28 files changed, 985 insertions, 83 deletions

diff --git a/arch/arm/mach-pxa/include/mach/pxafb.h b/arch/arm/mach-pxa/include/mach/pxafb.h
index 8e591118371e..cbda4d35c421 100644
--- a/arch/arm/mach-pxa/include/mach/pxafb.h
+++ b/arch/arm/mach-pxa/include/mach/pxafb.h
@@ -33,6 +33,7 @@
 #define LCD_CONN_TYPE(_x)       ((_x) & 0x0f)
 #define LCD_CONN_WIDTH(_x)      (((_x) >> 4) & 0x1f)
 
+#define LCD_TYPE_MASK           0xf
 #define LCD_TYPE_UNKNOWN        0
 #define LCD_TYPE_MONO_STN       1
 #define LCD_TYPE_MONO_DSTN      2
diff --git a/arch/arm/mach-pxa/reset.c b/arch/arm/mach-pxa/reset.c
index 1b2af575c40f..00b2dc2a1074 100644
--- a/arch/arm/mach-pxa/reset.c
+++ b/arch/arm/mach-pxa/reset.c
@@ -90,12 +90,13 @@ void arch_reset(char mode)
                 /* Jump into ROM at address 0 */
                 cpu_reset(0);
                 break;
-        case 'h':
-                do_hw_reset();
-                break;
         case 'g':
                 do_gpio_reset();
                 break;
+        case 'h':
+        default:
+                do_hw_reset();
+                break;
         }
 }
 
diff --git a/arch/arm/mach-pxa/spitz.c b/arch/arm/mach-pxa/spitz.c
index f0a5bbae0b45..3be76ee2bdbf 100644
--- a/arch/arm/mach-pxa/spitz.c
+++ b/arch/arm/mach-pxa/spitz.c
@@ -67,6 +67,7 @@
 static unsigned long spitz_pin_config[] __initdata = {
         /* Chip Selects */
         GPIO78_nCS_2,   /* SCOOP #2 */
+        GPIO79_nCS_3,   /* NAND */
         GPIO80_nCS_4,   /* SCOOP #1 */
 
         /* LCD - 16bpp Active TFT */
@@ -97,10 +98,10 @@ static unsigned long spitz_pin_config[] __initdata = {
         GPIO51_nPIOW,
         GPIO85_nPCE_1,
         GPIO54_nPCE_2,
-        GPIO79_PSKTSEL,
         GPIO55_nPREG,
         GPIO56_nPWAIT,
         GPIO57_nIOIS16,
+        GPIO104_PSKTSEL,
 
         /* MMC */
         GPIO32_MMC_CLK,
@@ -686,7 +687,6 @@ static void __init akita_init(void)
         spitz_pcmcia_config.num_devs = 1;
         platform_scoop_config = &spitz_pcmcia_config;
 
-        pxa_set_i2c_info(NULL);
         i2c_register_board_info(0, ARRAY_AND_SIZE(akita_i2c_board_info));
 
         common_init();
diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h
index b298f7a631e6..e5f2ae8362f7 100644
--- a/arch/powerpc/include/asm/ftrace.h
+++ b/arch/powerpc/include/asm/ftrace.h
@@ -7,7 +7,19 @@
 
 #ifndef __ASSEMBLY__
 extern void _mcount(void);
-#endif
+
+#ifdef CONFIG_DYNAMIC_FTRACE
+static inline unsigned long ftrace_call_adjust(unsigned long addr)
+{
+       /* reloction of mcount call site is the same as the address */
+       return addr;
+}
+
+struct dyn_arch_ftrace {
+        struct module *mod;
+};
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 
 #endif
 
diff --git a/arch/powerpc/include/asm/module.h b/arch/powerpc/include/asm/module.h
index e5f14b13ccf0..08454880a2c0 100644
--- a/arch/powerpc/include/asm/module.h
+++ b/arch/powerpc/include/asm/module.h
@@ -34,11 +34,19 @@ struct mod_arch_specific {
 #ifdef __powerpc64__
         unsigned int stubs_section;     /* Index of stubs section in module */
         unsigned int toc_section;       /* What section is the TOC? */
-#else
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long toc;
+        unsigned long tramp;
+#endif
+
+#else /* powerpc64 */
         /* Indices of PLT sections within module. */
         unsigned int core_plt_section;
         unsigned int init_plt_section;
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long tramp;
 #endif
+#endif /* powerpc64 */
 
         /* List of BUG addresses, source line numbers and filenames */
         struct list_head bug_list;
@@ -68,6 +76,12 @@ struct mod_arch_specific {
 #    endif      /* MODULE */
 #endif
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+#    ifdef MODULE
+        asm(".section .ftrace.tramp,\"ax\",@nobits; .align 3; .previous");
+#    endif      /* MODULE */
+#endif
+
 
 struct exception_table_entry;
 void sort_ex_table(struct exception_table_entry *start,
diff --git a/arch/powerpc/kernel/ftrace.c b/arch/powerpc/kernel/ftrace.c
index f4b006ed0ab1..3271cd698e4c 100644
--- a/arch/powerpc/kernel/ftrace.c
+++ b/arch/powerpc/kernel/ftrace.c
@@ -9,22 +9,30 @@
 
 #include <linux/spinlock.h>
 #include <linux/hardirq.h>
+#include <linux/uaccess.h>
+#include <linux/module.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
 #include <linux/init.h>
 #include <linux/list.h>
 
 #include <asm/cacheflush.h>
+#include <asm/code-patching.h>
 #include <asm/ftrace.h>
 
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(fmt , ...)       do { } while (0)
+#endif
 
-static unsigned int ftrace_nop = 0x60000000;
+static unsigned int ftrace_nop = PPC_NOP_INSTR;
 
 #ifdef CONFIG_PPC32
 # define GET_ADDR(addr) addr
 #else
 /* PowerPC64's functions are data that points to the functions */
-# define GET_ADDR(addr) *(unsigned long *)addr
+# define GET_ADDR(addr) (*(unsigned long *)addr)
 #endif
 
 
@@ -33,12 +41,12 @@ static unsigned int ftrace_calc_offset(long ip, long addr)
         return (int)(addr - ip);
 }
 
-unsigned char *ftrace_nop_replace(void)
+static unsigned char *ftrace_nop_replace(void)
 {
         return (char *)&ftrace_nop;
 }
 
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
         static unsigned int op;
 
@@ -68,49 +76,434 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 # define _ASM_PTR       " .long "
 #endif
 
-int
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                    unsigned char *new_code)
 {
-        unsigned replaced;
-        unsigned old = *(unsigned *)old_code;
-        unsigned new = *(unsigned *)new_code;
-        int faulted = 0;
+        unsigned char replaced[MCOUNT_INSN_SIZE];
 
         /*
          * Note: Due to modules and __init, code can
          *  disappear and change, we need to protect against faulting
-         *  as well as code changing.
+         *  as well as code changing. We do this by using the
+         *  probe_kernel_* functions.
          *
          * No real locking needed, this code is run through
-         * kstop_machine.
+         * kstop_machine, or before SMP starts.
          */
-        asm volatile (
-                "1: lwz         %1, 0(%2)\n"
-                "   cmpw        %1, %5\n"
-                "   bne         2f\n"
-                "   stwu        %3, 0(%2)\n"
-                "2:\n"
-                ".section .fixup, \"ax\"\n"
-                "3:     li %0, 1\n"
-                "       b 2b\n"
-                ".previous\n"
-                ".section __ex_table,\"a\"\n"
-                _ASM_ALIGN "\n"
-                _ASM_PTR "1b, 3b\n"
-                ".previous"
-                : "=r"(faulted), "=r"(replaced)
-                : "r"(ip), "r"(new),
-                  "0"(faulted), "r"(old)
-                : "memory");
-
-        if (replaced != old && replaced != new)
-                faulted = 2;
-
-        if (!faulted)
-                flush_icache_range(ip, ip + 8);
-
-        return faulted;
+
+        /* read the text we want to modify */
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+
+        /* Make sure it is what we expect it to be */
+        if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
+                return -EINVAL;
+
+        /* replace the text with the new text */
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
+                return -EPERM;
+
+        flush_icache_range(ip, ip + 8);
+
+        return 0;
+}
+
+/*
+ * Helper functions that are the same for both PPC64 and PPC32.
+ */
+static int test_24bit_addr(unsigned long ip, unsigned long addr)
+{
+        long diff;
+
+        /*
+         * Can we get to addr from ip in 24 bits?
+         *  (26 really, since we mulitply by 4 for 4 byte alignment)
+         */
+        diff = addr - ip;
+
+        /*
+         * Return true if diff is less than 1 << 25
+         *  and greater than -1 << 26.
+         */
+        return (diff < (1 << 25)) && (diff > (-1 << 26));
+}
+
+static int is_bl_op(unsigned int op)
+{
+        return (op & 0xfc000003) == 0x48000001;
+}
+
+static int test_offset(unsigned long offset)
+{
+        return (offset + 0x2000000 > 0x3ffffff) || ((offset & 3) != 0);
+}
+
+static unsigned long find_bl_target(unsigned long ip, unsigned int op)
+{
+        static int offset;
+
+        offset = (op & 0x03fffffc);
+        /* make it signed */
+        if (offset & 0x02000000)
+                offset |= 0xfe000000;
+
+        return ip + (long)offset;
+}
+
+static unsigned int branch_offset(unsigned long offset)
+{
+        /* return "bl ip+offset" */
+        return 0x48000001 | (offset & 0x03fffffc);
+}
+
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char replaced[MCOUNT_INSN_SIZE * 2];
+        unsigned int *op = (unsigned *)&replaced;
+        unsigned char jmp[8];
+        unsigned long *ptr = (unsigned long *)&jmp;
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        int offset;
+
+        /* read where this goes */
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(*op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", *op);
+                return -EINVAL;
+        }
+
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, *op);
+
+        /*
+         * On PPC64 the trampoline looks like:
+         * 0x3d, 0x82, 0x00, 0x00,    addis   r12,r2, <high>
+         * 0x39, 0x8c, 0x00, 0x00,    addi    r12,r12, <low>
+         *   Where the bytes 2,3,6 and 7 make up the 32bit offset
+         *   to the TOC that holds the pointer.
+         *   to jump to.
+         * 0xf8, 0x41, 0x00, 0x28,    std     r2,40(r1)
+         * 0xe9, 0x6c, 0x00, 0x20,    ld      r11,32(r12)
+         *   The actually address is 32 bytes from the offset
+         *   into the TOC.
+         * 0xe8, 0x4c, 0x00, 0x28,    ld      r2,40(r12)
+         */
+
+        DEBUGP("ip:%lx jumps to %lx r2: %lx", ip, tramp, mod->arch.toc);
+
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, 8)) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+
+        DEBUGP(" %08x %08x",
+               (unsigned)(*ptr >> 32),
+               (unsigned)*ptr);
+
+        offset = (unsigned)jmp[2] << 24 |
+                (unsigned)jmp[3] << 16 |
+                (unsigned)jmp[6] << 8 |
+                (unsigned)jmp[7];
+
+        DEBUGP(" %x ", offset);
+
+        /* get the address this jumps too */
+        tramp = mod->arch.toc + offset + 32;
+        DEBUGP("toc: %lx", tramp);
+
+        if (probe_kernel_read(jmp, (void *)tramp, 8)) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+
+        DEBUGP(" %08x %08x\n",
+               (unsigned)(*ptr >> 32),
+               (unsigned)*ptr);
+
+        /* This should match what was called */
+        if (*ptr != GET_ADDR(addr)) {
+                printk(KERN_ERR "addr does not match %lx\n", *ptr);
+                return -EINVAL;
+        }
+
+        /*
+         * We want to nop the line, but the next line is
+         *  0xe8, 0x41, 0x00, 0x28   ld r2,40(r1)
+         * This needs to be turned to a nop too.
+         */
+        if (probe_kernel_read(replaced, (void *)(ip+4), MCOUNT_INSN_SIZE))
+                return -EFAULT;
+
+        if (*op != 0xe8410028) {
+                printk(KERN_ERR "Next line is not ld! (%08x)\n", *op);
+                return -EINVAL;
+        }
+
+        /*
+         * Milton Miller pointed out that we can not blindly do nops.
+         * If a task was preempted when calling a trace function,
+         * the nops will remove the way to restore the TOC in r2
+         * and the r2 TOC will get corrupted.
+         */
+
+        /*
+         * Replace:
+         *   bl <tramp>  <==== will be replaced with "b 1f"
+         *   ld r2,40(r1)
+         *  1:
+         */
+        op[0] = 0x48000008;     /* b +8 */
+
+        if (probe_kernel_write((void *)ip, replaced, MCOUNT_INSN_SIZE))
+                return -EPERM;
+
+        return 0;
+}
+
+#else /* !PPC64 */
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char replaced[MCOUNT_INSN_SIZE];
+        unsigned int *op = (unsigned *)&replaced;
+        unsigned char jmp[8];
+        unsigned int *ptr = (unsigned int *)&jmp;
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        int offset;
+
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(*op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", *op);
+                return -EINVAL;
+        }
+
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, *op);
+
+        /*
+         * On PPC32 the trampoline looks like:
+         * lis r11,sym@ha
+         * addi r11,r11,sym@l
+         * mtctr r11
+         * bctr
+         */
+
+        DEBUGP("ip:%lx jumps to %lx", ip, tramp);
+
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, 8)) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+
+        DEBUGP(" %08x %08x ", ptr[0], ptr[1]);
+
+        tramp = (ptr[1] & 0xffff) |
+                ((ptr[0] & 0xffff) << 16);
+        if (tramp & 0x8000)
+                tramp -= 0x10000;
+
+        DEBUGP(" %x ", tramp);
+
+        if (tramp != addr) {
+                printk(KERN_ERR
+                       "Trampoline location %08lx does not match addr\n",
+                       tramp);
+                return -EINVAL;
+        }
+
+        op[0] = PPC_NOP_INSTR;
+
+        if (probe_kernel_write((void *)ip, replaced, MCOUNT_INSN_SIZE))
+                return -EPERM;
+
+        return 0;
+}
+#endif /* PPC64 */
+
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_call_replace(ip, addr);
+                new = ftrace_nop_replace();
+                return ftrace_modify_code(ip, old, new);
+        }
+
+        /*
+         * Out of range jumps are called from modules.
+         * We should either already have a pointer to the module
+         * or it has been passed in.
+         */
+        if (!rec->arch.mod) {
+                if (!mod) {
+                        printk(KERN_ERR "No module loaded addr=%lx\n",
+                               addr);
+                        return -EFAULT;
+                }
+                rec->arch.mod = mod;
+        } else if (mod) {
+                if (mod != rec->arch.mod) {
+                        printk(KERN_ERR
+                               "Record mod %p not equal to passed in mod %p\n",
+                               rec->arch.mod, mod);
+                        return -EINVAL;
+                }
+                /* nothing to do if mod == rec->arch.mod */
+        } else
+                mod = rec->arch.mod;
+
+        return __ftrace_make_nop(mod, rec, addr);
+
+}
+
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char replaced[MCOUNT_INSN_SIZE * 2];
+        unsigned int *op = (unsigned *)&replaced;
+        unsigned long ip = rec->ip;
+        unsigned long offset;
+
+        /* read where this goes */
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE * 2))
+                return -EFAULT;
+
+        /*
+         * It should be pointing to two nops or
+         *  b +8; ld r2,40(r1)
+         */
+        if (((op[0] != 0x48000008) || (op[1] != 0xe8410028)) &&
+            ((op[0] != PPC_NOP_INSTR) || (op[1] != PPC_NOP_INSTR))) {
+                printk(KERN_ERR "Expected NOPs but have %x %x\n", op[0], op[1]);
+                return -EINVAL;
+        }
+
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+
+        /* now calculate a jump to the ftrace caller trampoline */
+        offset = rec->arch.mod->arch.tramp - ip;
+
+        if (test_offset(offset)) {
+                printk(KERN_ERR "REL24 %li out of range!\n",
+                       (long int)offset);
+                return -EINVAL;
+        }
+
+        /* Set to "bl addr" */
+        op[0] = branch_offset(offset);
+        /* ld r2,40(r1) */
+        op[1] = 0xe8410028;
+
+        DEBUGP("write to %lx\n", rec->ip);
+
+        if (probe_kernel_write((void *)ip, replaced, MCOUNT_INSN_SIZE * 2))
+                return -EPERM;
+
+        return 0;
+}
+#else
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char replaced[MCOUNT_INSN_SIZE];
+        unsigned int *op = (unsigned *)&replaced;
+        unsigned long ip = rec->ip;
+        unsigned long offset;
+
+        /* read where this goes */
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+
+        /* It should be pointing to a nop */
+        if (op[0] != PPC_NOP_INSTR) {
+                printk(KERN_ERR "Expected NOP but have %x\n", op[0]);
+                return -EINVAL;
+        }
+
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+
+        /* now calculate a jump to the ftrace caller trampoline */
+        offset = rec->arch.mod->arch.tramp - ip;
+
+        if (test_offset(offset)) {
+                printk(KERN_ERR "REL24 %li out of range!\n",
+                       (long int)offset);
+                return -EINVAL;
+        }
+
+        /* Set to "bl addr" */
+        op[0] = branch_offset(offset);
+
+        DEBUGP("write to %lx\n", rec->ip);
+
+        if (probe_kernel_write((void *)ip, replaced, MCOUNT_INSN_SIZE))
+                return -EPERM;
+
+        return 0;
+}
+#endif /* CONFIG_PPC64 */
+
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_nop_replace();
+                new = ftrace_call_replace(ip, addr);
+                return ftrace_modify_code(ip, old, new);
+        }
+
+        /*
+         * Out of range jumps are called from modules.
+         * Being that we are converting from nop, it had better
+         * already have a module defined.
+         */
+        if (!rec->arch.mod) {
+                printk(KERN_ERR "No module loaded\n");
+                return -EINVAL;
+        }
+
+        return __ftrace_make_call(rec, addr);
 }
 
 int ftrace_update_ftrace_func(ftrace_func_t func)
@@ -128,10 +521,10 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
 
 int __init ftrace_dyn_arch_init(void *data)
 {
-        /* This is running in kstop_machine */
+        /* caller expects data to be zero */
+        unsigned long *p = data;
 
-        ftrace_mcount_set(data);
+        *p = 0;
 
         return 0;
 }
-
diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c
index 31982d05d81a..88d9c1d5e5fb 100644
--- a/arch/powerpc/kernel/idle.c
+++ b/arch/powerpc/kernel/idle.c
@@ -69,10 +69,15 @@ void cpu_idle(void)
                                 smp_mb();
                                 local_irq_disable();
 
+                                /* Don't trace irqs off for idle */
+                                stop_critical_timings();
+
                                 /* check again after disabling irqs */
                                 if (!need_resched() && !cpu_should_die())
                                         ppc_md.power_save();
 
+                                start_critical_timings();
+
                                 local_irq_enable();
                                 set_thread_flag(TIF_POLLING_NRFLAG);
 
diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
index 2df91a03462a..f832773fc28e 100644
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -22,6 +22,7 @@
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
+#include <linux/ftrace.h>
 #include <linux/cache.h>
 #include <linux/bug.h>
 #include <linux/sort.h>
@@ -53,6 +54,9 @@ static unsigned int count_relocs(const Elf32_Rela *rela, unsigned int num)
                         r_addend = rela[i].r_addend;
                 }
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+        _count_relocs++;        /* add one for ftrace_caller */
+#endif
         return _count_relocs;
 }
 
@@ -306,5 +310,11 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
                         return -ENOEXEC;
                 }
         }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        module->arch.tramp =
+                do_plt_call(module->module_core,
+                            (unsigned long)ftrace_caller,
+                            sechdrs, module);
+#endif
         return 0;
 }
diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c
index 1af2377e4992..8992b031a7b6 100644
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -20,6 +20,7 @@
 #include <linux/moduleloader.h>
 #include <linux/err.h>
 #include <linux/vmalloc.h>
+#include <linux/ftrace.h>
 #include <linux/bug.h>
 #include <asm/module.h>
 #include <asm/firmware.h>
@@ -163,6 +164,11 @@ static unsigned long get_stubs_size(const Elf64_Ehdr *hdr,
                 }
         }
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+        /* make the trampoline to the ftrace_caller */
+        relocs++;
+#endif
+
         DEBUGP("Looks like a total of %lu stubs, max\n", relocs);
         return relocs * sizeof(struct ppc64_stub_entry);
 }
@@ -441,5 +447,12 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
                 }
         }
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+        me->arch.toc = my_r2(sechdrs, me);
+        me->arch.tramp = stub_for_addr(sechdrs,
+                                       (unsigned long)ftrace_caller,
+                                       me);
+#endif
+
         return 0;
 }
diff --git a/arch/um/include/asm/system.h b/arch/um/include/asm/system.h
index 753346e2cdfd..ae5f94d6317d 100644
--- a/arch/um/include/asm/system.h
+++ b/arch/um/include/asm/system.h
@@ -11,21 +11,21 @@ extern int get_signals(void);
 extern void block_signals(void);
 extern void unblock_signals(void);
 
-#define local_save_flags(flags) do { typecheck(unsigned long, flags); \
+#define raw_local_save_flags(flags) do { typecheck(unsigned long, flags); \
                                      (flags) = get_signals(); } while(0)
-#define local_irq_restore(flags) do { typecheck(unsigned long, flags); \
+#define raw_local_irq_restore(flags) do { typecheck(unsigned long, flags); \
                                       set_signals(flags); } while(0)
 
-#define local_irq_save(flags) do { local_save_flags(flags); \
-                                   local_irq_disable(); } while(0)
+#define raw_local_irq_save(flags) do { raw_local_save_flags(flags); \
+                                   raw_local_irq_disable(); } while(0)
 
-#define local_irq_enable() unblock_signals()
-#define local_irq_disable() block_signals()
+#define raw_local_irq_enable() unblock_signals()
+#define raw_local_irq_disable() block_signals()
 
 #define irqs_disabled()                 \
 ({                                      \
         unsigned long flags;            \
-        local_save_flags(flags);        \
+        raw_local_save_flags(flags);        \
         (flags == 0);                   \
 })
 
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b7d2764a215..352f63df1d80 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -29,11 +29,14 @@ config X86
         select HAVE_FTRACE_MCOUNT_RECORD
         select HAVE_DYNAMIC_FTRACE
         select HAVE_FUNCTION_TRACER
+        select HAVE_FUNCTION_RET_TRACER if X86_32
+        select HAVE_FUNCTION_TRACE_MCOUNT_TEST
         select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
         select HAVE_ARCH_KGDB if !X86_VOYAGER
         select HAVE_ARCH_TRACEHOOK
         select HAVE_GENERIC_DMA_COHERENT if X86_32
         select HAVE_EFFICIENT_UNALIGNED_ACCESS
+        select USER_STACKTRACE_SUPPORT
 
 config ARCH_DEFCONFIG
         string
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 2a3dfbd5e677..fa013f529b74 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -186,14 +186,10 @@ config IOMMU_LEAK
           Add a simple leak tracer to the IOMMU code. This is useful when you
           are debugging a buggy device driver that leaks IOMMU mappings.
 
-config MMIOTRACE_HOOKS
-        bool
-
 config MMIOTRACE
         bool "Memory mapped IO tracing"
         depends on DEBUG_KERNEL && PCI
         select TRACING
-        select MMIOTRACE_HOOKS
         help
           Mmiotrace traces Memory Mapped I/O access and is meant for
           debugging and reverse engineering. It is called from the ioremap
diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h
index 9e8bc29b8b17..754a3e082f94 100644
--- a/arch/x86/include/asm/ftrace.h
+++ b/arch/x86/include/asm/ftrace.h
@@ -17,8 +17,40 @@ static inline unsigned long ftrace_call_adjust(unsigned long addr)
          */
         return addr - 1;
 }
-#endif
 
+#ifdef CONFIG_DYNAMIC_FTRACE
+
+struct dyn_arch_ftrace {
+        /* No extra data needed for x86 */
+};
+
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif /* CONFIG_FUNCTION_TRACER */
 
+#ifdef CONFIG_FUNCTION_RET_TRACER
+
+#ifndef __ASSEMBLY__
+
+/*
+ * Stack of return addresses for functions
+ * of a thread.
+ * Used in struct thread_info
+ */
+struct ftrace_ret_stack {
+        unsigned long ret;
+        unsigned long func;
+        unsigned long long calltime;
+};
+
+/*
+ * Primary handler of a function return.
+ * It relays on ftrace_return_to_handler.
+ * Defined in entry32.S
+ */
+extern void return_to_handler(void);
+
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_FUNCTION_RET_TRACER */
+
 #endif /* _ASM_X86_FTRACE_H */
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index e44d379faad2..0921b4018c11 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -20,6 +20,8 @@
 struct task_struct;
 struct exec_domain;
 #include <asm/processor.h>
+#include <asm/ftrace.h>
+#include <asm/atomic.h>
 
 struct thread_info {
         struct task_struct      *task;          /* main task structure */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 35c54921b2e4..99192bb55a53 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -157,6 +157,7 @@ extern int __get_user_bad(void);
         int __ret_gu;                                                   \
         unsigned long __val_gu;                                         \
         __chk_user_ptr(ptr);                                            \
+        might_fault();                                                  \
         switch (sizeof(*(ptr))) {                                       \
         case 1:                                                         \
                 __get_user_x(1, __ret_gu, __val_gu, ptr);               \
@@ -241,6 +242,7 @@ extern void __put_user_8(void);
         int __ret_pu;                                           \
         __typeof__(*(ptr)) __pu_val;                            \
         __chk_user_ptr(ptr);                                    \
+        might_fault();                                          \
         __pu_val = x;                                           \
         switch (sizeof(*(ptr))) {                               \
         case 1:                                                 \
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index d095a3aeea1b..5e06259e90e5 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -82,8 +82,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
 static __always_inline unsigned long __must_check
 __copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-       might_sleep();
-       return __copy_to_user_inatomic(to, from, n);
+        might_fault();
+        return __copy_to_user_inatomic(to, from, n);
 }
 
 static __always_inline unsigned long
@@ -137,7 +137,7 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long
 __copy_from_user(void *to, const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (__builtin_constant_p(n)) {
                 unsigned long ret;
 
@@ -159,7 +159,7 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long __copy_from_user_nocache(void *to,
                                 const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (__builtin_constant_p(n)) {
                 unsigned long ret;
 
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index f8cfd00db450..84210c479fca 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -29,6 +29,8 @@ static __always_inline __must_check
 int __copy_from_user(void *dst, const void __user *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic(dst, (__force void *)src, size);
         switch (size) {
@@ -71,6 +73,8 @@ static __always_inline __must_check
 int __copy_to_user(void __user *dst, const void *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic((__force void *)dst, src, size);
         switch (size) {
@@ -113,6 +117,8 @@ static __always_inline __must_check
 int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
 {
         int ret = 0;
+
+        might_fault();
         if (!__builtin_constant_p(size))
                 return copy_user_generic((__force void *)dst,
                                          (__force void *)src, size);
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index e489ff9cb3e2..1d8ed95da846 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -14,6 +14,11 @@ CFLAGS_REMOVE_paravirt-spinlocks.o = -pg
 CFLAGS_REMOVE_ftrace.o = -pg
 endif
 
+ifdef CONFIG_FUNCTION_RET_TRACER
+# Don't trace __switch_to() but let it for function tracer
+CFLAGS_REMOVE_process_32.o = -pg
+endif
+
 #
 # vsyscalls (which work on the user stack) should have
 # no stack-protector checks:
@@ -65,6 +70,7 @@ obj-$(CONFIG_X86_LOCAL_APIC)	+= apic.o nmi.o
 obj-$(CONFIG_X86_IO_APIC)       += io_apic.o
 obj-$(CONFIG_X86_REBOOTFIXUPS)  += reboot_fixups_32.o
 obj-$(CONFIG_DYNAMIC_FTRACE)    += ftrace.o
+obj-$(CONFIG_FUNCTION_RET_TRACER)       += ftrace.o
 obj-$(CONFIG_KEXEC)             += machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 28b597ef9ca1..74defe21ba42 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -1157,6 +1157,9 @@ ENTRY(mcount)
 END(mcount)
 
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         pushl %eax
         pushl %ecx
         pushl %edx
@@ -1180,8 +1183,15 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         cmpl $ftrace_stub, ftrace_trace_function
         jnz trace
+#ifdef CONFIG_FUNCTION_RET_TRACER
+        cmpl $ftrace_stub, ftrace_function_return
+        jnz ftrace_return_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
         ret
@@ -1200,12 +1210,42 @@ trace:
         popl %edx
         popl %ecx
         popl %eax
-
         jmp ftrace_stub
 END(mcount)
 #endif /* CONFIG_DYNAMIC_FTRACE */
 #endif /* CONFIG_FUNCTION_TRACER */
 
+#ifdef CONFIG_FUNCTION_RET_TRACER
+ENTRY(ftrace_return_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        movl 0xc(%esp), %edx
+        lea 0x4(%ebp), %eax
+        call prepare_ftrace_return
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+END(ftrace_return_caller)
+
+.globl return_to_handler
+return_to_handler:
+        pushl $0
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        call ftrace_return_to_handler
+        movl %eax, 0xc(%esp)
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+#endif
+
 .section .rodata,"a"
 #include "syscall_table_32.S"
 
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b86f332c96a6..08aa6b10933c 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -68,6 +68,8 @@ ENTRY(mcount)
 END(mcount)
 
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
 
         /* taken from glibc */
         subq $0x38, %rsp
@@ -103,6 +105,9 @@ END(ftrace_caller)
 
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
+
         cmpq $ftrace_stub, ftrace_trace_function
         jnz trace
 .globl ftrace_stub
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 50ea0ac8c9bf..bb137f7297ed 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -14,14 +14,17 @@
 #include <linux/uaccess.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
+#include <linux/sched.h>
 #include <linux/init.h>
 #include <linux/list.h>
 
 #include <asm/ftrace.h>
+#include <linux/ftrace.h>
 #include <asm/nops.h>
+#include <asm/nmi.h>
 
 
-static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+#ifdef CONFIG_DYNAMIC_FTRACE
 
 union ftrace_code_union {
         char code[MCOUNT_INSN_SIZE];
@@ -31,18 +34,12 @@ union ftrace_code_union {
         } __attribute__((packed));
 };
 
-
 static int ftrace_calc_offset(long ip, long addr)
 {
         return (int)(addr - ip);
 }
 
-unsigned char *ftrace_nop_replace(void)
-{
-        return ftrace_nop;
-}
-
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
         static union ftrace_code_union calc;
 
@@ -56,7 +53,143 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
         return calc.code;
 }
 
-int
+/*
+ * Modifying code must take extra care. On an SMP machine, if
+ * the code being modified is also being executed on another CPU
+ * that CPU will have undefined results and possibly take a GPF.
+ * We use kstop_machine to stop other CPUS from exectuing code.
+ * But this does not stop NMIs from happening. We still need
+ * to protect against that. We separate out the modification of
+ * the code to take care of this.
+ *
+ * Two buffers are added: An IP buffer and a "code" buffer.
+ *
+ * 1) Put the instruction pointer into the IP buffer
+ *    and the new code into the "code" buffer.
+ * 2) Set a flag that says we are modifying code
+ * 3) Wait for any running NMIs to finish.
+ * 4) Write the code
+ * 5) clear the flag.
+ * 6) Wait for any running NMIs to finish.
+ *
+ * If an NMI is executed, the first thing it does is to call
+ * "ftrace_nmi_enter". This will check if the flag is set to write
+ * and if it is, it will write what is in the IP and "code" buffers.
+ *
+ * The trick is, it does not matter if everyone is writing the same
+ * content to the code location. Also, if a CPU is executing code
+ * it is OK to write to that code location if the contents being written
+ * are the same as what exists.
+ */
+
+static atomic_t in_nmi = ATOMIC_INIT(0);
+static int mod_code_status;             /* holds return value of text write */
+static int mod_code_write;              /* set when NMI should do the write */
+static void *mod_code_ip;               /* holds the IP to write to */
+static void *mod_code_newcode;          /* holds the text to write to the IP */
+
+static unsigned nmi_wait_count;
+static atomic_t nmi_update_count = ATOMIC_INIT(0);
+
+int ftrace_arch_read_dyn_info(char *buf, int size)
+{
+        int r;
+
+        r = snprintf(buf, size, "%u %u",
+                     nmi_wait_count,
+                     atomic_read(&nmi_update_count));
+        return r;
+}
+
+static void ftrace_mod_code(void)
+{
+        /*
+         * Yes, more than one CPU process can be writing to mod_code_status.
+         *    (and the code itself)
+         * But if one were to fail, then they all should, and if one were
+         * to succeed, then they all should.
+         */
+        mod_code_status = probe_kernel_write(mod_code_ip, mod_code_newcode,
+                                             MCOUNT_INSN_SIZE);
+
+}
+
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+        /* Must have in_nmi seen before reading write flag */
+        smp_mb();
+        if (mod_code_write) {
+                ftrace_mod_code();
+                atomic_inc(&nmi_update_count);
+        }
+}
+
+void ftrace_nmi_exit(void)
+{
+        /* Finish all executions before clearing in_nmi */
+        smp_wmb();
+        atomic_dec(&in_nmi);
+}
+
+static void wait_for_nmi(void)
+{
+        int waited = 0;
+
+        while (atomic_read(&in_nmi)) {
+                waited = 1;
+                cpu_relax();
+        }
+
+        if (waited)
+                nmi_wait_count++;
+}
+
+static int
+do_ftrace_mod_code(unsigned long ip, void *new_code)
+{
+        mod_code_ip = (void *)ip;
+        mod_code_newcode = new_code;
+
+        /* The buffers need to be visible before we let NMIs write them */
+        smp_wmb();
+
+        mod_code_write = 1;
+
+        /* Make sure write bit is visible before we wait on NMIs */
+        smp_mb();
+
+        wait_for_nmi();
+
+        /* Make sure all running NMIs have finished before we write the code */
+        smp_mb();
+
+        ftrace_mod_code();
+
+        /* Make sure the write happens before clearing the bit */
+        smp_wmb();
+
+        mod_code_write = 0;
+
+        /* make sure NMIs see the cleared bit */
+        smp_mb();
+
+        wait_for_nmi();
+
+        return mod_code_status;
+}
+
+
+
+
+static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+
+static unsigned char *ftrace_nop_replace(void)
+{
+        return ftrace_nop;
+}
+
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                    unsigned char *new_code)
 {
@@ -81,7 +214,7 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                 return -EINVAL;
 
         /* replace the text with the new text */
-        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
+        if (do_ftrace_mod_code(ip, new_code))
                 return -EPERM;
 
         sync_core();
@@ -89,6 +222,29 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
         return 0;
 }
 
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+
+        old = ftrace_call_replace(ip, addr);
+        new = ftrace_nop_replace();
+
+        return ftrace_modify_code(rec->ip, old, new);
+}
+
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+
+        old = ftrace_nop_replace();
+        new = ftrace_call_replace(ip, addr);
+
+        return ftrace_modify_code(rec->ip, old, new);
+}
+
 int ftrace_update_ftrace_func(ftrace_func_t func)
 {
         unsigned long ip = (unsigned long)(&ftrace_call);
@@ -165,3 +321,139 @@ int __init ftrace_dyn_arch_init(void *data)
 
         return 0;
 }
+#endif
+
+#ifdef CONFIG_FUNCTION_RET_TRACER
+
+#ifndef CONFIG_DYNAMIC_FTRACE
+
+/*
+ * These functions are picked from those used on
+ * this page for dynamic ftrace. They have been
+ * simplified to ignore all traces in NMI context.
+ */
+static atomic_t in_nmi;
+
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+}
+
+void ftrace_nmi_exit(void)
+{
+        atomic_dec(&in_nmi);
+}
+#endif /* !CONFIG_DYNAMIC_FTRACE */
+
+/* Add a function return address to the trace stack on thread info.*/
+static int push_return_trace(unsigned long ret, unsigned long long time,
+                                unsigned long func)
+{
+        int index;
+
+        if (!current->ret_stack)
+                return -EBUSY;
+
+        /* The return trace stack is full */
+        if (current->curr_ret_stack == FTRACE_RETFUNC_DEPTH - 1) {
+                atomic_inc(&current->trace_overrun);
+                return -EBUSY;
+        }
+
+        index = ++current->curr_ret_stack;
+        barrier();
+        current->ret_stack[index].ret = ret;
+        current->ret_stack[index].func = func;
+        current->ret_stack[index].calltime = time;
+
+        return 0;
+}
+
+/* Retrieve a function return address to the trace stack on thread info.*/
+static void pop_return_trace(unsigned long *ret, unsigned long long *time,
+                                unsigned long *func, unsigned long *overrun)
+{
+        int index;
+
+        index = current->curr_ret_stack;
+        *ret = current->ret_stack[index].ret;
+        *func = current->ret_stack[index].func;
+        *time = current->ret_stack[index].calltime;
+        *overrun = atomic_read(&current->trace_overrun);
+        current->curr_ret_stack--;
+}
+
+/*
+ * Send the trace to the ring-buffer.
+ * @return the original return address.
+ */
+unsigned long ftrace_return_to_handler(void)
+{
+        struct ftrace_retfunc trace;
+        pop_return_trace(&trace.ret, &trace.calltime, &trace.func,
+                        &trace.overrun);
+        trace.rettime = cpu_clock(raw_smp_processor_id());
+        ftrace_function_return(&trace);
+
+        return trace.ret;
+}
+
+/*
+ * Hook the return address and push it in the stack of return addrs
+ * in current thread info.
+ */
+void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr)
+{
+        unsigned long old;
+        unsigned long long calltime;
+        int faulted;
+        unsigned long return_hooker = (unsigned long)
+                                &return_to_handler;
+
+        /* Nmi's are currently unsupported */
+        if (atomic_read(&in_nmi))
+                return;
+
+        /*
+         * Protect against fault, even if it shouldn't
+         * happen. This tool is too much intrusive to
+         * ignore such a protection.
+         */
+        asm volatile(
+                "1: movl (%[parent_old]), %[old]\n"
+                "2: movl %[return_hooker], (%[parent_replaced])\n"
+                "   movl $0, %[faulted]\n"
+
+                ".section .fixup, \"ax\"\n"
+                "3: movl $1, %[faulted]\n"
+                ".previous\n"
+
+                ".section __ex_table, \"a\"\n"
+                "   .long 1b, 3b\n"
+                "   .long 2b, 3b\n"
+                ".previous\n"
+
+                : [parent_replaced] "=r" (parent), [old] "=r" (old),
+                  [faulted] "=r" (faulted)
+                : [parent_old] "0" (parent), [return_hooker] "r" (return_hooker)
+                : "memory"
+        );
+
+        if (WARN_ON(faulted)) {
+                unregister_ftrace_return();
+                return;
+        }
+
+        if (WARN_ON(!__kernel_text_address(old))) {
+                unregister_ftrace_return();
+                *parent = old;
+                return;
+        }
+
+        calltime = cpu_clock(raw_smp_processor_id());
+
+        if (push_return_trace(old, calltime, self_addr) == -EBUSY)
+                *parent = old;
+}
+
+#endif /* CONFIG_FUNCTION_RET_TRACER */
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index a03e7f6d90c3..10786af95545 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -6,6 +6,7 @@
 #include <linux/sched.h>
 #include <linux/stacktrace.h>
 #include <linux/module.h>
+#include <linux/uaccess.h>
 #include <asm/stacktrace.h>
 
 static void save_stack_warning(void *data, char *msg)
@@ -83,3 +84,66 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
                 trace->entries[trace->nr_entries++] = ULONG_MAX;
 }
 EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+
+/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */
+
+struct stack_frame {
+        const void __user       *next_fp;
+        unsigned long           ret_addr;
+};
+
+static int copy_stack_frame(const void __user *fp, struct stack_frame *frame)
+{
+        int ret;
+
+        if (!access_ok(VERIFY_READ, fp, sizeof(*frame)))
+                return 0;
+
+        ret = 1;
+        pagefault_disable();
+        if (__copy_from_user_inatomic(frame, fp, sizeof(*frame)))
+                ret = 0;
+        pagefault_enable();
+
+        return ret;
+}
+
+static inline void __save_stack_trace_user(struct stack_trace *trace)
+{
+        const struct pt_regs *regs = task_pt_regs(current);
+        const void __user *fp = (const void __user *)regs->bp;
+
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = regs->ip;
+
+        while (trace->nr_entries < trace->max_entries) {
+                struct stack_frame frame;
+
+                frame.next_fp = NULL;
+                frame.ret_addr = 0;
+                if (!copy_stack_frame(fp, &frame))
+                        break;
+                if ((unsigned long)fp < regs->sp)
+                        break;
+                if (frame.ret_addr) {
+                        trace->entries[trace->nr_entries++] =
+                                frame.ret_addr;
+                }
+                if (fp == frame.next_fp)
+                        break;
+                fp = frame.next_fp;
+        }
+}
+
+void save_stack_trace_user(struct stack_trace *trace)
+{
+        /*
+         * Trace user stack if we are not a kernel thread
+         */
+        if (current->mm) {
+                __save_stack_trace_user(trace);
+        }
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
+
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 0b8b6690a86d..6f3d3d4cd973 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -17,6 +17,9 @@
  *  want per guest time just set the kernel.vsyscall64 sysctl to 0.
  */
 
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
+
 #include <linux/time.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 9e68075544f6..4a20b2f9a381 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -39,7 +39,7 @@ static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned lon
 #define __do_strncpy_from_user(dst, src, count, res)                       \
 do {                                                                       \
         int __d0, __d1, __d2;                                              \
-        might_sleep();                                                     \
+        might_fault();                                                     \
         __asm__ __volatile__(                                              \
                 "       testl %1,%1\n"                                     \
                 "       jz 2f\n"                                           \
@@ -126,7 +126,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 #define __do_clear_user(addr,size)                                      \
 do {                                                                    \
         int __d0;                                                       \
-        might_sleep();                                                  \
+        might_fault();                                                  \
         __asm__ __volatile__(                                           \
                 "0:     rep; stosl\n"                                   \
                 "       movl %2,%0\n"                                   \
@@ -155,7 +155,7 @@ do {									\
 unsigned long
 clear_user(void __user *to, unsigned long n)
 {
-        might_sleep();
+        might_fault();
         if (access_ok(VERIFY_WRITE, to, n))
                 __do_clear_user(to, n);
         return n;
@@ -197,7 +197,7 @@ long strnlen_user(const char __user *s, long n)
         unsigned long mask = -__addr_ok(s);
         unsigned long res, tmp;
 
-        might_sleep();
+        might_fault();
 
         __asm__ __volatile__(
                 "       testl %0, %0\n"
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index f4df6e7c718b..64d6c84e6353 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -15,7 +15,7 @@
 #define __do_strncpy_from_user(dst,src,count,res)                          \
 do {                                                                       \
         long __d0, __d1, __d2;                                             \
-        might_sleep();                                                     \
+        might_fault();                                                     \
         __asm__ __volatile__(                                              \
                 "       testq %1,%1\n"                                     \
                 "       jz 2f\n"                                           \
@@ -64,7 +64,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 unsigned long __clear_user(void __user *addr, unsigned long size)
 {
         long __d0;
-        might_sleep();
+        might_fault();
         /* no memory constraint because it doesn't change any memory gcc knows
            about */
         asm volatile(
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fea4565ff576..d8cc96a2738f 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -8,9 +8,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
 
-obj-$(CONFIG_MMIOTRACE_HOOKS)   += kmmio.o
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
-mmiotrace-y                     := pf_in.o mmio-mod.o
+mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
 
 obj-$(CONFIG_NUMA)              += numa_$(BITS).o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 31e8730fa246..4152d3c3b138 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -53,7 +53,7 @@
 
 static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
 {
-#ifdef CONFIG_MMIOTRACE_HOOKS
+#ifdef CONFIG_MMIOTRACE
         if (unlikely(is_kmmio_active()))
                 if (kmmio_handler(regs, addr) == 1)
                         return -1;
diff --git a/arch/x86/vdso/vclock_gettime.c b/arch/x86/vdso/vclock_gettime.c
index 1ef0f90813d6..d9d35824c56f 100644
--- a/arch/x86/vdso/vclock_gettime.c
+++ b/arch/x86/vdso/vclock_gettime.c
@@ -9,6 +9,9 @@
  * Also alternative() doesn't work.
  */
 
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
+
 #include <linux/kernel.h>
 #include <linux/posix-timers.h>
 #include <linux/time.h>