = 8,
+        .ctl[dsf_bts]           = (1 << 6) | (1 << 7),
-        .sizeof_rec[ds_bts]   = 8 * 3,
+        .sizeof_field           = sizeof(long),
+        .sizeof_rec[ds_bts]     = sizeof(long) * 3,
 #ifdef __i386__
-        .sizeof_rec[ds_pebs]  = 8 * 10
+        .sizeof_rec[ds_pebs]    = sizeof(long) * 10,
 #else
-        .sizeof_rec[ds_pebs]  = 8 * 18
+        .sizeof_rec[ds_pebs]    = sizeof(long) * 18,
 #endif
 };
+static const struct ds_configuration ds_cfg_core2 = {
+        .name = "core 2",
+        .ctl[dsf_bts]           = (1 << 6) | (1 << 7),
+        .ctl[dsf_bts_kernel]    = (1 << 9),
+        .ctl[dsf_bts_user]      = (1 << 10),
+        .sizeof_field           = 8,
+        .sizeof_rec[ds_bts]     = 8 * 3,
+        .sizeof_rec[ds_pebs]    = 8 * 18,
+};
-static inline void
+static void
 ds_configure(const struct ds_configuration *cfg)
 {
+        memset(&ds_cfg, 0, sizeof(ds_cfg));
        ds_cfg = *cfg;
+        printk(KERN_INFO "[ds] using %s configuration\n", ds_cfg.name);
+        if (!cpu_has_bts) {
+                ds_cfg.ctl[dsf_bts] = 0;
+                printk(KERN_INFO "[ds] bts not available\n");
+        }
+        if (!cpu_has_pebs)
+                printk(KERN_INFO "[ds] pebs not available\n");
+        WARN_ON_ONCE(MAX_SIZEOF_DS < (12 * ds_cfg.sizeof_field));
 }
 void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
@@ -847,16 +949,15 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
        switch (c->x86) {
        case 0x6:
                switch (c->x86_model) {
+                case 0 ... 0xC:
+                        /* sorry, don't know about them */
+                        break;
                case 0xD:
                case 0xE: /* Pentium M */
-                        ds_configure(&ds_cfg_var);
+                        ds_configure(&ds_cfg_pentium_m);
                        break;
-                case 0xF: /* Core2 */
+                default: /* Core2, Atom, ... */
-                case 0x1C: /* Atom */
+                        ds_configure(&ds_cfg_core2);
-                        ds_configure(&ds_cfg_64);
-                        break;
-                default:
-                        /* sorry, don't know about them */
                        break;
                }
                break;
@@ -865,7 +966,7 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
                case 0x0:
                case 0x1:
                case 0x2: /* Netburst */
-                        ds_configure(&ds_cfg_var);
+                        ds_configure(&ds_cfg_netburst);
                        break;
                default:
                        /* sorry, don't know about them */
@@ -878,12 +979,41 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
        }
 }
-void ds_free(struct ds_context *context)
+/*
-{
+ * Change the DS configuration from tracing prev to tracing next.
-        /* This is called when the task owning the parameter context
+ */
-         * is dying. There should not be any user of that context left
+void ds_switch_to(struct task_struct *prev, struct task_struct *next)
-         * to disturb us, anymore. */
+{
-        unsigned long leftovers = context->count;
+        struct ds_context *prev_ctx = prev->thread.ds_ctx;
-        while (leftovers--)
+        struct ds_context *next_ctx = next->thread.ds_ctx;
-                ds_put_context(context);
+        if (prev_ctx) {
+                update_debugctlmsr(0);
+                if (prev_ctx->bts_master &&
+                    (prev_ctx->bts_master->trace.ds.flags & BTS_TIMESTAMPS)) {
+                        struct bts_struct ts = {
+                                .qualifier = bts_task_departs,
+                                .variant.timestamp.jiffies = jiffies_64,
+                                .variant.timestamp.pid = prev->pid
+                        };
+                        bts_write(prev_ctx->bts_master, &ts);
+                }
+        }
+        if (next_ctx) {
+                if (next_ctx->bts_master &&
+                    (next_ctx->bts_master->trace.ds.flags & BTS_TIMESTAMPS)) {
+                        struct bts_struct ts = {
+                                .qualifier = bts_task_arrives,
+                                .variant.timestamp.jiffies = jiffies_64,
+                                .variant.timestamp.pid = next->pid
+                        };
+                        bts_write(next_ctx->bts_master, &ts);
+                }
+                wrmsrl(MSR_IA32_DS_AREA, (unsigned long)next_ctx->ds);
+        }
+        update_debugctlmsr(next->thread.debugctlmsr);
 }
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
new file mode 100644
index 000000000000..6b1f6f6f8661
--- /dev/null
+++ b/arch/x86/kernel/dumpstack.c
@@ -0,0 +1,351 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
+#include <linux/uaccess.h>
+#include <linux/utsname.h>
+#include <linux/hardirq.h>
+#include <linux/kdebug.h>
+#include <linux/module.h>
+#include <linux/ptrace.h>
+#include <linux/kexec.h>
+#include <linux/bug.h>
+#include <linux/nmi.h>
+#include <linux/sysfs.h>
+#include <asm/stacktrace.h>
+#include "dumpstack.h"
+int panic_on_unrecovered_nmi;
+unsigned int code_bytes = 64;
+int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
+static int die_counter;
+void printk_address(unsigned long address, int reliable)
+{
+        printk(" [<%p>] %s%pS\n", (void *) address,
+                        reliable ? "" : "? ", (void *) address);
+}
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+static void
+print_ftrace_graph_addr(unsigned long addr, void *data,
+                        const struct stacktrace_ops *ops,
+                        struct thread_info *tinfo, int *graph)
+{
+        struct task_struct *task = tinfo->task;
+        unsigned long ret_addr;
+        int index = task->curr_ret_stack;
+        if (addr != (unsigned long)return_to_handler)
+                return;
+        if (!task->ret_stack || index < *graph)
+                return;
+        index -= *graph;
+        ret_addr = task->ret_stack[index].ret;
+        ops->address(data, ret_addr, 1);
+        (*graph)++;
+}
+#else
+static inline void
+print_ftrace_graph_addr(unsigned long addr, void *data,
+                        const struct stacktrace_ops *ops,
+                        struct thread_info *tinfo, int *graph)
+{ }
+#endif
+/*
+ * x86-64 can have up to three kernel stacks:
+ * process stack
+ * interrupt stack
+ * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
+ */
+static inline int valid_stack_ptr(struct thread_info *tinfo,
+                        void *p, unsigned int size, void *end)
+{
+        void *t = tinfo;
+        if (end) {
+                if (p < end && p >= (end-THREAD_SIZE))
+                        return 1;
+                else
+                        return 0;
+        }
+        return p > t && p < t + THREAD_SIZE - size;
+}
+unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end, int *graph)
+{
+        struct stack_frame *frame = (struct stack_frame *)bp;
+        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
+                unsigned long addr;
+                addr = *stack;
+                if (__kernel_text_address(addr)) {
+                        if ((unsigned long) stack == bp + sizeof(long)) {
+                                ops->address(data, addr, 1);
+                                frame = frame->next_frame;
+                                bp = (unsigned long) frame;
+                        } else {
+                                ops->address(data, addr, bp == 0);
+                        }
+                        print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
+                }
+                stack++;
+        }
+        return bp;
+}
+static void
+print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
+{
+        printk(data);
+        print_symbol(msg, symbol);
+        printk("\n");
+}
+static void print_trace_warning(void *data, char *msg)
+{
+        printk("%s%s\n", (char *)data, msg);
+}
+static int print_trace_stack(void *data, char *name)
+{
+        printk("%s <%s> ", (char *)data, name);
+        return 0;
+}
+/*
+ * Print one address/symbol entries per line.
+ */
+static void print_trace_address(void *data, unsigned long addr, int reliable)
+{
+        touch_nmi_watchdog();
+        printk(data);
+        printk_address(addr, reliable);
+}
+static const struct stacktrace_ops print_trace_ops = {
+        .warning = print_trace_warning,
+        .warning_symbol = print_trace_warning_symbol,
+        .stack = print_trace_stack,
+        .address = print_trace_address,
+};
+void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl)
+{
+        printk("%sCall Trace:\n", log_lvl);
+        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
+}
+void show_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp)
+{
+        show_trace_log_lvl(task, regs, stack, bp, "");
+}
+void show_stack(struct task_struct *task, unsigned long *sp)
+{
+        show_stack_log_lvl(task, NULL, sp, 0, "");
+}
+/*
+ * The architecture-independent dump_stack generator
+ */
+void dump_stack(void)
+{
+        unsigned long bp = 0;
+        unsigned long stack;
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp)
+                get_bp(bp);
+#endif
+        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+                current->pid, current->comm, print_tainted(),
+                init_utsname()->release,
+                (int)strcspn(init_utsname()->version, " "),
+                init_utsname()->version);
+        show_trace(NULL, NULL, &stack, bp);
+}
+EXPORT_SYMBOL(dump_stack);
+static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static int die_owner = -1;
+static unsigned int die_nest_count;
+unsigned __kprobes long oops_begin(void)
+{
+        int cpu;
+        unsigned long flags;
+        oops_enter();
+        /* racy, but better than risking deadlock. */
+        raw_local_irq_save(flags);
+        cpu = smp_processor_id();
+        if (!__raw_spin_trylock(&die_lock)) {
+                if (cpu == die_owner)
+                        /* nested oops. should stop eventually */;
+                else
+                        __raw_spin_lock(&die_lock);
+        }
+        die_nest_count++;
+        die_owner = cpu;
+        console_verbose();
+        bust_spinlocks(1);
+        return flags;
+}
+void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+{
+        if (regs && kexec_should_crash(current))
+                crash_kexec(regs);
+        bust_spinlocks(0);
+        die_owner = -1;
+        add_taint(TAINT_DIE);
+        die_nest_count--;
+        if (!die_nest_count)
+                /* Nest count reaches zero, release the lock. */
+                __raw_spin_unlock(&die_lock);
+        raw_local_irq_restore(flags);
+        oops_exit();
+        if (!signr)
+                return;
+        if (in_interrupt())
+                panic("Fatal exception in interrupt");
+        if (panic_on_oops)
+                panic("Fatal exception");
+        do_exit(signr);
+}
+int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+{
+#ifdef CONFIG_X86_32
+        unsigned short ss;
+        unsigned long sp;
+#endif
+        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
+#ifdef CONFIG_PREEMPT
+        printk("PREEMPT ");
+#endif
+#ifdef CONFIG_SMP
+        printk("SMP ");
+#endif
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        printk("DEBUG_PAGEALLOC");
+#endif
+        printk("\n");
+        sysfs_printk_last_file();
+        if (notify_die(DIE_OOPS, str, regs, err,
+                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
+                return 1;
+        show_registers(regs);
+#ifdef CONFIG_X86_32
+        sp = (unsigned long) (&regs->sp);
+        savesegment(ss, ss);
+        if (user_mode(regs)) {
+                sp = regs->sp;
+                ss = regs->ss & 0xffff;
+        }
+        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
+        print_symbol("%s", regs->ip);
+        printk(" SS:ESP %04x:%08lx\n", ss, sp);
+#else
+        /* Executive summary in case the oops scrolled away */
+        printk(KERN_ALERT "RIP ");
+        printk_address(regs->ip, 1);
+        printk(" RSP <%016lx>\n", regs->sp);
+#endif
+        return 0;
+}
+/*
+ * This is gone through when something in the kernel has done something bad
+ * and is about to be terminated:
+ */
+void die(const char *str, struct pt_regs *regs, long err)
+{
+        unsigned long flags = oops_begin();
+        int sig = SIGSEGV;
+        if (!user_mode_vm(regs))
+                report_bug(regs->ip, regs);
+        if (__die(str, regs, err))
+                sig = 0;
+        oops_end(flags, regs, sig);
+}
+void notrace __kprobes
+die_nmi(char *str, struct pt_regs *regs, int do_panic)
+{
+        unsigned long flags;
+        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
+                return;
+        /*
+         * We are in trouble anyway, lets at least try
+         * to get a message out.
+         */
+        flags = oops_begin();
+        printk(KERN_EMERG "%s", str);
+        printk(" on CPU%d, ip %08lx, registers:\n",
+                smp_processor_id(), regs->ip);
+        show_registers(regs);
+        oops_end(flags, regs, 0);
+        if (do_panic || panic_on_oops)
+                panic("Non maskable interrupt");
+        nmi_exit();
+        local_irq_enable();
+        do_exit(SIGBUS);
+}
+static int __init oops_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        if (!strcmp(s, "panic"))
+                panic_on_oops = 1;
+        return 0;
+}
+early_param("oops", oops_setup);
+static int __init kstack_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
+        return 0;
+}
+early_param("kstack", kstack_setup);
+static int __init code_bytes_setup(char *s)
+{
+        code_bytes = simple_strtoul(s, NULL, 0);
+        if (code_bytes > 8192)
+                code_bytes = 8192;
+        return 1;
+}
+__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/dumpstack.h b/arch/x86/kernel/dumpstack.h
new file mode 100644
index 000000000000..da87590b8698
--- /dev/null
+++ b/arch/x86/kernel/dumpstack.h
@@ -0,0 +1,39 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#ifndef DUMPSTACK_H
+#define DUMPSTACK_H
+#ifdef CONFIG_X86_32
+#define STACKSLOTS_PER_LINE 8
+#define get_bp(bp) asm("movl %%ebp, %0" : "=r" (bp) :)
+#else
+#define STACKSLOTS_PER_LINE 4
+#define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
+#endif
+extern unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end, int *graph);
+extern void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl);
+extern void
+show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *sp, unsigned long bp, char *log_lvl);
+extern unsigned int code_bytes;
+extern int kstack_depth_to_print;
+/* The form of the top of the frame on the stack */
+struct stack_frame {
+        struct stack_frame *next_frame;
+        unsigned long return_address;
+};
+#endif
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
index b3614752197b..d593cd1f58dc 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -17,69 +17,14 @@
 #include <asm/stacktrace.h>
-#define STACKSLOTS_PER_LINE 8
+#include "dumpstack.h"
-#define get_bp(bp) asm("movl %%ebp, %0" : "=r" (bp) :)
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
-static unsigned int code_bytes = 64;
-static int die_counter;
-void printk_address(unsigned long address, int reliable)
-{
-        printk(" [<%p>] %s%pS\n", (void *) address,
-                        reliable ? "" : "? ", (void *) address);
-}
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size, void *end)
-{
-        void *t = tinfo;
-        if (end) {
-                if (p < end && p >= (end-THREAD_SIZE))
-                        return 1;
-                else
-                        return 0;
-        }
-        return p > t && p < t + THREAD_SIZE - size;
-}
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
-                unsigned long addr;
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + sizeof(long)) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
 void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp,
                const struct stacktrace_ops *ops, void *data)
 {
+        int graph = 0;
        if (!task)
                task = current;
@@ -107,7 +52,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                context = (struct thread_info *)
                        ((unsigned long)stack & (~(THREAD_SIZE - 1)));
-                bp = print_context_stack(context, stack, bp, ops, data, NULL);
+                bp = print_context_stack(context, stack, bp, ops,
+                                         data, NULL, &graph);
                stack = (unsigned long *)context->previous_esp;
                if (!stack)
@@ -119,57 +65,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
 }
 EXPORT_SYMBOL(dump_trace);
-static void
+void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        printk(data);
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s%s\n", (char *)data, msg);
-}
-static int print_trace_stack(void *data, char *name)
-{
-        printk("%s <%s> ", (char *)data, name);
-        return 0;
-}
-/*
- * Print one address/symbol entries per line.
- */
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        touch_nmi_watchdog();
-        printk(data);
-        printk_address(addr, reliable);
-}
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
-{
-        printk("%sCall Trace:\n", log_lvl);
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-}
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
-{
-        show_trace_log_lvl(task, regs, stack, bp, "");
-}
-static void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
                unsigned long *sp, unsigned long bp, char *log_lvl)
 {
@@ -196,33 +92,6 @@ show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
 }
-void show_stack(struct task_struct *task, unsigned long *sp)
-{
-        show_stack_log_lvl(task, NULL, sp, 0, "");
-}
-/*
- * The architecture-independent dump_stack generator
- */
-void dump_stack(void)
-{
-        unsigned long bp = 0;
-        unsigned long stack;
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                get_bp(bp);
-#endif
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-        show_trace(NULL, NULL, &stack, bp);
-}
-EXPORT_SYMBOL(dump_stack);
 void show_registers(struct pt_regs *regs)
 {
@@ -283,167 +152,3 @@ int is_valid_bugaddr(unsigned long ip)
        return ud2 == 0x0b0f;
 }
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-unsigned __kprobes long oops_begin(void)
-{
-        unsigned long flags;
-        oops_enter();
-        if (die_owner != raw_smp_processor_id()) {
-                console_verbose();
-                raw_local_irq_save(flags);
-                __raw_spin_lock(&die_lock);
-                die_owner = smp_processor_id();
-                die_nest_count = 0;
-                bust_spinlocks(1);
-        } else {
-                raw_local_irq_save(flags);
-        }
-        die_nest_count++;
-        return flags;
-}
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        bust_spinlocks(0);
-        die_owner = -1;
-        add_taint(TAINT_DIE);
-        __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-        if (!regs)
-                return;
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        if (in_interrupt())
-                panic("Fatal exception in interrupt");
-        if (panic_on_oops)
-                panic("Fatal exception");
-        oops_exit();
-        do_exit(signr);
-}
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned short ss;
-        unsigned long sp;
-        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        sysfs_printk_last_file();
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
-                return 1;
-        show_registers(regs);
-        /* Executive summary in case the oops scrolled away */
-        sp = (unsigned long) (&regs->sp);
-        savesegment(ss, ss);
-        if (user_mode(regs)) {
-                sp = regs->sp;
-                ss = regs->ss & 0xffff;
-        }
-        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
-        print_symbol("%s", regs->ip);
-        printk(" SS:ESP %04x:%08lx\n", ss, sp);
-        return 0;
-}
-/*
- * This is gone through when something in the kernel has done something bad
- * and is about to be terminated:
- */
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-        if (die_nest_count < 3) {
-                report_bug(regs->ip, regs);
-                if (__die(str, regs, err))
-                        regs = NULL;
-        } else {
-                printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
-        }
-        oops_end(flags, regs, SIGSEGV);
-}
-static DEFINE_SPINLOCK(nmi_print_lock);
-void notrace __kprobes
-die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-        spin_lock(&nmi_print_lock);
-        /*
-        * We are in trouble anyway, lets at least try
-        * to get a message out:
-        */
-        bust_spinlocks(1);
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (do_panic)
-                panic("Non maskable interrupt");
-        console_silent();
-        spin_unlock(&nmi_print_lock);
-        /*
-         * If we are in kernel we are probably nested up pretty bad
-         * and might aswell get out now while we still can:
-         */
-        if (!user_mode_vm(regs)) {
-                current->thread.trap_no = 2;
-                crash_kexec(regs);
-        }
-        bust_spinlocks(0);
-        do_exit(SIGSEGV);
-}
-static int __init oops_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        if (!strcmp(s, "panic"))
-                panic_on_oops = 1;
-        return 0;
-}
-early_param("oops", oops_setup);
-static int __init kstack_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-        return 0;
-}
-early_param("kstack", kstack_setup);
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index 96a5db7da8a7..c302d0707048 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -17,19 +17,7 @@
 #include <asm/stacktrace.h>
-#define STACKSLOTS_PER_LINE 4
+#include "dumpstack.h"
-#define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
-static unsigned int code_bytes = 64;
-static int die_counter;
-void printk_address(unsigned long address, int reliable)
-{
-        printk(" [<%p>] %s%pS\n", (void *) address,
-                        reliable ? "" : "? ", (void *) address);
-}
 static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
                                        unsigned *usedp, char **idp)
@@ -113,51 +101,6 @@ static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
 * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
 */
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size, void *end)
-{
-        void *t = tinfo;
-        if (end) {
-                if (p < end && p >= (end-THREAD_SIZE))
-                        return 1;
-                else
-                        return 0;
-        }
-        return p > t && p < t + THREAD_SIZE - size;
-}
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
-                unsigned long addr;
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + sizeof(long)) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
 void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp,
                const struct stacktrace_ops *ops, void *data)
@@ -166,6 +109,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
        unsigned long *irqstack_end = (unsigned long *)cpu_pda(cpu)->irqstackptr;
        unsigned used = 0;
        struct thread_info *tinfo;
+        int graph = 0;
        if (!task)
                task = current;
@@ -206,7 +150,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                                break;
                        bp = print_context_stack(tinfo, stack, bp, ops,
-                                                        data, estack_end);
+                                                 data, estack_end, &graph);
                        ops->stack(data, "<EOE>");
                        /*
                         * We link to the next stack via the
@@ -225,7 +169,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                                if (ops->stack(data, "IRQ") < 0)
                                        break;
                                bp = print_context_stack(tinfo, stack, bp,
-                                                ops, data, irqstack_end);
+                                        ops, data, irqstack_end, &graph);
                                /*
                                 * We link to the next stack (which would be
                                 * the process stack normally) the last
@@ -243,62 +187,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
        /*
         * This handles the process stack:
         */
-        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL);
+        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL, &graph);
        put_cpu();
 }
 EXPORT_SYMBOL(dump_trace);
-static void
+void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        printk(data);
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s%s\n", (char *)data, msg);
-}
-static int print_trace_stack(void *data, char *name)
-{
-        printk("%s <%s> ", (char *)data, name);
-        return 0;
-}
-/*
- * Print one address/symbol entries per line.
- */
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        touch_nmi_watchdog();
-        printk(data);
-        printk_address(addr, reliable);
-}
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
-{
-        printk("%sCall Trace:\n", log_lvl);
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-}
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
-{
-        show_trace_log_lvl(task, regs, stack, bp, "");
-}
-static void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
                unsigned long *sp, unsigned long bp, char *log_lvl)
 {
@@ -342,33 +236,6 @@ show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
 }
-void show_stack(struct task_struct *task, unsigned long *sp)
-{
-        show_stack_log_lvl(task, NULL, sp, 0, "");
-}
-/*
- * The architecture-independent dump_stack generator
- */
-void dump_stack(void)
-{
-        unsigned long bp = 0;
-        unsigned long stack;
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                get_bp(bp);
-#endif
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-        show_trace(NULL, NULL, &stack, bp);
-}
-EXPORT_SYMBOL(dump_stack);
 void show_registers(struct pt_regs *regs)
 {
        int i;
@@ -429,147 +296,3 @@ int is_valid_bugaddr(unsigned long ip)
        return ud2 == 0x0b0f;
 }
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-unsigned __kprobes long oops_begin(void)
-{
-        int cpu;
-        unsigned long flags;
-        oops_enter();
-        /* racy, but better than risking deadlock. */
-        raw_local_irq_save(flags);
-        cpu = smp_processor_id();
-        if (!__raw_spin_trylock(&die_lock)) {
-                if (cpu == die_owner)
-                        /* nested oops. should stop eventually */;
-                else
-                        __raw_spin_lock(&die_lock);
-        }
-        die_nest_count++;
-        die_owner = cpu;
-        console_verbose();
-        bust_spinlocks(1);
-        return flags;
-}
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        die_owner = -1;
-        bust_spinlocks(0);
-        die_nest_count--;
-        if (!die_nest_count)
-                /* Nest count reaches zero, release the lock. */
-                __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-        if (!regs) {
-                oops_exit();
-                return;
-        }
-        if (in_interrupt())
-                panic("Fatal exception in interrupt");
-        if (panic_on_oops)
-                panic("Fatal exception");
-        oops_exit();
-        do_exit(signr);
-}
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        sysfs_printk_last_file();
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
-                return 1;
-        show_registers(regs);
-        add_taint(TAINT_DIE);
-        /* Executive summary in case the oops scrolled away */
-        printk(KERN_ALERT "RIP ");
-        printk_address(regs->ip, 1);
-        printk(" RSP <%016lx>\n", regs->sp);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        return 0;
-}
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-        if (!user_mode(regs))
-                report_bug(regs->ip, regs);
-        if (__die(str, regs, err))
-                regs = NULL;
-        oops_end(flags, regs, SIGSEGV);
-}
-notrace __kprobes void
-die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        unsigned long flags;
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-        flags = oops_begin();
-        /*
-         * We are in trouble anyway, lets at least try
-         * to get a message out.
-         */
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        if (do_panic || panic_on_oops)
-                panic("Non maskable interrupt");
-        oops_end(flags, NULL, SIGBUS);
-        nmi_exit();
-        local_irq_enable();
-        do_exit(SIGBUS);
-}
-static int __init oops_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        if (!strcmp(s, "panic"))
-                panic_on_oops = 1;
-        return 0;
-}
-early_param("oops", oops_setup);
-static int __init kstack_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-        return 0;
-}
-early_param("kstack", kstack_setup);
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 28b597ef9ca1..43ceb3f454bf 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -1157,6 +1157,9 @@ ENTRY(mcount)
 END(mcount)
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        pushl %eax
        pushl %ecx
        pushl %edx
@@ -1171,6 +1174,11 @@ ftrace_call:
        popl %edx
        popl %ecx
        popl %eax
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+.globl ftrace_graph_call
+ftrace_graph_call:
+        jmp ftrace_stub
+#endif
 .globl ftrace_stub
 ftrace_stub:
@@ -1180,8 +1188,18 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        cmpl $ftrace_stub, ftrace_trace_function
        jnz trace
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+        cmpl $ftrace_stub, ftrace_graph_return
+        jnz ftrace_graph_caller
+        cmpl $ftrace_graph_entry_stub, ftrace_graph_entry
+        jnz ftrace_graph_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
        ret
@@ -1200,12 +1218,43 @@ trace:
        popl %edx
        popl %ecx
        popl %eax
        jmp ftrace_stub
 END(mcount)
 #endif /* CONFIG_DYNAMIC_FTRACE */
 #endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+ENTRY(ftrace_graph_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        movl 0xc(%esp), %edx
+        lea 0x4(%ebp), %eax
+        subl $MCOUNT_INSN_SIZE, %edx
+        call prepare_ftrace_return
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+END(ftrace_graph_caller)
+.globl return_to_handler
+return_to_handler:
+        pushl $0
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        call ftrace_return_to_handler
+        movl %eax, 0xc(%esp)
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+#endif
 .section .rodata,"a"
 #include "syscall_table_32.S"
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b86f332c96a6..303dd84d2a98 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -68,16 +68,10 @@ ENTRY(mcount)
 END(mcount)
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
-        /* taken from glibc */
+        MCOUNT_SAVE_FRAME
-        subq $0x38, %rsp
-        movq %rax, (%rsp)
-        movq %rcx, 8(%rsp)
-        movq %rdx, 16(%rsp)
-        movq %rsi, 24(%rsp)
-        movq %rdi, 32(%rsp)
-        movq %r8, 40(%rsp)
-        movq %r9, 48(%rsp)
        movq 0x38(%rsp), %rdi
        movq 8(%rbp), %rsi
@@ -87,14 +81,13 @@ ENTRY(ftrace_caller)
 ftrace_call:
        call ftrace_stub
-        movq 48(%rsp), %r9
+        MCOUNT_RESTORE_FRAME
-        movq 40(%rsp), %r8
-        movq 32(%rsp), %rdi
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
-        movq 24(%rsp), %rsi
+.globl ftrace_graph_call
-        movq 16(%rsp), %rdx
+ftrace_graph_call:
-        movq 8(%rsp), %rcx
+        jmp ftrace_stub
-        movq (%rsp), %rax
+#endif
-        addq $0x38, %rsp
 .globl ftrace_stub
 ftrace_stub:
@@ -103,15 +96,63 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        cmpq $ftrace_stub, ftrace_trace_function
        jnz trace
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+        cmpq $ftrace_stub, ftrace_graph_return
+        jnz ftrace_graph_caller
+        cmpq $ftrace_graph_entry_stub, ftrace_graph_entry
+        jnz ftrace_graph_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
        retq
 trace:
-        /* taken from glibc */
+        MCOUNT_SAVE_FRAME
-        subq $0x38, %rsp
+        movq 0x38(%rsp), %rdi
+        movq 8(%rbp), %rsi
+        subq $MCOUNT_INSN_SIZE, %rdi
+        call   *ftrace_trace_function
+        MCOUNT_RESTORE_FRAME
+        jmp ftrace_stub
+END(mcount)
+#endif /* CONFIG_DYNAMIC_FTRACE */
+#endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+ENTRY(ftrace_graph_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+        MCOUNT_SAVE_FRAME
+        leaq 8(%rbp), %rdi
+        movq 0x38(%rsp), %rsi
+        subq $MCOUNT_INSN_SIZE, %rsi
+        call    prepare_ftrace_return
+        MCOUNT_RESTORE_FRAME
+        retq
+END(ftrace_graph_caller)
+.globl return_to_handler
+return_to_handler:
+        subq  $80, %rsp
        movq %rax, (%rsp)
        movq %rcx, 8(%rsp)
        movq %rdx, 16(%rsp)
@@ -119,13 +160,14 @@ trace:
        movq %rdi, 32(%rsp)
        movq %r8, 40(%rsp)
        movq %r9, 48(%rsp)
+        movq %r10, 56(%rsp)
+        movq %r11, 64(%rsp)
-        movq 0x38(%rsp), %rdi
+        call ftrace_return_to_handler
-        movq 8(%rbp), %rsi
-        subq $MCOUNT_INSN_SIZE, %rdi
-        call   *ftrace_trace_function
+        movq %rax, 72(%rsp)
+        movq 64(%rsp), %r11
+        movq 56(%rsp), %r10
        movq 48(%rsp), %r9
        movq 40(%rsp), %r8
        movq 32(%rsp), %rdi
@@ -133,12 +175,10 @@ trace:
        movq 16(%rsp), %rdx
        movq 8(%rsp), %rcx
        movq (%rsp), %rax
-        addq $0x38, %rsp
+        addq $72, %rsp
+        retq
+#endif
-        jmp ftrace_stub
-END(mcount)
-#endif /* CONFIG_DYNAMIC_FTRACE */
-#endif /* CONFIG_FUNCTION_TRACER */
 #ifndef CONFIG_PREEMPT
 #define retint_kernel retint_restore_args
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 50ea0ac8c9bf..1b43086b097a 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -14,14 +14,17 @@
 #include <linux/uaccess.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
+#include <linux/sched.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <asm/ftrace.h>
+#include <linux/ftrace.h>
 #include <asm/nops.h>
+#include <asm/nmi.h>
-static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+#ifdef CONFIG_DYNAMIC_FTRACE
 union ftrace_code_union {
        char code[MCOUNT_INSN_SIZE];
@@ -31,18 +34,12 @@ union ftrace_code_union {
        } __attribute__((packed));
 };
 static int ftrace_calc_offset(long ip, long addr)
 {
        return (int)(addr - ip);
 }
-unsigned char *ftrace_nop_replace(void)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
-{
-        return ftrace_nop;
-}
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
        static union ftrace_code_union calc;
@@ -56,7 +53,142 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
        return calc.code;
 }
-int
+/*
+ * Modifying code must take extra care. On an SMP machine, if
+ * the code being modified is also being executed on another CPU
+ * that CPU will have undefined results and possibly take a GPF.
+ * We use kstop_machine to stop other CPUS from exectuing code.
+ * But this does not stop NMIs from happening. We still need
+ * to protect against that. We separate out the modification of
+ * the code to take care of this.
+ *
+ * Two buffers are added: An IP buffer and a "code" buffer.
+ *
+ * 1) Put the instruction pointer into the IP buffer
+ *    and the new code into the "code" buffer.
+ * 2) Set a flag that says we are modifying code
+ * 3) Wait for any running NMIs to finish.
+ * 4) Write the code
+ * 5) clear the flag.
+ * 6) Wait for any running NMIs to finish.
+ *
+ * If an NMI is executed, the first thing it does is to call
+ * "ftrace_nmi_enter". This will check if the flag is set to write
+ * and if it is, it will write what is in the IP and "code" buffers.
+ *
+ * The trick is, it does not matter if everyone is writing the same
+ * content to the code location. Also, if a CPU is executing code
+ * it is OK to write to that code location if the contents being written
+ * are the same as what exists.
+ */
+static atomic_t in_nmi = ATOMIC_INIT(0);
+static int mod_code_status;             /* holds return value of text write */
+static int mod_code_write;              /* set when NMI should do the write */
+static void *mod_code_ip;               /* holds the IP to write to */
+static void *mod_code_newcode;          /* holds the text to write to the IP */
+static unsigned nmi_wait_count;
+static atomic_t nmi_update_count = ATOMIC_INIT(0);
+int ftrace_arch_read_dyn_info(char *buf, int size)
+{
+        int r;
+        r = snprintf(buf, size, "%u %u",
+                     nmi_wait_count,
+                     atomic_read(&nmi_update_count));
+        return r;
+}
+static void ftrace_mod_code(void)
+{
+        /*
+         * Yes, more than one CPU process can be writing to mod_code_status.
+         *    (and the code itself)
+         * But if one were to fail, then they all should, and if one were
+         * to succeed, then they all should.
+         */
+        mod_code_status = probe_kernel_write(mod_code_ip, mod_code_newcode,
+                                             MCOUNT_INSN_SIZE);
+}
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+        /* Must have in_nmi seen before reading write flag */
+        smp_mb();
+        if (mod_code_write) {
+                ftrace_mod_code();
+                atomic_inc(&nmi_update_count);
+        }
+}
+void ftrace_nmi_exit(void)
+{
+        /* Finish all executions before clearing in_nmi */
+        smp_wmb();
+        atomic_dec(&in_nmi);
+}
+static void wait_for_nmi(void)
+{
+        int waited = 0;
+        while (atomic_read(&in_nmi)) {
+                waited = 1;
+                cpu_relax();
+        }
+        if (waited)
+                nmi_wait_count++;
+}
+static int
+do_ftrace_mod_code(unsigned long ip, void *new_code)
+{
+        mod_code_ip = (void *)ip;
+        mod_code_newcode = new_code;
+        /* The buffers need to be visible before we let NMIs write them */
+        smp_wmb();
+        mod_code_write = 1;
+        /* Make sure write bit is visible before we wait on NMIs */
+        smp_mb();
+        wait_for_nmi();
+        /* Make sure all running NMIs have finished before we write the code */
+        smp_mb();
+        ftrace_mod_code();
+        /* Make sure the write happens before clearing the bit */
+        smp_wmb();
+        mod_code_write = 0;
+        /* make sure NMIs see the cleared bit */
+        smp_mb();
+        wait_for_nmi();
+        return mod_code_status;
+}
+static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+static unsigned char *ftrace_nop_replace(void)
+{
+        return ftrace_nop;
+}
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                   unsigned char *new_code)
 {
@@ -81,7 +213,7 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                return -EINVAL;
        /* replace the text with the new text */
-        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
+        if (do_ftrace_mod_code(ip, new_code))
                return -EPERM;
        sync_core();
@@ -89,6 +221,29 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
        return 0;
 }
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+        old = ftrace_call_replace(ip, addr);
+        new = ftrace_nop_replace();
+        return ftrace_modify_code(rec->ip, old, new);
+}
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+        old = ftrace_nop_replace();
+        new = ftrace_call_replace(ip, addr);
+        return ftrace_modify_code(rec->ip, old, new);
+}
 int ftrace_update_ftrace_func(ftrace_func_t func)
 {
        unsigned long ip = (unsigned long)(&ftrace_call);
@@ -165,3 +320,218 @@ int __init ftrace_dyn_arch_init(void *data)
        return 0;
 }
+#endif
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+#ifdef CONFIG_DYNAMIC_FTRACE
+extern void ftrace_graph_call(void);
+static int ftrace_mod_jmp(unsigned long ip,
+                          int old_offset, int new_offset)
+{
+        unsigned char code[MCOUNT_INSN_SIZE];
+        if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        if (code[0] != 0xe9 || old_offset != *(int *)(&code[1]))
+                return -EINVAL;
+        *(int *)(&code[1]) = new_offset;
+        if (do_ftrace_mod_code(ip, &code))
+                return -EPERM;
+        return 0;
+}
+int ftrace_enable_ftrace_graph_caller(void)
+{
+        unsigned long ip = (unsigned long)(&ftrace_graph_call);
+        int old_offset, new_offset;
+        old_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
+        new_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
+        return ftrace_mod_jmp(ip, old_offset, new_offset);
+}
+int ftrace_disable_ftrace_graph_caller(void)
+{
+        unsigned long ip = (unsigned long)(&ftrace_graph_call);
+        int old_offset, new_offset;
+        old_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
+        new_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
+        return ftrace_mod_jmp(ip, old_offset, new_offset);
+}
+#else /* CONFIG_DYNAMIC_FTRACE */
+/*
+ * These functions are picked from those used on
+ * this page for dynamic ftrace. They have been
+ * simplified to ignore all traces in NMI context.
+ */
+static atomic_t in_nmi;
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+}
+void ftrace_nmi_exit(void)
+{
+        atomic_dec(&in_nmi);
+}
+#endif /* !CONFIG_DYNAMIC_FTRACE */
+/* Add a function return address to the trace stack on thread info.*/
+static int push_return_trace(unsigned long ret, unsigned long long time,
+                                unsigned long func, int *depth)
+{
+        int index;
+        if (!current->ret_stack)
+                return -EBUSY;
+        /* The return trace stack is full */
+        if (current->curr_ret_stack == FTRACE_RETFUNC_DEPTH - 1) {
+                atomic_inc(&current->trace_overrun);
+                return -EBUSY;
+        }
+        index = ++current->curr_ret_stack;
+        barrier();
+        current->ret_stack[index].ret = ret;
+        current->ret_stack[index].func = func;
+        current->ret_stack[index].calltime = time;
+        *depth = index;
+        return 0;
+}
+/* Retrieve a function return address to the trace stack on thread info.*/
+static void pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret)
+{
+        int index;
+        index = current->curr_ret_stack;
+        if (unlikely(index < 0)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                /* Might as well panic, otherwise we have no where to go */
+                *ret = (unsigned long)panic;
+                return;
+        }
+        *ret = current->ret_stack[index].ret;
+        trace->func = current->ret_stack[index].func;
+        trace->calltime = current->ret_stack[index].calltime;
+        trace->overrun = atomic_read(&current->trace_overrun);
+        trace->depth = index;
+        barrier();
+        current->curr_ret_stack--;
+}
+/*
+ * Send the trace to the ring-buffer.
+ * @return the original return address.
+ */
+unsigned long ftrace_return_to_handler(void)
+{
+        struct ftrace_graph_ret trace;
+        unsigned long ret;
+        pop_return_trace(&trace, &ret);
+        trace.rettime = cpu_clock(raw_smp_processor_id());
+        ftrace_graph_return(&trace);
+        if (unlikely(!ret)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                /* Might as well panic. What else to do? */
+                ret = (unsigned long)panic;
+        }
+        return ret;
+}
+/*
+ * Hook the return address and push it in the stack of return addrs
+ * in current thread info.
+ */
+void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr)
+{
+        unsigned long old;
+        unsigned long long calltime;
+        int faulted;
+        struct ftrace_graph_ent trace;
+        unsigned long return_hooker = (unsigned long)
+                                &return_to_handler;
+        /* Nmi's are currently unsupported */
+        if (unlikely(atomic_read(&in_nmi)))
+                return;
+        if (unlikely(atomic_read(&current->tracing_graph_pause)))
+                return;
+        /*
+         * Protect against fault, even if it shouldn't
+         * happen. This tool is too much intrusive to
+         * ignore such a protection.
+         */
+        asm volatile(
+                "1: " _ASM_MOV " (%[parent_old]), %[old]\n"
+                "2: " _ASM_MOV " %[return_hooker], (%[parent_replaced])\n"
+                "   movl $0, %[faulted]\n"
+                ".section .fixup, \"ax\"\n"
+                "3: movl $1, %[faulted]\n"
+                ".previous\n"
+                _ASM_EXTABLE(1b, 3b)
+                _ASM_EXTABLE(2b, 3b)
+                : [parent_replaced] "=r" (parent), [old] "=r" (old),
+                  [faulted] "=r" (faulted)
+                : [parent_old] "0" (parent), [return_hooker] "r" (return_hooker)
+                : "memory"
+        );
+        if (unlikely(faulted)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                return;
+        }
+        if (unlikely(!__kernel_text_address(old))) {
+                ftrace_graph_stop();
+                *parent = old;
+                WARN_ON(1);
+                return;
+        }
+        calltime = cpu_clock(raw_smp_processor_id());
+        if (push_return_trace(old, calltime,
+                                self_addr, &trace.depth) == -EBUSY) {
+                *parent = old;
+                return;
+        }
+        trace.func = self_addr;
+        /* Only trace if the calling function expects to */
+        if (!ftrace_graph_entry(&trace)) {
+                current->curr_ret_stack--;
+                *parent = old;
+        }
+}
+#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 60eb84eb77a0..11c65e811ffe 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -13,6 +13,7 @@
 #include <linux/seq_file.h>
 #include <linux/module.h>
 #include <linux/delay.h>
+#include <linux/ftrace.h>
 #include <asm/uaccess.h>
 #include <asm/io_apic.h>
 #include <asm/idle.h>
@@ -47,7 +48,7 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 * SMP cross-CPU interrupts have their own specific
 * handlers).
 */
-asmlinkage unsigned int do_IRQ(struct pt_regs *regs)
+asmlinkage unsigned int __irq_entry do_IRQ(struct pt_regs *regs)
 {
        struct pt_regs *old_regs = set_irq_regs(regs);
        struct irq_desc *desc;
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index c622772744d8..c27af49a4ede 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -7,6 +7,7 @@
 #include <linux/module.h>
 #include <linux/pm.h>
 #include <linux/clockchips.h>
+#include <linux/ftrace.h>
 #include <asm/system.h>
 unsigned long idle_halt;
@@ -100,6 +101,9 @@ static inline int hlt_use_halt(void)
 void default_idle(void)
 {
        if (hlt_use_halt()) {
+                struct power_trace it;
+                trace_power_start(&it, POWER_CSTATE, 1);
                current_thread_info()->status &= ~TS_POLLING;
                /*
                 * TS_POLLING-cleared state must be visible before we
@@ -112,6 +116,7 @@ void default_idle(void)
                else
                        local_irq_enable();
                current_thread_info()->status |= TS_POLLING;
+                trace_power_end(&it);
        } else {
                local_irq_enable();
                /* loop is done by the caller */
@@ -154,24 +159,31 @@ EXPORT_SYMBOL_GPL(cpu_idle_wait);
 */
 void mwait_idle_with_hints(unsigned long ax, unsigned long cx)
 {
+        struct power_trace it;
+        trace_power_start(&it, POWER_CSTATE, (ax>>4)+1);
        if (!need_resched()) {
                __monitor((void *)&current_thread_info()->flags, 0, 0);
                smp_mb();
                if (!need_resched())
                        __mwait(ax, cx);
        }
+        trace_power_end(&it);
 }
 /* Default MONITOR/MWAIT with no hints, used for default C1 state */
 static void mwait_idle(void)
 {
+        struct power_trace it;
        if (!need_resched()) {
+                trace_power_start(&it, POWER_CSTATE, 1);
                __monitor((void *)&current_thread_info()->flags, 0, 0);
                smp_mb();
                if (!need_resched())
                        __sti_mwait(0, 0);
                else
                        local_irq_enable();
+                trace_power_end(&it);
        } else
                local_irq_enable();
 }
@@ -183,9 +195,13 @@ static void mwait_idle(void)
 */
 static void poll_idle(void)
 {
+        struct power_trace it;
+        trace_power_start(&it, POWER_CSTATE, 0);
        local_irq_enable();
        while (!need_resched())
                cpu_relax();
+        trace_power_end(&it);
 }
 /*
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 0a1302fe6d45..605eff9a8ac0 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -38,6 +38,7 @@
 #include <linux/percpu.h>
 #include <linux/prctl.h>
 #include <linux/dmi.h>
+#include <linux/ftrace.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -251,11 +252,14 @@ void exit_thread(void)
                put_cpu();
        }
 #ifdef CONFIG_X86_DS
-        /* Free any DS contexts that have not been properly released. */
+        /* Free any BTS tracers that have not been properly released. */
-        if (unlikely(current->thread.ds_ctx)) {
+        if (unlikely(current->bts)) {
-                /* we clear debugctl to make sure DS is not used. */
+                ds_release_bts(current->bts);
-                update_debugctlmsr(0);
+                current->bts = NULL;
-                ds_free(current->thread.ds_ctx);
+                kfree(current->bts_buffer);
+                current->bts_buffer = NULL;
+                current->bts_size = 0;
        }
 #endif /* CONFIG_X86_DS */
 }
@@ -419,48 +423,19 @@ int set_tsc_mode(unsigned int val)
        return 0;
 }
-#ifdef CONFIG_X86_DS
-static int update_debugctl(struct thread_struct *prev,
-                        struct thread_struct *next, unsigned long debugctl)
-{
-        unsigned long ds_prev = 0;
-        unsigned long ds_next = 0;
-        if (prev->ds_ctx)
-                ds_prev = (unsigned long)prev->ds_ctx->ds;
-        if (next->ds_ctx)
-                ds_next = (unsigned long)next->ds_ctx->ds;
-        if (ds_next != ds_prev) {
-                /* we clear debugctl to make sure DS
-                 * is not in use when we change it */
-                debugctl = 0;
-                update_debugctlmsr(0);
-                wrmsr(MSR_IA32_DS_AREA, ds_next, 0);
-        }
-        return debugctl;
-}
-#else
-static int update_debugctl(struct thread_struct *prev,
-                        struct thread_struct *next, unsigned long debugctl)
-{
-        return debugctl;
-}
-#endif /* CONFIG_X86_DS */
 static noinline void
 __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                 struct tss_struct *tss)
 {
        struct thread_struct *prev, *next;
-        unsigned long debugctl;
        prev = &prev_p->thread;
        next = &next_p->thread;
-        debugctl = update_debugctl(prev, next, prev->debugctlmsr);
+        if (test_tsk_thread_flag(next_p, TIF_DS_AREA_MSR) ||
+            test_tsk_thread_flag(prev_p, TIF_DS_AREA_MSR))
-        if (next->debugctlmsr != debugctl)
+                ds_switch_to(prev_p, next_p);
+        else if (next->debugctlmsr != prev->debugctlmsr)
                update_debugctlmsr(next->debugctlmsr);
        if (test_tsk_thread_flag(next_p, TIF_DEBUG)) {
@@ -482,15 +457,6 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                        hard_enable_TSC();
        }
-#ifdef CONFIG_X86_PTRACE_BTS
-        if (test_tsk_thread_flag(prev_p, TIF_BTS_TRACE_TS))
-                ptrace_bts_take_timestamp(prev_p, BTS_TASK_DEPARTS);
-        if (test_tsk_thread_flag(next_p, TIF_BTS_TRACE_TS))
-                ptrace_bts_take_timestamp(next_p, BTS_TASK_ARRIVES);
-#endif /* CONFIG_X86_PTRACE_BTS */
        if (!test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
                /*
                 * Disable the bitmap via an invalid offset. We still cache
@@ -548,7 +514,8 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
 * the task-switch, and shows up in ret_from_fork in entry.S,
 * for example.
 */
-struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+__notrace_funcgraph struct task_struct *
+__switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 {
        struct thread_struct *prev = &prev_p->thread,
                                 *next = &next_p->thread;
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index c958120fb1b6..1cfd2a4bf853 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -39,6 +39,7 @@
 #include <linux/prctl.h>
 #include <linux/uaccess.h>
 #include <linux/io.h>
+#include <linux/ftrace.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -236,11 +237,14 @@ void exit_thread(void)
                put_cpu();
        }
 #ifdef CONFIG_X86_DS
-        /* Free any DS contexts that have not been properly released. */
+        /* Free any BTS tracers that have not been properly released. */
-        if (unlikely(t->ds_ctx)) {
+        if (unlikely(current->bts)) {
-                /* we clear debugctl to make sure DS is not used. */
+                ds_release_bts(current->bts);
-                update_debugctlmsr(0);
+                current->bts = NULL;
-                ds_free(t->ds_ctx);
+                kfree(current->bts_buffer);
+                current->bts_buffer = NULL;
+                current->bts_size = 0;
        }
 #endif /* CONFIG_X86_DS */
 }
@@ -470,35 +474,14 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
                                    struct tss_struct *tss)
 {
        struct thread_struct *prev, *next;
-        unsigned long debugctl;
        prev = &prev_p->thread,
        next = &next_p->thread;
-        debugctl = prev->debugctlmsr;
+        if (test_tsk_thread_flag(next_p, TIF_DS_AREA_MSR) ||
+            test_tsk_thread_flag(prev_p, TIF_DS_AREA_MSR))
-#ifdef CONFIG_X86_DS
+                ds_switch_to(prev_p, next_p);
-        {
+        else if (next->debugctlmsr != prev->debugctlmsr)
-                unsigned long ds_prev = 0, ds_next = 0;
-                if (prev->ds_ctx)
-                        ds_prev = (unsigned long)prev->ds_ctx->ds;
-                if (next->ds_ctx)
-                        ds_next = (unsigned long)next->ds_ctx->ds;
-                if (ds_next != ds_prev) {
-                        /*
-                         * We clear debugctl to make sure DS
-                         * is not in use when we change it:
-                         */
-                        debugctl = 0;
-                        update_debugctlmsr(0);
-                        wrmsrl(MSR_IA32_DS_AREA, ds_next);
-                }
-        }
-#endif /* CONFIG_X86_DS */
-        if (next->debugctlmsr != debugctl)
                update_debugctlmsr(next->debugctlmsr);
        if (test_tsk_thread_flag(next_p, TIF_DEBUG)) {
@@ -533,14 +516,6 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
                 */
                memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
        }
-#ifdef CONFIG_X86_PTRACE_BTS
-        if (test_tsk_thread_flag(prev_p, TIF_BTS_TRACE_TS))
-                ptrace_bts_take_timestamp(prev_p, BTS_TASK_DEPARTS);
-        if (test_tsk_thread_flag(next_p, TIF_BTS_TRACE_TS))
-                ptrace_bts_take_timestamp(next_p, BTS_TASK_ARRIVES);
-#endif /* CONFIG_X86_PTRACE_BTS */
 }
 /*
@@ -551,8 +526,9 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
 * - could test fs/gs bitsliced
 *
 * Kprobes not supported here. Set the probe on schedule instead.
+ * Function graph tracer not supported too.
 */
-struct task_struct *
+__notrace_funcgraph struct task_struct *
 __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 {
        struct thread_struct *prev = &prev_p->thread;
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 0a6d8c12e10d..45e9855da2d2 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -581,158 +581,73 @@ static int ioperm_get(struct task_struct *target,
 }
 #ifdef CONFIG_X86_PTRACE_BTS
-/*
- * The configuration for a particular BTS hardware implementation.
- */
-struct bts_configuration {
-        /* the size of a BTS record in bytes; at most BTS_MAX_RECORD_SIZE */
-        unsigned char  sizeof_bts;
-        /* the size of a field in the BTS record in bytes */
-        unsigned char  sizeof_field;
-        /* a bitmask to enable/disable BTS in DEBUGCTL MSR */
-        unsigned long debugctl_mask;
-};
-static struct bts_configuration bts_cfg;
-#define BTS_MAX_RECORD_SIZE (8 * 3)
-/*
- * Branch Trace Store (BTS) uses the following format. Different
- * architectures vary in the size of those fields.
- * - source linear address
- * - destination linear address
- * - flags
- *
- * Later architectures use 64bit pointers throughout, whereas earlier
- * architectures use 32bit pointers in 32bit mode.
- *
- * We compute the base address for the first 8 fields based on:
- * - the field size stored in the DS configuration
- * - the relative field position
- *
- * In order to store additional information in the BTS buffer, we use
- * a special source address to indicate that the record requires
- * special interpretation.
- *
- * Netburst indicated via a bit in the flags field whether the branch
- * was predicted; this is ignored.
- */
-enum bts_field {
-        bts_from = 0,
-        bts_to,
-        bts_flags,
-        bts_escape = (unsigned long)-1,
-        bts_qual = bts_to,
-        bts_jiffies = bts_flags
-};
-static inline unsigned long bts_get(const char *base, enum bts_field field)
-{
-        base += (bts_cfg.sizeof_field * field);
-        return *(unsigned long *)base;
-}
-static inline void bts_set(char *base, enum bts_field field, unsigned long val)
-{
-        base += (bts_cfg.sizeof_field * field);;
-        (*(unsigned long *)base) = val;
-}
-/*
- * Translate a BTS record from the raw format into the bts_struct format
- *
- * out (out): bts_struct interpretation
- * raw: raw BTS record
- */
-static void ptrace_bts_translate_record(struct bts_struct *out, const void *raw)
-{
-        memset(out, 0, sizeof(*out));
-        if (bts_get(raw, bts_from) == bts_escape) {
-                out->qualifier       = bts_get(raw, bts_qual);
-                out->variant.jiffies = bts_get(raw, bts_jiffies);
-        } else {
-                out->qualifier = BTS_BRANCH;
-                out->variant.lbr.from_ip = bts_get(raw, bts_from);
-                out->variant.lbr.to_ip   = bts_get(raw, bts_to);
-        }
-}
 static int ptrace_bts_read_record(struct task_struct *child, size_t index,
                                  struct bts_struct __user *out)
 {
-        struct bts_struct ret;
+        const struct bts_trace *trace;
-        const void *bts_record;
+        struct bts_struct bts;
-        size_t bts_index, bts_end;
+        const unsigned char *at;
        int error;
-        error = ds_get_bts_end(child, &bts_end);
+        trace = ds_read_bts(child->bts);
-        if (error < 0)
+        if (!trace)
-                return error;
+                return -EPERM;
-        if (bts_end <= index)
+        at = trace->ds.top - ((index + 1) * trace->ds.size);
-                return -EINVAL;
+        if ((void *)at < trace->ds.begin)
+                at += (trace->ds.n * trace->ds.size);
-        error = ds_get_bts_index(child, &bts_index);
-        if (error < 0)
-                return error;
-        /* translate the ptrace bts index into the ds bts index */
+        if (!trace->read)
-        bts_index += bts_end - (index + 1);
+                return -EOPNOTSUPP;
-        if (bts_end <= bts_index)
-                bts_index -= bts_end;
-        error = ds_access_bts(child, bts_index, &bts_record);
+        error = trace->read(child->bts, at, &bts);
        if (error < 0)
                return error;
-        ptrace_bts_translate_record(&ret, bts_record);
+        if (copy_to_user(out, &bts, sizeof(bts)))
-        if (copy_to_user(out, &ret, sizeof(ret)))
                return -EFAULT;
-        return sizeof(ret);
+        return sizeof(bts);
 }
 static int ptrace_bts_drain(struct task_struct *child,
                            long size,
                            struct bts_struct __user *out)
 {
-        struct bts_struct ret;
+        const struct bts_trace *trace;
-        const unsigned char *raw;
+        const unsigned char *at;
-        size_t end, i;
+        int error, drained = 0;
-        int error;
-        error = ds_get_bts_index(child, &end);
+        trace = ds_read_bts(child->bts);
-        if (error < 0)
+        if (!trace)
-                return error;
+                return -EPERM;
-        if (size < (end * sizeof(struct bts_struct)))
+        if (!trace->read)
+                return -EOPNOTSUPP;
+        if (size < (trace->ds.top - trace->ds.begin))
                return -EIO;
-        error = ds_access_bts(child, 0, (const void **)&raw);
+        for (at = trace->ds.begin; (void *)at < trace->ds.top;
-        if (error < 0)
+             out++, drained++, at += trace->ds.size) {
-                return error;
+                struct bts_struct bts;
+                int error;
-        for (i = 0; i < end; i++, out++, raw += bts_cfg.sizeof_bts) {
+                error = trace->read(child->bts, at, &bts);
-                ptrace_bts_translate_record(&ret, raw);
+                if (error < 0)
+                        return error;
-                if (copy_to_user(out, &ret, sizeof(ret)))
+                if (copy_to_user(out, &bts, sizeof(bts)))
                        return -EFAULT;
        }
-        error = ds_clear_bts(child);
+        memset(trace->ds.begin, 0, trace->ds.n * trace->ds.size);
+        error = ds_reset_bts(child->bts);
        if (error < 0)
                return error;
-        return end;
+        return drained;
-}
-static void ptrace_bts_ovfl(struct task_struct *child)
-{
-        send_sig(child->thread.bts_ovfl_signal, child, 0);
 }
 static int ptrace_bts_config(struct task_struct *child,
@@ -740,114 +655,89 @@ static int ptrace_bts_config(struct task_struct *child,
                             const struct ptrace_bts_config __user *ucfg)
 {
        struct ptrace_bts_config cfg;
-        int error = 0;
+        unsigned int flags = 0;
-        error = -EOPNOTSUPP;
-        if (!bts_cfg.sizeof_bts)
-                goto errout;
-        error = -EIO;
        if (cfg_size < sizeof(cfg))
-                goto errout;
+                return -EIO;
-        error = -EFAULT;
        if (copy_from_user(&cfg, ucfg, sizeof(cfg)))
-                goto errout;
+                return -EFAULT;
-        error = -EINVAL;
-        if ((cfg.flags & PTRACE_BTS_O_SIGNAL) &&
-            !(cfg.flags & PTRACE_BTS_O_ALLOC))
-                goto errout;
-        if (cfg.flags & PTRACE_BTS_O_ALLOC) {
+        if (child->bts) {
-                ds_ovfl_callback_t ovfl = NULL;
+                ds_release_bts(child->bts);
-                unsigned int sig = 0;
+                child->bts = NULL;
+        }
-                /* we ignore the error in case we were not tracing child */
+        if (cfg.flags & PTRACE_BTS_O_SIGNAL) {
-                (void)ds_release_bts(child);
+                if (!cfg.signal)
+                        return -EINVAL;
-                if (cfg.flags & PTRACE_BTS_O_SIGNAL) {
+                return -EOPNOTSUPP;
-                        if (!cfg.signal)
-                                goto errout;
-                        sig  = cfg.signal;
+                child->thread.bts_ovfl_signal = cfg.signal;
-                        ovfl = ptrace_bts_ovfl;
+        }
-                }
-                error = ds_request_bts(child, /* base = */ NULL, cfg.size, ovfl);
+        if ((cfg.flags & PTRACE_BTS_O_ALLOC) &&
-                if (error < 0)
+            (cfg.size != child->bts_size)) {
-                        goto errout;
+                kfree(child->bts_buffer);
-                child->thread.bts_ovfl_signal = sig;
+                child->bts_size = cfg.size;
+                child->bts_buffer = kzalloc(cfg.size, GFP_KERNEL);
+                if (!child->bts_buffer) {
+                        child->bts_size = 0;
+                        return -ENOMEM;
+                }
        }
-        error = -EINVAL;
-        if (!child->thread.ds_ctx && cfg.flags)
-                goto errout;
        if (cfg.flags & PTRACE_BTS_O_TRACE)
-                child->thread.debugctlmsr |= bts_cfg.debugctl_mask;
+                flags |= BTS_USER;
-        else
-                child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
        if (cfg.flags & PTRACE_BTS_O_SCHED)
-                set_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
+                flags |= BTS_TIMESTAMPS;
-        else
-                clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
-        error = sizeof(cfg);
+        child->bts = ds_request_bts(child, child->bts_buffer, child->bts_size,
+                                    /* ovfl = */ NULL, /* th = */ (size_t)-1,
+                                    flags);
+        if (IS_ERR(child->bts)) {
+                int error = PTR_ERR(child->bts);
-out:
+                kfree(child->bts_buffer);
-        if (child->thread.debugctlmsr)
+                child->bts = NULL;
-                set_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
+                child->bts_buffer = NULL;
-        else
+                child->bts_size = 0;
-                clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
-        return error;
+                return error;
+        }
-errout:
+        return sizeof(cfg);
-        child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
-        clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
-        goto out;
 }
 static int ptrace_bts_status(struct task_struct *child,
                             long cfg_size,
                             struct ptrace_bts_config __user *ucfg)
 {
+        const struct bts_trace *trace;
        struct ptrace_bts_config cfg;
-        size_t end;
-        const void *base, *max;
-        int error;
        if (cfg_size < sizeof(cfg))
                return -EIO;
-        error = ds_get_bts_end(child, &end);
+        trace = ds_read_bts(child->bts);
-        if (error < 0)
+        if (!trace)
-                return error;
+                return -EPERM;
-        error = ds_access_bts(child, /* index = */ 0, &base);
-        if (error < 0)
-                return error;
-        error = ds_access_bts(child, /* index = */ end, &max);
-        if (error < 0)
-                return error;
        memset(&cfg, 0, sizeof(cfg));
-        cfg.size = (max - base);
+        cfg.size = trace->ds.end - trace->ds.begin;
        cfg.signal = child->thread.bts_ovfl_signal;
        cfg.bts_size = sizeof(struct bts_struct);
        if (cfg.signal)
                cfg.flags |= PTRACE_BTS_O_SIGNAL;
-        if (test_tsk_thread_flag(child, TIF_DEBUGCTLMSR) &&
+        if (trace->ds.flags & BTS_USER)
-            child->thread.debugctlmsr & bts_cfg.debugctl_mask)
                cfg.flags |= PTRACE_BTS_O_TRACE;
-        if (test_tsk_thread_flag(child, TIF_BTS_TRACE_TS))
+        if (trace->ds.flags & BTS_TIMESTAMPS)
                cfg.flags |= PTRACE_BTS_O_SCHED;
        if (copy_to_user(ucfg, &cfg, sizeof(cfg)))
@@ -856,108 +746,28 @@ static int ptrace_bts_status(struct task_struct *child,
        return sizeof(cfg);
 }
-static int ptrace_bts_write_record(struct task_struct *child,
+static int ptrace_bts_clear(struct task_struct *child)
-                                   const struct bts_struct *in)
 {
-        unsigned char bts_record[BTS_MAX_RECORD_SIZE];
+        const struct bts_trace *trace;
-        BUG_ON(BTS_MAX_RECORD_SIZE < bts_cfg.sizeof_bts);
+        trace = ds_read_bts(child->bts);
+        if (!trace)
+                return -EPERM;
-        memset(bts_record, 0, bts_cfg.sizeof_bts);
+        memset(trace->ds.begin, 0, trace->ds.n * trace->ds.size);
-        switch (in->qualifier) {
-        case BTS_INVALID:
-                break;
-        case BTS_BRANCH:
-                bts_set(bts_record, bts_from, in->variant.lbr.from_ip);
-                bts_set(bts_record, bts_to,   in->variant.lbr.to_ip);
-                break;
-        case BTS_TASK_ARRIVES:
-        case BTS_TASK_DEPARTS:
-                bts_set(bts_record, bts_from,    bts_escape);
-                bts_set(bts_record, bts_qual,    in->qualifier);
-                bts_set(bts_record, bts_jiffies, in->variant.jiffies);
-                break;
-        default:
-                return -EINVAL;
-        }
-        /* The writing task will be the switched-to task on a context
+        return ds_reset_bts(child->bts);
-         * switch. It needs to write into the switched-from task's BTS
-         * buffer. */
-        return ds_unchecked_write_bts(child, bts_record, bts_cfg.sizeof_bts);
 }
-void ptrace_bts_take_timestamp(struct task_struct *tsk,
+static int ptrace_bts_size(struct task_struct *child)
-                               enum bts_qualifier qualifier)
 {
-        struct bts_struct rec = {
+        const struct bts_trace *trace;
-                .qualifier = qualifier,
-                .variant.jiffies = jiffies_64
-        };
-        ptrace_bts_write_record(tsk, &rec);
-}
-static const struct bts_configuration bts_cfg_netburst = {
+        trace = ds_read_bts(child->bts);
-        .sizeof_bts    = sizeof(long) * 3,
+        if (!trace)
-        .sizeof_field  = sizeof(long),
+                return -EPERM;
-        .debugctl_mask = (1<<2)|(1<<3)|(1<<5)
-};
-static const struct bts_configuration bts_cfg_pentium_m = {
+        return (trace->ds.top - trace->ds.begin) / trace->ds.size;
-        .sizeof_bts    = sizeof(long) * 3,
-        .sizeof_field  = sizeof(long),
-        .debugctl_mask = (1<<6)|(1<<7)
-};
-static const struct bts_configuration bts_cfg_core2 = {
-        .sizeof_bts    = 8 * 3,
-        .sizeof_field  = 8,
-        .debugctl_mask = (1<<6)|(1<<7)|(1<<9)
-};
-static inline void bts_configure(const struct bts_configuration *cfg)
-{
-        bts_cfg = *cfg;
-}
-void __cpuinit ptrace_bts_init_intel(struct cpuinfo_x86 *c)
-{
-        switch (c->x86) {
-        case 0x6:
-                switch (c->x86_model) {
-                case 0xD:
-                case 0xE: /* Pentium M */
-                        bts_configure(&bts_cfg_pentium_m);
-                        break;
-                case 0xF: /* Core2 */
-        case 0x1C: /* Atom */
-                        bts_configure(&bts_cfg_core2);
-                        break;
-                default:
-                        /* sorry, don't know about them */
-                        break;
-                }
-                break;
-        case 0xF:
-                switch (c->x86_model) {
-                case 0x0:
-                case 0x1:
-                case 0x2: /* Netburst */
-                        bts_configure(&bts_cfg_netburst);
-                        break;
-                default:
-                        /* sorry, don't know about them */
-                        break;
-                }
-                break;
-        default:
-                /* sorry, don't know about them */
-                break;
-        }
 }
 #endif /* CONFIG_X86_PTRACE_BTS */
@@ -973,13 +783,14 @@ void ptrace_disable(struct task_struct *child)
        clear_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 #endif
 #ifdef CONFIG_X86_PTRACE_BTS
-        (void)ds_release_bts(child);
+        if (child->bts) {
+                ds_release_bts(child->bts);
-        child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
+                child->bts = NULL;
-        if (!child->thread.debugctlmsr)
-                clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
-        clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
+                kfree(child->bts_buffer);
+                child->bts_buffer = NULL;
+                child->bts_size = 0;
+        }
 #endif /* CONFIG_X86_PTRACE_BTS */
 }
@@ -1112,7 +923,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                break;
        case PTRACE_BTS_SIZE:
-                ret = ds_get_bts_index(child, /* pos = */ NULL);
+                ret = ptrace_bts_size(child);
                break;
        case PTRACE_BTS_GET:
@@ -1121,7 +932,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                break;
        case PTRACE_BTS_CLEAR:
-                ret = ds_clear_bts(child);
+                ret = ptrace_bts_clear(child);
                break;
        case PTRACE_BTS_DRAIN:
@@ -1384,6 +1195,14 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
        case PTRACE_GET_THREAD_AREA:
        case PTRACE_SET_THREAD_AREA:
+#ifdef CONFIG_X86_PTRACE_BTS
+        case PTRACE_BTS_CONFIG:
+        case PTRACE_BTS_STATUS:
+        case PTRACE_BTS_SIZE:
+        case PTRACE_BTS_GET:
+        case PTRACE_BTS_CLEAR:
+        case PTRACE_BTS_DRAIN:
+#endif /* CONFIG_X86_PTRACE_BTS */
                return arch_ptrace(child, request, addr, data);
        default:
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index a03e7f6d90c3..10786af95545 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -6,6 +6,7 @@
 #include <linux/sched.h>
 #include <linux/stacktrace.h>
 #include <linux/module.h>
+#include <linux/uaccess.h>
 #include <asm/stacktrace.h>
 static void save_stack_warning(void *data, char *msg)
@@ -83,3 +84,66 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
                trace->entries[trace->nr_entries++] = ULONG_MAX;
 }
 EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */
+struct stack_frame {
+        const void __user       *next_fp;
+        unsigned long           ret_addr;
+};
+static int copy_stack_frame(const void __user *fp, struct stack_frame *frame)
+{
+        int ret;
+        if (!access_ok(VERIFY_READ, fp, sizeof(*frame)))
+                return 0;
+        ret = 1;
+        pagefault_disable();
+        if (__copy_from_user_inatomic(frame, fp, sizeof(*frame)))
+                ret = 0;
+        pagefault_enable();
+        return ret;
+}
+static inline void __save_stack_trace_user(struct stack_trace *trace)
+{
+        const struct pt_regs *regs = task_pt_regs(current);
+        const void __user *fp = (const void __user *)regs->bp;
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = regs->ip;
+        while (trace->nr_entries < trace->max_entries) {
+                struct stack_frame frame;
+                frame.next_fp = NULL;
+                frame.ret_addr = 0;
+                if (!copy_stack_frame(fp, &frame))
+                        break;
+                if ((unsigned long)fp < regs->sp)
+                        break;
+                if (frame.ret_addr) {
+                        trace->entries[trace->nr_entries++] =
+                                frame.ret_addr;
+                }
+                if (fp == frame.next_fp)
+                        break;
+                fp = frame.next_fp;
+        }
+}
+void save_stack_trace_user(struct stack_trace *trace)
+{
+        /*
+         * Trace user stack if we are not a kernel thread
+         */
+        if (current->mm) {
+                __save_stack_trace_user(trace);
+        }
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
diff --git a/arch/x86/kernel/vmlinux_32.lds.S b/arch/x86/kernel/vmlinux_32.lds.S
index a9b8560adbc2..82c67559dde7 100644
--- a/arch/x86/kernel/vmlinux_32.lds.S
+++ b/arch/x86/kernel/vmlinux_32.lds.S
@@ -44,6 +44,7 @@ SECTIONS
        SCHED_TEXT
        LOCK_TEXT
        KPROBES_TEXT
+        IRQENTRY_TEXT
        *(.fixup)
        *(.gnu.warning)
        _etext = .;                     /* End of text section */
diff --git a/arch/x86/kernel/vmlinux_64.lds.S b/arch/x86/kernel/vmlinux_64.lds.S
index 46e05447405b..1a614c0e6bef 100644
--- a/arch/x86/kernel/vmlinux_64.lds.S
+++ b/arch/x86/kernel/vmlinux_64.lds.S
@@ -35,6 +35,7 @@ SECTIONS
        SCHED_TEXT
        LOCK_TEXT
        KPROBES_TEXT
+        IRQENTRY_TEXT
        *(.fixup)
        *(.gnu.warning)
        _etext = .;             /* End of text section */
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 0b8b6690a86d..6f3d3d4cd973 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -17,6 +17,9 @@
 *  want per guest time just set the kernel.vsyscall64 sysctl to 0.
 */
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
 #include <linux/time.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fea4565ff576..d8cc96a2738f 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -8,9 +8,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
-obj-$(CONFIG_MMIOTRACE_HOOKS)   += kmmio.o
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
-mmiotrace-y                     := pf_in.o mmio-mod.o
+mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
 obj-$(CONFIG_NUMA)              += numa_$(BITS).o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 31e8730fa246..21e996a70d68 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -53,7 +53,7 @@
 static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
 {
-#ifdef CONFIG_MMIOTRACE_HOOKS
+#ifdef CONFIG_MMIOTRACE
        if (unlikely(is_kmmio_active()))
                if (kmmio_handler(regs, addr) == 1)
                        return -1;
@@ -413,6 +413,7 @@ static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs,
                                 unsigned long error_code)
 {
        unsigned long flags = oops_begin();
+        int sig = SIGKILL;
        struct task_struct *tsk;
        printk(KERN_ALERT "%s: Corrupted page table at address %lx\n",
@@ -423,8 +424,8 @@ static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs,
        tsk->thread.trap_no = 14;
        tsk->thread.error_code = error_code;
        if (__die("Bad pagetable", regs, error_code))
-                regs = NULL;
+                sig = 0;
-        oops_end(flags, regs, SIGKILL);
+        oops_end(flags, regs, sig);
 }
 #endif
@@ -590,6 +591,7 @@ void __kprobes do_page_fault(struct pt_regs *regs, unsigned long error_code)
        int fault;
 #ifdef CONFIG_X86_64
        unsigned long flags;
+        int sig;
 #endif
        tsk = current;
@@ -849,11 +851,12 @@ no_context:
        bust_spinlocks(0);
        do_exit(SIGKILL);
 #else
+        sig = SIGKILL;
        if (__die("Oops", regs, error_code))
-                regs = NULL;
+                sig = 0;
        /* Executive summary in case the body of the oops scrolled away */
        printk(KERN_EMERG "CR2: %016lx\n", address);
-        oops_end(flags, regs, SIGKILL);
+        oops_end(flags, regs, sig);
 #endif
 /*
diff --git a/arch/x86/vdso/vclock_gettime.c b/arch/x86/vdso/vclock_gettime.c
index 1ef0f90813d6..d9d35824c56f 100644
--- a/arch/x86/vdso/vclock_gettime.c
+++ b/arch/x86/vdso/vclock_gettime.c
@@ -9,6 +9,9 @@
 * Also alternative() doesn't work.
 */
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
 #include <linux/kernel.h>
 #include <linux/posix-timers.h>
 #include <linux/time.h>