46 files changed, 2012 insertions, 1208 deletions
diff --git a/arch/ia64/include/asm/topology.h b/arch/ia64/include/asm/topology.h
index 35bcb641c9e5..a3cc9f65f954 100644
--- a/arch/ia64/include/asm/topology.h
+++ b/arch/ia64/include/asm/topology.h
@@ -55,7 +55,6 @@
 void build_cpu_to_node_map(void);
 #define SD_CPU_INIT (struct sched_domain) {             \
-        .span                   = CPU_MASK_NONE,        \
        .parent                 = NULL,                 \
        .child                  = NULL,                 \
        .groups                 = NULL,                 \
@@ -80,7 +79,6 @@ void build_cpu_to_node_map(void);
 /* sched_domains SD_NODE_INIT for IA64 NUMA machines */
 #define SD_NODE_INIT (struct sched_domain) {            \
-        .span                   = CPU_MASK_NONE,        \
        .parent                 = NULL,                 \
        .child                  = NULL,                 \
        .groups                 = NULL,                 \
diff --git a/arch/mips/include/asm/mach-ip27/topology.h b/arch/mips/include/asm/mach-ip27/topology.h
index 7785bec732f2..1fb959f98982 100644
--- a/arch/mips/include/asm/mach-ip27/topology.h
+++ b/arch/mips/include/asm/mach-ip27/topology.h
@@ -37,7 +37,6 @@ extern unsigned char __node_distances[MAX_COMPACT_NODES][MAX_COMPACT_NODES];
 /* sched_domains SD_NODE_INIT for SGI IP27 machines */
 #define SD_NODE_INIT (struct sched_domain) {            \
-        .span                   = CPU_MASK_NONE,        \
        .parent                 = NULL,                 \
        .child                  = NULL,                 \
        .groups                 = NULL,                 \
diff --git a/arch/powerpc/include/asm/ftrace.h b/arch/powerpc/include/asm/ftrace.h
index b298f7a631e6..e5f2ae8362f7 100644
--- a/arch/powerpc/include/asm/ftrace.h
+++ b/arch/powerpc/include/asm/ftrace.h
@@ -7,7 +7,19 @@
 #ifndef __ASSEMBLY__
 extern void _mcount(void);
-#endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+static inline unsigned long ftrace_call_adjust(unsigned long addr)
+{
+       /* reloction of mcount call site is the same as the address */
+       return addr;
+}
+struct dyn_arch_ftrace {
+        struct module *mod;
+};
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif
diff --git a/arch/powerpc/include/asm/module.h b/arch/powerpc/include/asm/module.h
index e5f14b13ccf0..08454880a2c0 100644
--- a/arch/powerpc/include/asm/module.h
+++ b/arch/powerpc/include/asm/module.h
@@ -34,11 +34,19 @@ struct mod_arch_specific {
 #ifdef __powerpc64__
        unsigned int stubs_section;     /* Index of stubs section in module */
        unsigned int toc_section;       /* What section is the TOC? */
-#else
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long toc;
+        unsigned long tramp;
+#endif
+#else /* powerpc64 */
        /* Indices of PLT sections within module. */
        unsigned int core_plt_section;
        unsigned int init_plt_section;
+#ifdef CONFIG_DYNAMIC_FTRACE
+        unsigned long tramp;
 #endif
+#endif /* powerpc64 */
        /* List of BUG addresses, source line numbers and filenames */
        struct list_head bug_list;
@@ -68,6 +76,12 @@ struct mod_arch_specific {
 #    endif      /* MODULE */
 #endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+#    ifdef MODULE
+        asm(".section .ftrace.tramp,\"ax\",@nobits; .align 3; .previous");
+#    endif      /* MODULE */
+#endif
 struct exception_table_entry;
 void sort_ex_table(struct exception_table_entry *start,
diff --git a/arch/powerpc/include/asm/topology.h b/arch/powerpc/include/asm/topology.h
index c32da6f97999..373fca394a54 100644
--- a/arch/powerpc/include/asm/topology.h
+++ b/arch/powerpc/include/asm/topology.h
@@ -48,7 +48,6 @@ static inline int pcibus_to_node(struct pci_bus *bus)
 /* sched_domains SD_NODE_INIT for PPC64 machines */
 #define SD_NODE_INIT (struct sched_domain) {            \
-        .span                   = CPU_MASK_NONE,        \
        .parent                 = NULL,                 \
        .child                  = NULL,                 \
        .groups                 = NULL,                 \
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 92673b43858d..d17edb4a2f9d 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -17,6 +17,7 @@ ifdef CONFIG_FUNCTION_TRACER
 CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog
 CFLAGS_REMOVE_prom_init.o = -pg -mno-sched-epilog
 CFLAGS_REMOVE_btext.o = -pg -mno-sched-epilog
+CFLAGS_REMOVE_prom.o = -pg -mno-sched-epilog
 ifdef CONFIG_DYNAMIC_FTRACE
 # dynamic ftrace setup.
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 7ecc0d1855c3..6f7eb7e00c79 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -1162,39 +1162,17 @@ machine_check_in_rtas:
 #ifdef CONFIG_DYNAMIC_FTRACE
 _GLOBAL(mcount)
 _GLOBAL(_mcount)
-        stwu    r1,-48(r1)
+        /*
-        stw     r3, 12(r1)
+         * It is required that _mcount on PPC32 must preserve the
-        stw     r4, 16(r1)
+         * link register. But we have r0 to play with. We use r0
-        stw     r5, 20(r1)
+         * to push the return address back to the caller of mcount
-        stw     r6, 24(r1)
+         * into the ctr register, restore the link register and
-        mflr    r3
+         * then jump back using the ctr register.
-        stw     r7, 28(r1)
+         */
-        mfcr    r5
+        mflr    r0
-        stw     r8, 32(r1)
-        stw     r9, 36(r1)
-        stw     r10,40(r1)
-        stw     r3, 44(r1)
-        stw     r5, 8(r1)
-        subi    r3, r3, MCOUNT_INSN_SIZE
-        .globl mcount_call
-mcount_call:
-        bl      ftrace_stub
-        nop
-        lwz     r6, 8(r1)
-        lwz     r0, 44(r1)
-        lwz     r3, 12(r1)
        mtctr   r0
-        lwz     r4, 16(r1)
+        lwz     r0, 4(r1)
-        mtcr    r6
-        lwz     r5, 20(r1)
-        lwz     r6, 24(r1)
-        lwz     r0, 52(r1)
-        lwz     r7, 28(r1)
-        lwz     r8, 32(r1)
        mtlr    r0
-        lwz     r9, 36(r1)
-        lwz     r10,40(r1)
-        addi    r1, r1, 48
        bctr
 _GLOBAL(ftrace_caller)
diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
index e0bcf9354286..383ed6eb0085 100644
--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -894,18 +894,6 @@ _GLOBAL(enter_prom)
 #ifdef CONFIG_DYNAMIC_FTRACE
 _GLOBAL(mcount)
 _GLOBAL(_mcount)
-        /* Taken from output of objdump from lib64/glibc */
-        mflr    r3
-        stdu    r1, -112(r1)
-        std     r3, 128(r1)
-        subi    r3, r3, MCOUNT_INSN_SIZE
-        .globl mcount_call
-mcount_call:
-        bl      ftrace_stub
-        nop
-        ld      r0, 128(r1)
-        mtlr    r0
-        addi    r1, r1, 112
        blr
 _GLOBAL(ftrace_caller)
diff --git a/arch/powerpc/kernel/ftrace.c b/arch/powerpc/kernel/ftrace.c
index f4b006ed0ab1..5355244c99ff 100644
--- a/arch/powerpc/kernel/ftrace.c
+++ b/arch/powerpc/kernel/ftrace.c
@@ -9,22 +9,30 @@
 #include <linux/spinlock.h>
 #include <linux/hardirq.h>
+#include <linux/uaccess.h>
+#include <linux/module.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <asm/cacheflush.h>
+#include <asm/code-patching.h>
 #include <asm/ftrace.h>
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(fmt , ...)       do { } while (0)
+#endif
-static unsigned int ftrace_nop = 0x60000000;
+static unsigned int ftrace_nop = PPC_NOP_INSTR;
 #ifdef CONFIG_PPC32
 # define GET_ADDR(addr) addr
 #else
 /* PowerPC64's functions are data that points to the functions */
-# define GET_ADDR(addr) *(unsigned long *)addr
+# define GET_ADDR(addr) (*(unsigned long *)addr)
 #endif
@@ -33,12 +41,12 @@ static unsigned int ftrace_calc_offset(long ip, long addr)
        return (int)(addr - ip);
 }
-unsigned char *ftrace_nop_replace(void)
+static unsigned char *ftrace_nop_replace(void)
 {
        return (char *)&ftrace_nop;
 }
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
        static unsigned int op;
@@ -68,49 +76,422 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 # define _ASM_PTR       " .long "
 #endif
-int
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                   unsigned char *new_code)
 {
-        unsigned replaced;
+        unsigned char replaced[MCOUNT_INSN_SIZE];
-        unsigned old = *(unsigned *)old_code;
-        unsigned new = *(unsigned *)new_code;
-        int faulted = 0;
        /*
         * Note: Due to modules and __init, code can
         *  disappear and change, we need to protect against faulting
-         *  as well as code changing.
+         *  as well as code changing. We do this by using the
+         *  probe_kernel_* functions.
         *
         * No real locking needed, this code is run through
-         * kstop_machine.
+         * kstop_machine, or before SMP starts.
         */
-        asm volatile (
-                "1: lwz         %1, 0(%2)\n"
+        /* read the text we want to modify */
-                "   cmpw        %1, %5\n"
+        if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
-                "   bne         2f\n"
+                return -EFAULT;
-                "   stwu        %3, 0(%2)\n"
-                "2:\n"
+        /* Make sure it is what we expect it to be */
-                ".section .fixup, \"ax\"\n"
+        if (memcmp(replaced, old_code, MCOUNT_INSN_SIZE) != 0)
-                "3:     li %0, 1\n"
+                return -EINVAL;
-                "       b 2b\n"
-                ".previous\n"
+        /* replace the text with the new text */
-                ".section __ex_table,\"a\"\n"
+        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
-                _ASM_ALIGN "\n"
+                return -EPERM;
-                _ASM_PTR "1b, 3b\n"
-                ".previous"
+        flush_icache_range(ip, ip + 8);
-                : "=r"(faulted), "=r"(replaced)
-                : "r"(ip), "r"(new),
+        return 0;
-                  "0"(faulted), "r"(old)
+}
-                : "memory");
+/*
-        if (replaced != old && replaced != new)
+ * Helper functions that are the same for both PPC64 and PPC32.
-                faulted = 2;
+ */
+static int test_24bit_addr(unsigned long ip, unsigned long addr)
-        if (!faulted)
+{
-                flush_icache_range(ip, ip + 8);
+        /* use the create_branch to verify that this offset can be branched */
-        return faulted;
+        return create_branch((unsigned int *)ip, addr, 0);
+}
+static int is_bl_op(unsigned int op)
+{
+        return (op & 0xfc000003) == 0x48000001;
+}
+static unsigned long find_bl_target(unsigned long ip, unsigned int op)
+{
+        static int offset;
+        offset = (op & 0x03fffffc);
+        /* make it signed */
+        if (offset & 0x02000000)
+                offset |= 0xfe000000;
+        return ip + (long)offset;
+}
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned int jmp[5];
+        unsigned long ptr;
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        int offset;
+        /* read where this goes */
+        if (probe_kernel_read(&op, (void *)ip, sizeof(int)))
+                return -EFAULT;
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
+                return -EINVAL;
+        }
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, op);
+        /*
+         * On PPC64 the trampoline looks like:
+         * 0x3d, 0x82, 0x00, 0x00,    addis   r12,r2, <high>
+         * 0x39, 0x8c, 0x00, 0x00,    addi    r12,r12, <low>
+         *   Where the bytes 2,3,6 and 7 make up the 32bit offset
+         *   to the TOC that holds the pointer.
+         *   to jump to.
+         * 0xf8, 0x41, 0x00, 0x28,    std     r2,40(r1)
+         * 0xe9, 0x6c, 0x00, 0x20,    ld      r11,32(r12)
+         *   The actually address is 32 bytes from the offset
+         *   into the TOC.
+         * 0xe8, 0x4c, 0x00, 0x28,    ld      r2,40(r12)
+         */
+        DEBUGP("ip:%lx jumps to %lx r2: %lx", ip, tramp, mod->arch.toc);
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x", jmp[0], jmp[1]);
+        /* verify that this is what we expect it to be */
+        if (((jmp[0] & 0xffff0000) != 0x3d820000) ||
+            ((jmp[1] & 0xffff0000) != 0x398c0000) ||
+            (jmp[2] != 0xf8410028) ||
+            (jmp[3] != 0xe96c0020) ||
+            (jmp[4] != 0xe84c0028)) {
+                printk(KERN_ERR "Not a trampoline\n");
+                return -EINVAL;
+        }
+        offset = (unsigned)((unsigned short)jmp[0]) << 16 |
+                (unsigned)((unsigned short)jmp[1]);
+        DEBUGP(" %x ", offset);
+        /* get the address this jumps too */
+        tramp = mod->arch.toc + offset + 32;
+        DEBUGP("toc: %lx", tramp);
+        if (probe_kernel_read(jmp, (void *)tramp, 8)) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x\n", jmp[0], jmp[1]);
+        ptr = ((unsigned long)jmp[0] << 32) + jmp[1];
+        /* This should match what was called */
+        if (ptr != GET_ADDR(addr)) {
+                printk(KERN_ERR "addr does not match %lx\n", ptr);
+                return -EINVAL;
+        }
+        /*
+         * We want to nop the line, but the next line is
+         *  0xe8, 0x41, 0x00, 0x28   ld r2,40(r1)
+         * This needs to be turned to a nop too.
+         */
+        if (probe_kernel_read(&op, (void *)(ip+4), MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        if (op != 0xe8410028) {
+                printk(KERN_ERR "Next line is not ld! (%08x)\n", op);
+                return -EINVAL;
+        }
+        /*
+         * Milton Miller pointed out that we can not blindly do nops.
+         * If a task was preempted when calling a trace function,
+         * the nops will remove the way to restore the TOC in r2
+         * and the r2 TOC will get corrupted.
+         */
+        /*
+         * Replace:
+         *   bl <tramp>  <==== will be replaced with "b 1f"
+         *   ld r2,40(r1)
+         *  1:
+         */
+        op = 0x48000008;        /* b +8 */
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#else /* !PPC64 */
+static int
+__ftrace_make_nop(struct module *mod,
+                  struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned int jmp[4];
+        unsigned long ip = rec->ip;
+        unsigned long tramp;
+        if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        /* Make sure that that this is still a 24bit jump */
+        if (!is_bl_op(op)) {
+                printk(KERN_ERR "Not expected bl: opcode is %x\n", op);
+                return -EINVAL;
+        }
+        /* lets find where the pointer goes */
+        tramp = find_bl_target(ip, op);
+        /*
+         * On PPC32 the trampoline looks like:
+         *  0x3d, 0x60, 0x00, 0x00  lis r11,sym@ha
+         *  0x39, 0x6b, 0x00, 0x00  addi r11,r11,sym@l
+         *  0x7d, 0x69, 0x03, 0xa6  mtctr r11
+         *  0x4e, 0x80, 0x04, 0x20  bctr
+         */
+        DEBUGP("ip:%lx jumps to %lx", ip, tramp);
+        /* Find where the trampoline jumps to */
+        if (probe_kernel_read(jmp, (void *)tramp, sizeof(jmp))) {
+                printk(KERN_ERR "Failed to read %lx\n", tramp);
+                return -EFAULT;
+        }
+        DEBUGP(" %08x %08x ", jmp[0], jmp[1]);
+        /* verify that this is what we expect it to be */
+        if (((jmp[0] & 0xffff0000) != 0x3d600000) ||
+            ((jmp[1] & 0xffff0000) != 0x396b0000) ||
+            (jmp[2] != 0x7d6903a6) ||
+            (jmp[3] != 0x4e800420)) {
+                printk(KERN_ERR "Not a trampoline\n");
+                return -EINVAL;
+        }
+        tramp = (jmp[1] & 0xffff) |
+                ((jmp[0] & 0xffff) << 16);
+        if (tramp & 0x8000)
+                tramp -= 0x10000;
+        DEBUGP(" %x ", tramp);
+        if (tramp != addr) {
+                printk(KERN_ERR
+                       "Trampoline location %08lx does not match addr\n",
+                       tramp);
+                return -EINVAL;
+        }
+        op = PPC_NOP_INSTR;
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#endif /* PPC64 */
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_call_replace(ip, addr);
+                new = ftrace_nop_replace();
+                return ftrace_modify_code(ip, old, new);
+        }
+        /*
+         * Out of range jumps are called from modules.
+         * We should either already have a pointer to the module
+         * or it has been passed in.
+         */
+        if (!rec->arch.mod) {
+                if (!mod) {
+                        printk(KERN_ERR "No module loaded addr=%lx\n",
+                               addr);
+                        return -EFAULT;
+                }
+                rec->arch.mod = mod;
+        } else if (mod) {
+                if (mod != rec->arch.mod) {
+                        printk(KERN_ERR
+                               "Record mod %p not equal to passed in mod %p\n",
+                               rec->arch.mod, mod);
+                        return -EINVAL;
+                }
+                /* nothing to do if mod == rec->arch.mod */
+        } else
+                mod = rec->arch.mod;
+        return __ftrace_make_nop(mod, rec, addr);
+}
+#ifdef CONFIG_PPC64
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op[2];
+        unsigned long ip = rec->ip;
+        /* read where this goes */
+        if (probe_kernel_read(op, (void *)ip, MCOUNT_INSN_SIZE * 2))
+                return -EFAULT;
+        /*
+         * It should be pointing to two nops or
+         *  b +8; ld r2,40(r1)
+         */
+        if (((op[0] != 0x48000008) || (op[1] != 0xe8410028)) &&
+            ((op[0] != PPC_NOP_INSTR) || (op[1] != PPC_NOP_INSTR))) {
+                printk(KERN_ERR "Expected NOPs but have %x %x\n", op[0], op[1]);
+                return -EINVAL;
+        }
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+        /* create the branch to the trampoline */
+        op[0] = create_branch((unsigned int *)ip,
+                              rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
+        if (!op[0]) {
+                printk(KERN_ERR "REL24 out of range!\n");
+                return -EINVAL;
+        }
+        /* ld r2,40(r1) */
+        op[1] = 0xe8410028;
+        DEBUGP("write to %lx\n", rec->ip);
+        if (probe_kernel_write((void *)ip, op, MCOUNT_INSN_SIZE * 2))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#else
+static int
+__ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned int op;
+        unsigned long ip = rec->ip;
+        /* read where this goes */
+        if (probe_kernel_read(&op, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        /* It should be pointing to a nop */
+        if (op != PPC_NOP_INSTR) {
+                printk(KERN_ERR "Expected NOP but have %x\n", op);
+                return -EINVAL;
+        }
+        /* If we never set up a trampoline to ftrace_caller, then bail */
+        if (!rec->arch.mod->arch.tramp) {
+                printk(KERN_ERR "No ftrace trampoline\n");
+                return -EINVAL;
+        }
+        /* create the branch to the trampoline */
+        op = create_branch((unsigned int *)ip,
+                           rec->arch.mod->arch.tramp, BRANCH_SET_LINK);
+        if (!op) {
+                printk(KERN_ERR "REL24 out of range!\n");
+                return -EINVAL;
+        }
+        DEBUGP("write to %lx\n", rec->ip);
+        if (probe_kernel_write((void *)ip, &op, MCOUNT_INSN_SIZE))
+                return -EPERM;
+        flush_icache_range(ip, ip + 8);
+        return 0;
+}
+#endif /* CONFIG_PPC64 */
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *old, *new;
+        unsigned long ip = rec->ip;
+        /*
+         * If the calling address is more that 24 bits away,
+         * then we had to use a trampoline to make the call.
+         * Otherwise just update the call site.
+         */
+        if (test_24bit_addr(ip, addr)) {
+                /* within range */
+                old = ftrace_nop_replace();
+                new = ftrace_call_replace(ip, addr);
+                return ftrace_modify_code(ip, old, new);
+        }
+        /*
+         * Out of range jumps are called from modules.
+         * Being that we are converting from nop, it had better
+         * already have a module defined.
+         */
+        if (!rec->arch.mod) {
+                printk(KERN_ERR "No module loaded\n");
+                return -EINVAL;
+        }
+        return __ftrace_make_call(rec, addr);
 }
 int ftrace_update_ftrace_func(ftrace_func_t func)
@@ -128,10 +509,10 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
 int __init ftrace_dyn_arch_init(void *data)
 {
-        /* This is running in kstop_machine */
+        /* caller expects data to be zero */
+        unsigned long *p = data;
-        ftrace_mcount_set(data);
+        *p = 0;
        return 0;
 }
diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c
index 31982d05d81a..88d9c1d5e5fb 100644
--- a/arch/powerpc/kernel/idle.c
+++ b/arch/powerpc/kernel/idle.c
@@ -69,10 +69,15 @@ void cpu_idle(void)
                                smp_mb();
                                local_irq_disable();
+                                /* Don't trace irqs off for idle */
+                                stop_critical_timings();
                                /* check again after disabling irqs */
                                if (!need_resched() && !cpu_should_die())
                                        ppc_md.power_save();
+                                start_critical_timings();
                                local_irq_enable();
                                set_thread_flag(TIF_POLLING_NRFLAG);
diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
index 2df91a03462a..f832773fc28e 100644
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -22,6 +22,7 @@
 #include <linux/fs.h>
 #include <linux/string.h>
 #include <linux/kernel.h>
+#include <linux/ftrace.h>
 #include <linux/cache.h>
 #include <linux/bug.h>
 #include <linux/sort.h>
@@ -53,6 +54,9 @@ static unsigned int count_relocs(const Elf32_Rela *rela, unsigned int num)
                        r_addend = rela[i].r_addend;
                }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        _count_relocs++;        /* add one for ftrace_caller */
+#endif
        return _count_relocs;
 }
@@ -306,5 +310,11 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
                        return -ENOEXEC;
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        module->arch.tramp =
+                do_plt_call(module->module_core,
+                            (unsigned long)ftrace_caller,
+                            sechdrs, module);
+#endif
        return 0;
 }
diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c
index 1af2377e4992..8992b031a7b6 100644
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -20,6 +20,7 @@
 #include <linux/moduleloader.h>
 #include <linux/err.h>
 #include <linux/vmalloc.h>
+#include <linux/ftrace.h>
 #include <linux/bug.h>
 #include <asm/module.h>
 #include <asm/firmware.h>
@@ -163,6 +164,11 @@ static unsigned long get_stubs_size(const Elf64_Ehdr *hdr,
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        /* make the trampoline to the ftrace_caller */
+        relocs++;
+#endif
        DEBUGP("Looks like a total of %lu stubs, max\n", relocs);
        return relocs * sizeof(struct ppc64_stub_entry);
 }
@@ -441,5 +447,12 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
                }
        }
+#ifdef CONFIG_DYNAMIC_FTRACE
+        me->arch.toc = my_r2(sechdrs, me);
+        me->arch.tramp = stub_for_addr(sechdrs,
+                                       (unsigned long)ftrace_caller,
+                                       me);
+#endif
        return 0;
 }
diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile
index d69912c07ce7..8db35278a4b4 100644
--- a/arch/powerpc/lib/Makefile
+++ b/arch/powerpc/lib/Makefile
@@ -6,6 +6,9 @@ ifeq ($(CONFIG_PPC64),y)
 EXTRA_CFLAGS            += -mno-minimal-toc
 endif
+CFLAGS_REMOVE_code-patching.o = -pg
+CFLAGS_REMOVE_feature-fixups.o = -pg
 obj-y                   := string.o alloc.o \
                           checksum_$(CONFIG_WORD_SIZE).o
 obj-$(CONFIG_PPC32)     += div64.o copy_32.o crtsavres.o
diff --git a/arch/sh/include/asm/topology.h b/arch/sh/include/asm/topology.h
index 95f0085e098a..279d9cc4a007 100644
--- a/arch/sh/include/asm/topology.h
+++ b/arch/sh/include/asm/topology.h
@@ -5,7 +5,6 @@
 /* sched_domains SD_NODE_INIT for sh machines */
 #define SD_NODE_INIT (struct sched_domain) {            \
-        .span                   = CPU_MASK_NONE,        \
        .parent                 = NULL,                 \
        .child                  = NULL,                 \
        .groups                 = NULL,                 \
diff --git a/arch/um/include/asm/system.h b/arch/um/include/asm/system.h
index 753346e2cdfd..ae5f94d6317d 100644
--- a/arch/um/include/asm/system.h
+++ b/arch/um/include/asm/system.h
@@ -11,21 +11,21 @@ extern int get_signals(void);
 extern void block_signals(void);
 extern void unblock_signals(void);
-#define local_save_flags(flags) do { typecheck(unsigned long, flags); \
+#define raw_local_save_flags(flags) do { typecheck(unsigned long, flags); \
                                     (flags) = get_signals(); } while(0)
-#define local_irq_restore(flags) do { typecheck(unsigned long, flags); \
+#define raw_local_irq_restore(flags) do { typecheck(unsigned long, flags); \
                                      set_signals(flags); } while(0)
-#define local_irq_save(flags) do { local_save_flags(flags); \
+#define raw_local_irq_save(flags) do { raw_local_save_flags(flags); \
-                                   local_irq_disable(); } while(0)
+                                   raw_local_irq_disable(); } while(0)
-#define local_irq_enable() unblock_signals()
+#define raw_local_irq_enable() unblock_signals()
-#define local_irq_disable() block_signals()
+#define raw_local_irq_disable() block_signals()
 #define irqs_disabled()                 \
 ({                                      \
        unsigned long flags;            \
-        local_save_flags(flags);        \
+        raw_local_save_flags(flags);        \
        (flags == 0);                   \
 })
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b7d2764a215..c7235e643aff 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -29,11 +29,14 @@ config X86
        select HAVE_FTRACE_MCOUNT_RECORD
        select HAVE_DYNAMIC_FTRACE
        select HAVE_FUNCTION_TRACER
+        select HAVE_FUNCTION_GRAPH_TRACER
+        select HAVE_FUNCTION_TRACE_MCOUNT_TEST
        select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
        select HAVE_ARCH_KGDB if !X86_VOYAGER
        select HAVE_ARCH_TRACEHOOK
        select HAVE_GENERIC_DMA_COHERENT if X86_32
        select HAVE_EFFICIENT_UNALIGNED_ACCESS
+        select USER_STACKTRACE_SUPPORT
 config ARCH_DEFCONFIG
        string
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index b815664fe370..85a78575956c 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -515,6 +515,7 @@ config CPU_SUP_UMC_32
 config X86_DS
        def_bool X86_PTRACE_BTS
        depends on X86_DEBUGCTLMSR
+        select HAVE_HW_BRANCH_TRACER
 config X86_PTRACE_BTS
        bool "Branch Trace Store"
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 2a3dfbd5e677..fa013f529b74 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -186,14 +186,10 @@ config IOMMU_LEAK
          Add a simple leak tracer to the IOMMU code. This is useful when you
          are debugging a buggy device driver that leaks IOMMU mappings.
-config MMIOTRACE_HOOKS
-        bool
 config MMIOTRACE
        bool "Memory mapped IO tracing"
        depends on DEBUG_KERNEL && PCI
        select TRACING
-        select MMIOTRACE_HOOKS
        help
          Mmiotrace traces Memory Mapped I/O access and is meant for
          debugging and reverse engineering. It is called from the ioremap
diff --git a/arch/x86/include/asm/ds.h b/arch/x86/include/asm/ds.h
index a95008457ea4..99b6c39774a4 100644
--- a/arch/x86/include/asm/ds.h
+++ b/arch/x86/include/asm/ds.h
@@ -7,13 +7,12 @@
 *
 * It manages:
 * - per-thread and per-cpu allocation of BTS and PEBS
- * - buffer memory allocation (optional)
+ * - buffer overflow handling (to be done)
- * - buffer overflow handling
 * - buffer access
 *
 * It assumes:
- * - get_task_struct on all parameter tasks
+ * - get_task_struct on all traced tasks
- * - current is allowed to trace parameter tasks
+ * - current is allowed to trace tasks
 *
 *
 * Copyright (C) 2007-2008 Intel Corporation.
@@ -26,11 +25,18 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/err.h>
 #ifdef CONFIG_X86_DS
 struct task_struct;
+struct ds_tracer;
+struct bts_tracer;
+struct pebs_tracer;
+typedef void (*bts_ovfl_callback_t)(struct bts_tracer *);
+typedef void (*pebs_ovfl_callback_t)(struct pebs_tracer *);
 /*
 * Request BTS or PEBS
@@ -38,60 +44,62 @@ struct task_struct;
 * Due to alignement constraints, the actual buffer may be slightly
 * smaller than the requested or provided buffer.
 *
- * Returns 0 on success; -Eerrno otherwise
+ * Returns a pointer to a tracer structure on success, or
+ * ERR_PTR(errcode) on failure.
+ *
+ * The interrupt threshold is independent from the overflow callback
+ * to allow users to use their own overflow interrupt handling mechanism.
 *
 * task: the task to request recording for;
 *       NULL for per-cpu recording on the current cpu
 * base: the base pointer for the (non-pageable) buffer;
- *       NULL if buffer allocation requested
+ * size: the size of the provided buffer in bytes
- * size: the size of the requested or provided buffer
 * ovfl: pointer to a function to be called on buffer overflow;
 *       NULL if cyclic buffer requested
+ * th: the interrupt threshold in records from the end of the buffer;
+ *     -1 if no interrupt threshold is requested.
 */
-typedef void (*ds_ovfl_callback_t)(struct task_struct *);
+extern struct bts_tracer *ds_request_bts(struct task_struct *task,
-extern int ds_request_bts(struct task_struct *task, void *base, size_t size,
+                                         void *base, size_t size,
-                          ds_ovfl_callback_t ovfl);
+                                         bts_ovfl_callback_t ovfl, size_t th);
-extern int ds_request_pebs(struct task_struct *task, void *base, size_t size,
+extern struct pebs_tracer *ds_request_pebs(struct task_struct *task,
-                           ds_ovfl_callback_t ovfl);
+                                           void *base, size_t size,
+                                           pebs_ovfl_callback_t ovfl,
+                                           size_t th);
 /*
 * Release BTS or PEBS resources
 *
- * Frees buffers allocated on ds_request.
- *
 * Returns 0 on success; -Eerrno otherwise
 *
- * task: the task to release resources for;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to release resources for the current cpu
 */
-extern int ds_release_bts(struct task_struct *task);
+extern int ds_release_bts(struct bts_tracer *tracer);
-extern int ds_release_pebs(struct task_struct *task);
+extern int ds_release_pebs(struct pebs_tracer *tracer);
 /*
- * Return the (array) index of the write pointer.
+ * Get the (array) index of the write pointer.
 * (assuming an array of BTS/PEBS records)
 *
- * Returns -Eerrno on error
+ * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
+ * pos (out): will hold the result
- * pos (out): if not NULL, will hold the result
 */
-extern int ds_get_bts_index(struct task_struct *task, size_t *pos);
+extern int ds_get_bts_index(struct bts_tracer *tracer, size_t *pos);
-extern int ds_get_pebs_index(struct task_struct *task, size_t *pos);
+extern int ds_get_pebs_index(struct pebs_tracer *tracer, size_t *pos);
 /*
- * Return the (array) index one record beyond the end of the array.
+ * Get the (array) index one record beyond the end of the array.
 * (assuming an array of BTS/PEBS records)
 *
- * Returns -Eerrno on error
+ * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
+ * pos (out): will hold the result
- * pos (out): if not NULL, will hold the result
 */
-extern int ds_get_bts_end(struct task_struct *task, size_t *pos);
+extern int ds_get_bts_end(struct bts_tracer *tracer, size_t *pos);
-extern int ds_get_pebs_end(struct task_struct *task, size_t *pos);
+extern int ds_get_pebs_end(struct pebs_tracer *tracer, size_t *pos);
 /*
 * Provide a pointer to the BTS/PEBS record at parameter index.
@@ -102,14 +110,13 @@ extern int ds_get_pebs_end(struct task_struct *task, size_t *pos);
 *
 * Returns the size of a single record on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
 * index: the index of the requested record
 * record (out): pointer to the requested record
 */
-extern int ds_access_bts(struct task_struct *task,
+extern int ds_access_bts(struct bts_tracer *tracer,
                         size_t index, const void **record);
-extern int ds_access_pebs(struct task_struct *task,
+extern int ds_access_pebs(struct pebs_tracer *tracer,
                          size_t index, const void **record);
 /*
@@ -129,38 +136,24 @@ extern int ds_access_pebs(struct task_struct *task,
 *
 * Returns the number of bytes written or -Eerrno.
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
 * buffer: the buffer to write
 * size: the size of the buffer
 */
-extern int ds_write_bts(struct task_struct *task,
+extern int ds_write_bts(struct bts_tracer *tracer,
                        const void *buffer, size_t size);
-extern int ds_write_pebs(struct task_struct *task,
+extern int ds_write_pebs(struct pebs_tracer *tracer,
                         const void *buffer, size_t size);
 /*
- * Same as ds_write_bts/pebs, but omit ownership checks.
- *
- * This is needed to have some other task than the owner of the
- * BTS/PEBS buffer or the parameter task itself write into the
- * respective buffer.
- */
-extern int ds_unchecked_write_bts(struct task_struct *task,
-                                  const void *buffer, size_t size);
-extern int ds_unchecked_write_pebs(struct task_struct *task,
-                                   const void *buffer, size_t size);
-/*
 * Reset the write pointer of the BTS/PEBS buffer.
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
 */
-extern int ds_reset_bts(struct task_struct *task);
+extern int ds_reset_bts(struct bts_tracer *tracer);
-extern int ds_reset_pebs(struct task_struct *task);
+extern int ds_reset_pebs(struct pebs_tracer *tracer);
 /*
 * Clear the BTS/PEBS buffer and reset the write pointer.
@@ -168,33 +161,30 @@ extern int ds_reset_pebs(struct task_struct *task);
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_~()
- *       NULL to access the current cpu
 */
-extern int ds_clear_bts(struct task_struct *task);
+extern int ds_clear_bts(struct bts_tracer *tracer);
-extern int ds_clear_pebs(struct task_struct *task);
+extern int ds_clear_pebs(struct pebs_tracer *tracer);
 /*
 * Provide the PEBS counter reset value.
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_pebs()
- *       NULL to access the current cpu
 * value (out): the counter reset value
 */
-extern int ds_get_pebs_reset(struct task_struct *task, u64 *value);
+extern int ds_get_pebs_reset(struct pebs_tracer *tracer, u64 *value);
 /*
 * Set the PEBS counter reset value.
 *
 * Returns 0 on success; -Eerrno on error
 *
- * task: the task to access;
+ * tracer: the tracer handle returned from ds_request_pebs()
- *       NULL to access the current cpu
 * value: the new counter reset value
 */
-extern int ds_set_pebs_reset(struct task_struct *task, u64 value);
+extern int ds_set_pebs_reset(struct pebs_tracer *tracer, u64 value);
 /*
 * Initialization
@@ -207,17 +197,13 @@ extern void __cpuinit ds_init_intel(struct cpuinfo_x86 *);
 /*
 * The DS context - part of struct thread_struct.
 */
+#define MAX_SIZEOF_DS (12 * 8)
 struct ds_context {
        /* pointer to the DS configuration; goes into MSR_IA32_DS_AREA */
-        unsigned char *ds;
+        unsigned char ds[MAX_SIZEOF_DS];
        /* the owner of the BTS and PEBS configuration, respectively */
-        struct task_struct *owner[2];
+        struct ds_tracer  *owner[2];
-        /* buffer overflow notification function for BTS and PEBS */
-        ds_ovfl_callback_t callback[2];
-        /* the original buffer address */
-        void *buffer[2];
-        /* the number of allocated pages for on-request allocated buffers */
-        unsigned int pages[2];
        /* use count */
        unsigned long count;
        /* a pointer to the context location inside the thread_struct
diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h
index 9e8bc29b8b17..7e61b4ceb9a4 100644
--- a/arch/x86/include/asm/ftrace.h
+++ b/arch/x86/include/asm/ftrace.h
@@ -17,8 +17,40 @@ static inline unsigned long ftrace_call_adjust(unsigned long addr)
         */
        return addr - 1;
 }
-#endif
+#ifdef CONFIG_DYNAMIC_FTRACE
+struct dyn_arch_ftrace {
+        /* No extra data needed for x86 */
+};
+#endif /*  CONFIG_DYNAMIC_FTRACE */
+#endif /* __ASSEMBLY__ */
 #endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+#ifndef __ASSEMBLY__
+/*
+ * Stack of return addresses for functions
+ * of a thread.
+ * Used in struct thread_info
+ */
+struct ftrace_ret_stack {
+        unsigned long ret;
+        unsigned long func;
+        unsigned long long calltime;
+};
+/*
+ * Primary handler of a function return.
+ * It relays on ftrace_return_to_handler.
+ * Defined in entry32.S
+ */
+extern void return_to_handler(void);
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
 #endif /* _ASM_X86_FTRACE_H */
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index e44d379faad2..0921b4018c11 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -20,6 +20,8 @@
 struct task_struct;
 struct exec_domain;
 #include <asm/processor.h>
+#include <asm/ftrace.h>
+#include <asm/atomic.h>
 struct thread_info {
        struct task_struct      *task;          /* main task structure */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 35c54921b2e4..99192bb55a53 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -157,6 +157,7 @@ extern int __get_user_bad(void);
        int __ret_gu;                                                   \
        unsigned long __val_gu;                                         \
        __chk_user_ptr(ptr);                                            \
+        might_fault();                                                  \
        switch (sizeof(*(ptr))) {                                       \
        case 1:                                                         \
                __get_user_x(1, __ret_gu, __val_gu, ptr);               \
@@ -241,6 +242,7 @@ extern void __put_user_8(void);
        int __ret_pu;                                           \
        __typeof__(*(ptr)) __pu_val;                            \
        __chk_user_ptr(ptr);                                    \
+        might_fault();                                          \
        __pu_val = x;                                           \
        switch (sizeof(*(ptr))) {                               \
        case 1:                                                 \
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index d095a3aeea1b..5e06259e90e5 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -82,8 +82,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
 static __always_inline unsigned long __must_check
 __copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-       might_sleep();
+        might_fault();
-       return __copy_to_user_inatomic(to, from, n);
+        return __copy_to_user_inatomic(to, from, n);
 }
 static __always_inline unsigned long
@@ -137,7 +137,7 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long
 __copy_from_user(void *to, const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
        if (__builtin_constant_p(n)) {
                unsigned long ret;
@@ -159,7 +159,7 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
 static __always_inline unsigned long __copy_from_user_nocache(void *to,
                                const void __user *from, unsigned long n)
 {
-        might_sleep();
+        might_fault();
        if (__builtin_constant_p(n)) {
                unsigned long ret;
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index f8cfd00db450..84210c479fca 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -29,6 +29,8 @@ static __always_inline __must_check
 int __copy_from_user(void *dst, const void __user *src, unsigned size)
 {
        int ret = 0;
+        might_fault();
        if (!__builtin_constant_p(size))
                return copy_user_generic(dst, (__force void *)src, size);
        switch (size) {
@@ -71,6 +73,8 @@ static __always_inline __must_check
 int __copy_to_user(void __user *dst, const void *src, unsigned size)
 {
        int ret = 0;
+        might_fault();
        if (!__builtin_constant_p(size))
                return copy_user_generic((__force void *)dst, src, size);
        switch (size) {
@@ -113,6 +117,8 @@ static __always_inline __must_check
 int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
 {
        int ret = 0;
+        might_fault();
        if (!__builtin_constant_p(size))
                return copy_user_generic((__force void *)dst,
                                         (__force void *)src, size);
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index b62a7667828e..1cad9318d217 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -25,7 +25,7 @@ CFLAGS_tsc.o		:= $(nostackp)
 obj-y                   := process_$(BITS).o signal_$(BITS).o entry_$(BITS).o
 obj-y                   += traps.o irq.o irq_$(BITS).o dumpstack_$(BITS).o
-obj-y                   += time_$(BITS).o ioport.o ldt.o
+obj-y                   += time_$(BITS).o ioport.o ldt.o dumpstack.o
 obj-y                   += setup.o i8259.o irqinit_$(BITS).o setup_percpu.o
 obj-$(CONFIG_X86_VISWS) += visws_quirks.o
 obj-$(CONFIG_X86_32)    += probe_roms_32.o
@@ -65,6 +65,7 @@ obj-$(CONFIG_X86_LOCAL_APIC)	+= apic.o nmi.o
 obj-$(CONFIG_X86_IO_APIC)       += io_apic.o
 obj-$(CONFIG_X86_REBOOTFIXUPS)  += reboot_fixups_32.o
 obj-$(CONFIG_DYNAMIC_FTRACE)    += ftrace.o
+obj-$(CONFIG_FUNCTION_GRAPH_TRACER)     += ftrace.o
 obj-$(CONFIG_KEXEC)             += machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
diff --git a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
index 8e48c5d4467d..88ea02dcb622 100644
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -33,6 +33,7 @@
 #include <linux/cpufreq.h>
 #include <linux/compiler.h>
 #include <linux/dmi.h>
+#include <linux/ftrace.h>
 #include <linux/acpi.h>
 #include <acpi/processor.h>
@@ -391,6 +392,7 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
        unsigned int next_perf_state = 0; /* Index into perf table */
        unsigned int i;
        int result = 0;
+        struct power_trace it;
        dprintk("acpi_cpufreq_target %d (%d)\n", target_freq, policy->cpu);
@@ -427,6 +429,8 @@ static int acpi_cpufreq_target(struct cpufreq_policy *policy,
                }
        }
+        trace_power_mark(&it, POWER_PSTATE, next_perf_state);
        switch (data->cpu_feature) {
        case SYSTEM_INTEL_MSR_CAPABLE:
                cmd.type = SYSTEM_INTEL_MSR_CAPABLE;
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index cce0b6118d55..816f27f289b1 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -307,12 +307,11 @@ static void __cpuinit init_intel(struct cpuinfo_x86 *c)
                set_cpu_cap(c, X86_FEATURE_P4);
        if (c->x86 == 6)
                set_cpu_cap(c, X86_FEATURE_P3);
+#endif
        if (cpu_has_bts)
                ptrace_bts_init_intel(c);
-#endif
        detect_extended_topology(c);
        if (!cpu_has(c, X86_FEATURE_XTOPOLOGY)) {
                /*
diff --git a/arch/x86/kernel/ds.c b/arch/x86/kernel/ds.c
index a2d1176c38ee..19a8c2c0389f 100644
--- a/arch/x86/kernel/ds.c
+++ b/arch/x86/kernel/ds.c
@@ -7,13 +7,12 @@
 *
 * It manages:
 * - per-thread and per-cpu allocation of BTS and PEBS
- * - buffer memory allocation (optional)
+ * - buffer overflow handling (to be done)
- * - buffer overflow handling
 * - buffer access
 *
 * It assumes:
- * - get_task_struct on all parameter tasks
+ * - get_task_struct on all traced tasks
- * - current is allowed to trace parameter tasks
+ * - current is allowed to trace tasks
 *
 *
 * Copyright (C) 2007-2008 Intel Corporation.
@@ -28,6 +27,7 @@
 #include <linux/slab.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
+#include <linux/kernel.h>
 /*
@@ -44,6 +44,33 @@ struct ds_configuration {
 };
 static struct ds_configuration ds_cfg;
+/*
+ * A BTS or PEBS tracer.
+ *
+ * This holds the configuration of the tracer and serves as a handle
+ * to identify tracers.
+ */
+struct ds_tracer {
+        /* the DS context (partially) owned by this tracer */
+        struct ds_context *context;
+        /* the buffer provided on ds_request() and its size in bytes */
+        void *buffer;
+        size_t size;
+};
+struct bts_tracer {
+        /* the common DS part */
+        struct ds_tracer ds;
+        /* buffer overflow notification function */
+        bts_ovfl_callback_t ovfl;
+};
+struct pebs_tracer {
+        /* the common DS part */
+        struct ds_tracer ds;
+        /* buffer overflow notification function */
+        pebs_ovfl_callback_t ovfl;
+};
 /*
 * Debug Store (DS) save area configuration (see Intel64 and IA32
@@ -107,34 +134,13 @@ static inline void ds_set(unsigned char *base, enum ds_qualifier qual,
        (*(unsigned long *)base) = value;
 }
+#define DS_ALIGNMENT (1 << 3)   /* BTS and PEBS buffer alignment */
-/*
- * Locking is done only for allocating BTS or PEBS resources and for
- * guarding context and buffer memory allocation.
- *
- * Most functions require the current task to own the ds context part
- * they are going to access. All the locking is done when validating
- * access to the context.
- */
-static spinlock_t ds_lock = __SPIN_LOCK_UNLOCKED(ds_lock);
 /*
- * Validate that the current task is allowed to access the BTS/PEBS
+ * Locking is done only for allocating BTS or PEBS resources.
- * buffer of the parameter task.
- *
- * Returns 0, if access is granted; -Eerrno, otherwise.
 */
-static inline int ds_validate_access(struct ds_context *context,
+static spinlock_t ds_lock = __SPIN_LOCK_UNLOCKED(ds_lock);
-                                     enum ds_qualifier qual)
-{
-        if (!context)
-                return -EPERM;
-        if (context->owner[qual] == current)
-                return 0;
-        return -EPERM;
-}
 /*
@@ -183,51 +189,13 @@ static inline int check_tracer(struct task_struct *task)
 *
 * Contexts are use-counted. They are allocated on first access and
 * deallocated when the last user puts the context.
- *
- * We distinguish between an allocating and a non-allocating get of a
- * context:
- * - the allocating get is used for requesting BTS/PEBS resources. It
- *   requires the caller to hold the global ds_lock.
- * - the non-allocating get is used for all other cases. A
- *   non-existing context indicates an error. It acquires and releases
- *   the ds_lock itself for obtaining the context.
- *
- * A context and its DS configuration are allocated and deallocated
- * together. A context always has a DS configuration of the
- * appropriate size.
 */
 static DEFINE_PER_CPU(struct ds_context *, system_context);
 #define this_system_context per_cpu(system_context, smp_processor_id())
-/*
- * Returns the pointer to the parameter task's context or to the
- * system-wide context, if task is NULL.
- *
- * Increases the use count of the returned context, if not NULL.
- */
 static inline struct ds_context *ds_get_context(struct task_struct *task)
 {
-        struct ds_context *context;
-        unsigned long irq;
-        spin_lock_irqsave(&ds_lock, irq);
-        context = (task ? task->thread.ds_ctx : this_system_context);
-        if (context)
-                context->count++;
-        spin_unlock_irqrestore(&ds_lock, irq);
-        return context;
-}
-/*
- * Same as ds_get_context, but allocates the context and it's DS
- * structure, if necessary; returns NULL; if out of memory.
- */
-static inline struct ds_context *ds_alloc_context(struct task_struct *task)
-{
        struct ds_context **p_context =
                (task ? &task->thread.ds_ctx : &this_system_context);
        struct ds_context *context = *p_context;
@@ -238,16 +206,9 @@ static inline struct ds_context *ds_alloc_context(struct task_struct *task)
                if (!context)
                        return NULL;
-                context->ds = kzalloc(ds_cfg.sizeof_ds, GFP_KERNEL);
-                if (!context->ds) {
-                        kfree(context);
-                        return NULL;
-                }
                spin_lock_irqsave(&ds_lock, irq);
                if (*p_context) {
-                        kfree(context->ds);
                        kfree(context);
                        context = *p_context;
@@ -272,10 +233,6 @@ static inline struct ds_context *ds_alloc_context(struct task_struct *task)
        return context;
 }
-/*
- * Decreases the use count of the parameter context, if not NULL.
- * Deallocates the context, if the use count reaches zero.
- */
 static inline void ds_put_context(struct ds_context *context)
 {
        unsigned long irq;
@@ -296,13 +253,6 @@ static inline void ds_put_context(struct ds_context *context)
        if (!context->task || (context->task == current))
                wrmsrl(MSR_IA32_DS_AREA, 0);
-        put_tracer(context->task);
-        /* free any leftover buffers from tracers that did not
-         * deallocate them properly. */
-        kfree(context->buffer[ds_bts]);
-        kfree(context->buffer[ds_pebs]);
-        kfree(context->ds);
        kfree(context);
 out:
        spin_unlock_irqrestore(&ds_lock, irq);
@@ -312,345 +262,342 @@ static inline void ds_put_context(struct ds_context *context)
 /*
 * Handle a buffer overflow
 *
- * task: the task whose buffers are overflowing;
- *       NULL for a buffer overflow on the current cpu
 * context: the ds context
 * qual: the buffer type
 */
-static void ds_overflow(struct task_struct *task, struct ds_context *context,
+static void ds_overflow(struct ds_context *context, enum ds_qualifier qual)
-                        enum ds_qualifier qual)
+{
-{
+        switch (qual) {
-        if (!context)
+        case ds_bts: {
-                return;
+                struct bts_tracer *tracer =
+                        container_of(context->owner[qual],
-        if (context->callback[qual])
+                                     struct bts_tracer, ds);
-                (*context->callback[qual])(task);
+                if (tracer->ovfl)
+                        tracer->ovfl(tracer);
-        /* todo: do some more overflow handling */
+        }
+                break;
+        case ds_pebs: {
+                struct pebs_tracer *tracer =
+                        container_of(context->owner[qual],
+                                     struct pebs_tracer, ds);
+                if (tracer->ovfl)
+                        tracer->ovfl(tracer);
+        }
+                break;
+        }
 }
-/*
+static void ds_install_ds_config(struct ds_context *context,
- * Allocate a non-pageable buffer of the parameter size.
+                                 enum ds_qualifier qual,
- * Checks the memory and the locked memory rlimit.
+                                 void *base, size_t size, size_t ith)
- *
- * Returns the buffer, if successful;
- *         NULL, if out of memory or rlimit exceeded.
- *
- * size: the requested buffer size in bytes
- * pages (out): if not NULL, contains the number of pages reserved
- */
-static inline void *ds_allocate_buffer(size_t size, unsigned int *pages)
 {
-        unsigned long rlim, vm, pgsz;
+        unsigned long buffer, adj;
-        void *buffer;
-        pgsz = PAGE_ALIGN(size) >> PAGE_SHIFT;
-        rlim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
-        vm   = current->mm->total_vm  + pgsz;
-        if (rlim < vm)
-                return NULL;
-        rlim = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
+        /* adjust the buffer address and size to meet alignment
-        vm   = current->mm->locked_vm  + pgsz;
+         * constraints:
-        if (rlim < vm)
+         * - buffer is double-word aligned
-                return NULL;
+         * - size is multiple of record size
+         *
+         * We checked the size at the very beginning; we have enough
+         * space to do the adjustment.
+         */
+        buffer = (unsigned long)base;
-        buffer = kzalloc(size, GFP_KERNEL);
+        adj = ALIGN(buffer, DS_ALIGNMENT) - buffer;
-        if (!buffer)
+        buffer += adj;
-                return NULL;
+        size   -= adj;
-        current->mm->total_vm  += pgsz;
+        size /= ds_cfg.sizeof_rec[qual];
-        current->mm->locked_vm += pgsz;
+        size *= ds_cfg.sizeof_rec[qual];
-        if (pages)
+        ds_set(context->ds, qual, ds_buffer_base, buffer);
-                *pages = pgsz;
+        ds_set(context->ds, qual, ds_index, buffer);
+        ds_set(context->ds, qual, ds_absolute_maximum, buffer + size);
-        return buffer;
+        /* The value for 'no threshold' is -1, which will set the
+         * threshold outside of the buffer, just like we want it.
+         */
+        ds_set(context->ds, qual,
+               ds_interrupt_threshold, buffer + size - ith);
 }
-static int ds_request(struct task_struct *task, void *base, size_t size,
+static int ds_request(struct ds_tracer *tracer, enum ds_qualifier qual,
-                      ds_ovfl_callback_t ovfl, enum ds_qualifier qual)
+                      struct task_struct *task,
+                      void *base, size_t size, size_t th)
 {
        struct ds_context *context;
-        unsigned long buffer, adj;
-        const unsigned long alignment = (1 << 3);
        unsigned long irq;
-        int error = 0;
+        int error;
+        error = -EOPNOTSUPP;
        if (!ds_cfg.sizeof_ds)
-                return -EOPNOTSUPP;
+                goto out;
+        error = -EINVAL;
+        if (!base)
+                goto out;
        /* we require some space to do alignment adjustments below */
-        if (size < (alignment + ds_cfg.sizeof_rec[qual]))
+        error = -EINVAL;
-                return -EINVAL;
+        if (size < (DS_ALIGNMENT + ds_cfg.sizeof_rec[qual]))
+                goto out;
-        /* buffer overflow notification is not yet implemented */
+        if (th != (size_t)-1) {
-        if (ovfl)
+                th *= ds_cfg.sizeof_rec[qual];
-                return -EOPNOTSUPP;
+                error = -EINVAL;
+                if (size <= th)
+                        goto out;
+        }
+        tracer->buffer = base;
+        tracer->size = size;
-        context = ds_alloc_context(task);
+        error = -ENOMEM;
+        context = ds_get_context(task);
        if (!context)
-                return -ENOMEM;
+                goto out;
+        tracer->context = context;
        spin_lock_irqsave(&ds_lock, irq);
        error = -EPERM;
        if (!check_tracer(task))
                goto out_unlock;
        get_tracer(task);
-        error = -EALREADY;
-        if (context->owner[qual] == current)
-                goto out_put_tracer;
        error = -EPERM;
-        if (context->owner[qual] != NULL)
+        if (context->owner[qual])
                goto out_put_tracer;
-        context->owner[qual] = current;
+        context->owner[qual] = tracer;
        spin_unlock_irqrestore(&ds_lock, irq);
-        error = -ENOMEM;
+        ds_install_ds_config(context, qual, base, size, th);
-        if (!base) {
-                base = ds_allocate_buffer(size, &context->pages[qual]);
-                if (!base)
-                        goto out_release;
-                context->buffer[qual]   = base;
-        }
-        error = 0;
-        context->callback[qual] = ovfl;
+        return 0;
-        /* adjust the buffer address and size to meet alignment
-         * constraints:
-         * - buffer is double-word aligned
-         * - size is multiple of record size
-         *
-         * We checked the size at the very beginning; we have enough
-         * space to do the adjustment.
-         */
-        buffer = (unsigned long)base;
-        adj = ALIGN(buffer, alignment) - buffer;
-        buffer += adj;
-        size   -= adj;
-        size /= ds_cfg.sizeof_rec[qual];
-        size *= ds_cfg.sizeof_rec[qual];
-        ds_set(context->ds, qual, ds_buffer_base, buffer);
-        ds_set(context->ds, qual, ds_index, buffer);
-        ds_set(context->ds, qual, ds_absolute_maximum, buffer + size);
-        if (ovfl) {
-                /* todo: select a suitable interrupt threshold */
-        } else
-                ds_set(context->ds, qual,
-                       ds_interrupt_threshold, buffer + size + 1);
-        /* we keep the context until ds_release */
-        return error;
- out_release:
-        context->owner[qual] = NULL;
-        ds_put_context(context);
-        put_tracer(task);
-        return error;
 out_put_tracer:
-        spin_unlock_irqrestore(&ds_lock, irq);
-        ds_put_context(context);
        put_tracer(task);
-        return error;
 out_unlock:
        spin_unlock_irqrestore(&ds_lock, irq);
        ds_put_context(context);
+        tracer->context = NULL;
+ out:
        return error;
 }
-int ds_request_bts(struct task_struct *task, void *base, size_t size,
+struct bts_tracer *ds_request_bts(struct task_struct *task,
-                   ds_ovfl_callback_t ovfl)
+                                  void *base, size_t size,
+                                  bts_ovfl_callback_t ovfl, size_t th)
 {
-        return ds_request(task, base, size, ovfl, ds_bts);
+        struct bts_tracer *tracer;
-}
+        int error;
-int ds_request_pebs(struct task_struct *task, void *base, size_t size,
+        /* buffer overflow notification is not yet implemented */
-                    ds_ovfl_callback_t ovfl)
+        error = -EOPNOTSUPP;
-{
+        if (ovfl)
-        return ds_request(task, base, size, ovfl, ds_pebs);
+                goto out;
+        error = -ENOMEM;
+        tracer = kzalloc(sizeof(*tracer), GFP_KERNEL);
+        if (!tracer)
+                goto out;
+        tracer->ovfl = ovfl;
+        error = ds_request(&tracer->ds, ds_bts, task, base, size, th);
+        if (error < 0)
+                goto out_tracer;
+        return tracer;
+ out_tracer:
+        kfree(tracer);
+ out:
+        return ERR_PTR(error);
 }
-static int ds_release(struct task_struct *task, enum ds_qualifier qual)
+struct pebs_tracer *ds_request_pebs(struct task_struct *task,
+                                    void *base, size_t size,
+                                    pebs_ovfl_callback_t ovfl, size_t th)
 {
-        struct ds_context *context;
+        struct pebs_tracer *tracer;
        int error;
-        context = ds_get_context(task);
+        /* buffer overflow notification is not yet implemented */
-        error = ds_validate_access(context, qual);
+        error = -EOPNOTSUPP;
-        if (error < 0)
+        if (ovfl)
                goto out;
-        kfree(context->buffer[qual]);
+        error = -ENOMEM;
-        context->buffer[qual] = NULL;
+        tracer = kzalloc(sizeof(*tracer), GFP_KERNEL);
+        if (!tracer)
+                goto out;
+        tracer->ovfl = ovfl;
-        current->mm->total_vm  -= context->pages[qual];
+        error = ds_request(&tracer->ds, ds_pebs, task, base, size, th);
-        current->mm->locked_vm -= context->pages[qual];
+        if (error < 0)
-        context->pages[qual] = 0;
+                goto out_tracer;
-        context->owner[qual] = NULL;
-        /*
+        return tracer;
-         * we put the context twice:
-         *   once for the ds_get_context
+ out_tracer:
-         *   once for the corresponding ds_request
+        kfree(tracer);
-         */
-        ds_put_context(context);
 out:
-        ds_put_context(context);
+        return ERR_PTR(error);
-        return error;
 }
-int ds_release_bts(struct task_struct *task)
+static void ds_release(struct ds_tracer *tracer, enum ds_qualifier qual)
 {
-        return ds_release(task, ds_bts);
+        BUG_ON(tracer->context->owner[qual] != tracer);
+        tracer->context->owner[qual] = NULL;
+        put_tracer(tracer->context->task);
+        ds_put_context(tracer->context);
 }
-int ds_release_pebs(struct task_struct *task)
+int ds_release_bts(struct bts_tracer *tracer)
 {
-        return ds_release(task, ds_pebs);
+        if (!tracer)
+                return -EINVAL;
+        ds_release(&tracer->ds, ds_bts);
+        kfree(tracer);
+        return 0;
 }
-static int ds_get_index(struct task_struct *task, size_t *pos,
+int ds_release_pebs(struct pebs_tracer *tracer)
-                        enum ds_qualifier qual)
 {
-        struct ds_context *context;
+        if (!tracer)
-        unsigned long base, index;
+                return -EINVAL;
-        int error;
-        context = ds_get_context(task);
+        ds_release(&tracer->ds, ds_pebs);
-        error = ds_validate_access(context, qual);
+        kfree(tracer);
-        if (error < 0)
-                goto out;
+        return 0;
+}
+static size_t ds_get_index(struct ds_context *context, enum ds_qualifier qual)
+{
+        unsigned long base, index;
        base  = ds_get(context->ds, qual, ds_buffer_base);
        index = ds_get(context->ds, qual, ds_index);
-        error = ((index - base) / ds_cfg.sizeof_rec[qual]);
+        return (index - base) / ds_cfg.sizeof_rec[qual];
-        if (pos)
-                *pos = error;
- out:
-        ds_put_context(context);
-        return error;
 }
-int ds_get_bts_index(struct task_struct *task, size_t *pos)
+int ds_get_bts_index(struct bts_tracer *tracer, size_t *pos)
 {
-        return ds_get_index(task, pos, ds_bts);
+        if (!tracer)
+                return -EINVAL;
+        if (!pos)
+                return -EINVAL;
+        *pos = ds_get_index(tracer->ds.context, ds_bts);
+        return 0;
 }
-int ds_get_pebs_index(struct task_struct *task, size_t *pos)
+int ds_get_pebs_index(struct pebs_tracer *tracer, size_t *pos)
 {
-        return ds_get_index(task, pos, ds_pebs);
+        if (!tracer)
+                return -EINVAL;
+        if (!pos)
+                return -EINVAL;
+        *pos = ds_get_index(tracer->ds.context, ds_pebs);
+        return 0;
 }
-static int ds_get_end(struct task_struct *task, size_t *pos,
+static size_t ds_get_end(struct ds_context *context, enum ds_qualifier qual)
-                      enum ds_qualifier qual)
 {
-        struct ds_context *context;
+        unsigned long base, max;
-        unsigned long base, end;
-        int error;
-        context = ds_get_context(task);
-        error = ds_validate_access(context, qual);
-        if (error < 0)
-                goto out;
        base = ds_get(context->ds, qual, ds_buffer_base);
-        end  = ds_get(context->ds, qual, ds_absolute_maximum);
+        max  = ds_get(context->ds, qual, ds_absolute_maximum);
-        error = ((end - base) / ds_cfg.sizeof_rec[qual]);
+        return (max - base) / ds_cfg.sizeof_rec[qual];
-        if (pos)
-                *pos = error;
- out:
-        ds_put_context(context);
-        return error;
 }
-int ds_get_bts_end(struct task_struct *task, size_t *pos)
+int ds_get_bts_end(struct bts_tracer *tracer, size_t *pos)
 {
-        return ds_get_end(task, pos, ds_bts);
+        if (!tracer)
+                return -EINVAL;
+        if (!pos)
+                return -EINVAL;
+        *pos = ds_get_end(tracer->ds.context, ds_bts);
+        return 0;
 }
-int ds_get_pebs_end(struct task_struct *task, size_t *pos)
+int ds_get_pebs_end(struct pebs_tracer *tracer, size_t *pos)
 {
-        return ds_get_end(task, pos, ds_pebs);
+        if (!tracer)
+                return -EINVAL;
+        if (!pos)
+                return -EINVAL;
+        *pos = ds_get_end(tracer->ds.context, ds_pebs);
+        return 0;
 }
-static int ds_access(struct task_struct *task, size_t index,
+static int ds_access(struct ds_context *context, enum ds_qualifier qual,
-                     const void **record, enum ds_qualifier qual)
+                     size_t index, const void **record)
 {
-        struct ds_context *context;
        unsigned long base, idx;
-        int error;
        if (!record)
                return -EINVAL;
-        context = ds_get_context(task);
-        error = ds_validate_access(context, qual);
-        if (error < 0)
-                goto out;
        base = ds_get(context->ds, qual, ds_buffer_base);
        idx = base + (index * ds_cfg.sizeof_rec[qual]);
-        error = -EINVAL;
        if (idx > ds_get(context->ds, qual, ds_absolute_maximum))
-                goto out;
+                return -EINVAL;
        *record = (const void *)idx;
-        error = ds_cfg.sizeof_rec[qual];
- out:
+        return ds_cfg.sizeof_rec[qual];
-        ds_put_context(context);
-        return error;
 }
-int ds_access_bts(struct task_struct *task, size_t index, const void **record)
+int ds_access_bts(struct bts_tracer *tracer, size_t index,
+                  const void **record)
 {
-        return ds_access(task, index, record, ds_bts);
+        if (!tracer)
+                return -EINVAL;
+        return ds_access(tracer->ds.context, ds_bts, index, record);
 }
-int ds_access_pebs(struct task_struct *task, size_t index, const void **record)
+int ds_access_pebs(struct pebs_tracer *tracer, size_t index,
+                   const void **record)
 {
-        return ds_access(task, index, record, ds_pebs);
+        if (!tracer)
+                return -EINVAL;
+        return ds_access(tracer->ds.context, ds_pebs, index, record);
 }
-static int ds_write(struct task_struct *task, const void *record, size_t size,
+static int ds_write(struct ds_context *context, enum ds_qualifier qual,
-                    enum ds_qualifier qual, int force)
+                    const void *record, size_t size)
 {
-        struct ds_context *context;
+        int bytes_written = 0;
-        int error;
        if (!record)
                return -EINVAL;
-        error = -EPERM;
-        context = ds_get_context(task);
-        if (!context)
-                goto out;
-        if (!force) {
-                error = ds_validate_access(context, qual);
-                if (error < 0)
-                        goto out;
-        }
-        error = 0;
        while (size) {
                unsigned long base, index, end, write_end, int_th;
                unsigned long write_size, adj_write_size;
@@ -678,14 +625,14 @@ static int ds_write(struct task_struct *task, const void *record, size_t size,
                        write_end = end;
                if (write_end <= index)
-                        goto out;
+                        break;
                write_size = min((unsigned long) size, write_end - index);
                memcpy((void *)index, record, write_size);
                record = (const char *)record + write_size;
-                size  -= write_size;
+                size -= write_size;
-                error += write_size;
+                bytes_written += write_size;
                adj_write_size = write_size / ds_cfg.sizeof_rec[qual];
                adj_write_size *= ds_cfg.sizeof_rec[qual];
@@ -700,47 +647,32 @@ static int ds_write(struct task_struct *task, const void *record, size_t size,
                ds_set(context->ds, qual, ds_index, index);
                if (index >= int_th)
-                        ds_overflow(task, context, qual);
+                        ds_overflow(context, qual);
        }
- out:
+        return bytes_written;
-        ds_put_context(context);
-        return error;
 }
-int ds_write_bts(struct task_struct *task, const void *record, size_t size)
+int ds_write_bts(struct bts_tracer *tracer, const void *record, size_t size)
 {
-        return ds_write(task, record, size, ds_bts, /* force = */ 0);
+        if (!tracer)
-}
+                return -EINVAL;
-int ds_write_pebs(struct task_struct *task, const void *record, size_t size)
+        return ds_write(tracer->ds.context, ds_bts, record, size);
-{
-        return ds_write(task, record, size, ds_pebs, /* force = */ 0);
 }
-int ds_unchecked_write_bts(struct task_struct *task,
+int ds_write_pebs(struct pebs_tracer *tracer, const void *record, size_t size)
-                           const void *record, size_t size)
 {
-        return ds_write(task, record, size, ds_bts, /* force = */ 1);
+        if (!tracer)
-}
+                return -EINVAL;
-int ds_unchecked_write_pebs(struct task_struct *task,
+        return ds_write(tracer->ds.context, ds_pebs, record, size);
-                            const void *record, size_t size)
-{
-        return ds_write(task, record, size, ds_pebs, /* force = */ 1);
 }
-static int ds_reset_or_clear(struct task_struct *task,
+static void ds_reset_or_clear(struct ds_context *context,
-                             enum ds_qualifier qual, int clear)
+                              enum ds_qualifier qual, int clear)
 {
-        struct ds_context *context;
        unsigned long base, end;
-        int error;
-        context = ds_get_context(task);
-        error = ds_validate_access(context, qual);
-        if (error < 0)
-                goto out;
        base = ds_get(context->ds, qual, ds_buffer_base);
        end  = ds_get(context->ds, qual, ds_absolute_maximum);
@@ -749,70 +681,69 @@ static int ds_reset_or_clear(struct task_struct *task,
                memset((void *)base, 0, end - base);
        ds_set(context->ds, qual, ds_index, base);
-        error = 0;
- out:
-        ds_put_context(context);
-        return error;
 }
-int ds_reset_bts(struct task_struct *task)
+int ds_reset_bts(struct bts_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_bts, /* clear = */ 0);
+        if (!tracer)
+                return -EINVAL;
+        ds_reset_or_clear(tracer->ds.context, ds_bts, /* clear = */ 0);
+        return 0;
 }
-int ds_reset_pebs(struct task_struct *task)
+int ds_reset_pebs(struct pebs_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 0);
+        if (!tracer)
+                return -EINVAL;
+        ds_reset_or_clear(tracer->ds.context, ds_pebs, /* clear = */ 0);
+        return 0;
 }
-int ds_clear_bts(struct task_struct *task)
+int ds_clear_bts(struct bts_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_bts, /* clear = */ 1);
+        if (!tracer)
+                return -EINVAL;
+        ds_reset_or_clear(tracer->ds.context, ds_bts, /* clear = */ 1);
+        return 0;
 }
-int ds_clear_pebs(struct task_struct *task)
+int ds_clear_pebs(struct pebs_tracer *tracer)
 {
-        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 1);
+        if (!tracer)
+                return -EINVAL;
+        ds_reset_or_clear(tracer->ds.context, ds_pebs, /* clear = */ 1);
+        return 0;
 }
-int ds_get_pebs_reset(struct task_struct *task, u64 *value)
+int ds_get_pebs_reset(struct pebs_tracer *tracer, u64 *value)
 {
-        struct ds_context *context;
+        if (!tracer)
-        int error;
+                return -EINVAL;
        if (!value)
                return -EINVAL;
-        context = ds_get_context(task);
+        *value = *(u64 *)(tracer->ds.context->ds + (ds_cfg.sizeof_field * 8));
-        error = ds_validate_access(context, ds_pebs);
-        if (error < 0)
-                goto out;
-        *value = *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8));
+        return 0;
-        error = 0;
- out:
-        ds_put_context(context);
-        return error;
 }
-int ds_set_pebs_reset(struct task_struct *task, u64 value)
+int ds_set_pebs_reset(struct pebs_tracer *tracer, u64 value)
 {
-        struct ds_context *context;
+        if (!tracer)
-        int error;
+                return -EINVAL;
-        context = ds_get_context(task);
-        error = ds_validate_access(context, ds_pebs);
-        if (error < 0)
-                goto out;
-        *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8)) = value;
+        *(u64 *)(tracer->ds.context->ds + (ds_cfg.sizeof_field * 8)) = value;
-        error = 0;
+        return 0;
- out:
-        ds_put_context(context);
-        return error;
 }
 static const struct ds_configuration ds_cfg_var = {
@@ -840,6 +771,10 @@ static inline void
 ds_configure(const struct ds_configuration *cfg)
 {
        ds_cfg = *cfg;
+        printk(KERN_INFO "DS available\n");
+        BUG_ON(MAX_SIZEOF_DS < ds_cfg.sizeof_ds);
 }
 void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
@@ -847,17 +782,16 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
        switch (c->x86) {
        case 0x6:
                switch (c->x86_model) {
+                case 0 ... 0xC:
+                        /* sorry, don't know about them */
+                        break;
                case 0xD:
                case 0xE: /* Pentium M */
                        ds_configure(&ds_cfg_var);
                        break;
-                case 0xF: /* Core2 */
+                default: /* Core2, Atom, ... */
-                case 0x1C: /* Atom */
                        ds_configure(&ds_cfg_64);
                        break;
-                default:
-                        /* sorry, don't know about them */
-                        break;
                }
                break;
        case 0xF:
@@ -884,6 +818,8 @@ void ds_free(struct ds_context *context)
         * is dying. There should not be any user of that context left
         * to disturb us, anymore. */
        unsigned long leftovers = context->count;
-        while (leftovers--)
+        while (leftovers--) {
+                put_tracer(context->task);
                ds_put_context(context);
+        }
 }
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
new file mode 100644
index 000000000000..6b1f6f6f8661
--- /dev/null
+++ b/arch/x86/kernel/dumpstack.c
@@ -0,0 +1,351 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
+#include <linux/uaccess.h>
+#include <linux/utsname.h>
+#include <linux/hardirq.h>
+#include <linux/kdebug.h>
+#include <linux/module.h>
+#include <linux/ptrace.h>
+#include <linux/kexec.h>
+#include <linux/bug.h>
+#include <linux/nmi.h>
+#include <linux/sysfs.h>
+#include <asm/stacktrace.h>
+#include "dumpstack.h"
+int panic_on_unrecovered_nmi;
+unsigned int code_bytes = 64;
+int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
+static int die_counter;
+void printk_address(unsigned long address, int reliable)
+{
+        printk(" [<%p>] %s%pS\n", (void *) address,
+                        reliable ? "" : "? ", (void *) address);
+}
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+static void
+print_ftrace_graph_addr(unsigned long addr, void *data,
+                        const struct stacktrace_ops *ops,
+                        struct thread_info *tinfo, int *graph)
+{
+        struct task_struct *task = tinfo->task;
+        unsigned long ret_addr;
+        int index = task->curr_ret_stack;
+        if (addr != (unsigned long)return_to_handler)
+                return;
+        if (!task->ret_stack || index < *graph)
+                return;
+        index -= *graph;
+        ret_addr = task->ret_stack[index].ret;
+        ops->address(data, ret_addr, 1);
+        (*graph)++;
+}
+#else
+static inline void
+print_ftrace_graph_addr(unsigned long addr, void *data,
+                        const struct stacktrace_ops *ops,
+                        struct thread_info *tinfo, int *graph)
+{ }
+#endif
+/*
+ * x86-64 can have up to three kernel stacks:
+ * process stack
+ * interrupt stack
+ * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
+ */
+static inline int valid_stack_ptr(struct thread_info *tinfo,
+                        void *p, unsigned int size, void *end)
+{
+        void *t = tinfo;
+        if (end) {
+                if (p < end && p >= (end-THREAD_SIZE))
+                        return 1;
+                else
+                        return 0;
+        }
+        return p > t && p < t + THREAD_SIZE - size;
+}
+unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end, int *graph)
+{
+        struct stack_frame *frame = (struct stack_frame *)bp;
+        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
+                unsigned long addr;
+                addr = *stack;
+                if (__kernel_text_address(addr)) {
+                        if ((unsigned long) stack == bp + sizeof(long)) {
+                                ops->address(data, addr, 1);
+                                frame = frame->next_frame;
+                                bp = (unsigned long) frame;
+                        } else {
+                                ops->address(data, addr, bp == 0);
+                        }
+                        print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
+                }
+                stack++;
+        }
+        return bp;
+}
+static void
+print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
+{
+        printk(data);
+        print_symbol(msg, symbol);
+        printk("\n");
+}
+static void print_trace_warning(void *data, char *msg)
+{
+        printk("%s%s\n", (char *)data, msg);
+}
+static int print_trace_stack(void *data, char *name)
+{
+        printk("%s <%s> ", (char *)data, name);
+        return 0;
+}
+/*
+ * Print one address/symbol entries per line.
+ */
+static void print_trace_address(void *data, unsigned long addr, int reliable)
+{
+        touch_nmi_watchdog();
+        printk(data);
+        printk_address(addr, reliable);
+}
+static const struct stacktrace_ops print_trace_ops = {
+        .warning = print_trace_warning,
+        .warning_symbol = print_trace_warning_symbol,
+        .stack = print_trace_stack,
+        .address = print_trace_address,
+};
+void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl)
+{
+        printk("%sCall Trace:\n", log_lvl);
+        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
+}
+void show_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp)
+{
+        show_trace_log_lvl(task, regs, stack, bp, "");
+}
+void show_stack(struct task_struct *task, unsigned long *sp)
+{
+        show_stack_log_lvl(task, NULL, sp, 0, "");
+}
+/*
+ * The architecture-independent dump_stack generator
+ */
+void dump_stack(void)
+{
+        unsigned long bp = 0;
+        unsigned long stack;
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp)
+                get_bp(bp);
+#endif
+        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+                current->pid, current->comm, print_tainted(),
+                init_utsname()->release,
+                (int)strcspn(init_utsname()->version, " "),
+                init_utsname()->version);
+        show_trace(NULL, NULL, &stack, bp);
+}
+EXPORT_SYMBOL(dump_stack);
+static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static int die_owner = -1;
+static unsigned int die_nest_count;
+unsigned __kprobes long oops_begin(void)
+{
+        int cpu;
+        unsigned long flags;
+        oops_enter();
+        /* racy, but better than risking deadlock. */
+        raw_local_irq_save(flags);
+        cpu = smp_processor_id();
+        if (!__raw_spin_trylock(&die_lock)) {
+                if (cpu == die_owner)
+                        /* nested oops. should stop eventually */;
+                else
+                        __raw_spin_lock(&die_lock);
+        }
+        die_nest_count++;
+        die_owner = cpu;
+        console_verbose();
+        bust_spinlocks(1);
+        return flags;
+}
+void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+{
+        if (regs && kexec_should_crash(current))
+                crash_kexec(regs);
+        bust_spinlocks(0);
+        die_owner = -1;
+        add_taint(TAINT_DIE);
+        die_nest_count--;
+        if (!die_nest_count)
+                /* Nest count reaches zero, release the lock. */
+                __raw_spin_unlock(&die_lock);
+        raw_local_irq_restore(flags);
+        oops_exit();
+        if (!signr)
+                return;
+        if (in_interrupt())
+                panic("Fatal exception in interrupt");
+        if (panic_on_oops)
+                panic("Fatal exception");
+        do_exit(signr);
+}
+int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+{
+#ifdef CONFIG_X86_32
+        unsigned short ss;
+        unsigned long sp;
+#endif
+        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
+#ifdef CONFIG_PREEMPT
+        printk("PREEMPT ");
+#endif
+#ifdef CONFIG_SMP
+        printk("SMP ");
+#endif
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        printk("DEBUG_PAGEALLOC");
+#endif
+        printk("\n");
+        sysfs_printk_last_file();
+        if (notify_die(DIE_OOPS, str, regs, err,
+                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
+                return 1;
+        show_registers(regs);
+#ifdef CONFIG_X86_32
+        sp = (unsigned long) (&regs->sp);
+        savesegment(ss, ss);
+        if (user_mode(regs)) {
+                sp = regs->sp;
+                ss = regs->ss & 0xffff;
+        }
+        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
+        print_symbol("%s", regs->ip);
+        printk(" SS:ESP %04x:%08lx\n", ss, sp);
+#else
+        /* Executive summary in case the oops scrolled away */
+        printk(KERN_ALERT "RIP ");
+        printk_address(regs->ip, 1);
+        printk(" RSP <%016lx>\n", regs->sp);
+#endif
+        return 0;
+}
+/*
+ * This is gone through when something in the kernel has done something bad
+ * and is about to be terminated:
+ */
+void die(const char *str, struct pt_regs *regs, long err)
+{
+        unsigned long flags = oops_begin();
+        int sig = SIGSEGV;
+        if (!user_mode_vm(regs))
+                report_bug(regs->ip, regs);
+        if (__die(str, regs, err))
+                sig = 0;
+        oops_end(flags, regs, sig);
+}
+void notrace __kprobes
+die_nmi(char *str, struct pt_regs *regs, int do_panic)
+{
+        unsigned long flags;
+        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
+                return;
+        /*
+         * We are in trouble anyway, lets at least try
+         * to get a message out.
+         */
+        flags = oops_begin();
+        printk(KERN_EMERG "%s", str);
+        printk(" on CPU%d, ip %08lx, registers:\n",
+                smp_processor_id(), regs->ip);
+        show_registers(regs);
+        oops_end(flags, regs, 0);
+        if (do_panic || panic_on_oops)
+                panic("Non maskable interrupt");
+        nmi_exit();
+        local_irq_enable();
+        do_exit(SIGBUS);
+}
+static int __init oops_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        if (!strcmp(s, "panic"))
+                panic_on_oops = 1;
+        return 0;
+}
+early_param("oops", oops_setup);
+static int __init kstack_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
+        return 0;
+}
+early_param("kstack", kstack_setup);
+static int __init code_bytes_setup(char *s)
+{
+        code_bytes = simple_strtoul(s, NULL, 0);
+        if (code_bytes > 8192)
+                code_bytes = 8192;
+        return 1;
+}
+__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/dumpstack.h b/arch/x86/kernel/dumpstack.h
new file mode 100644
index 000000000000..da87590b8698
--- /dev/null
+++ b/arch/x86/kernel/dumpstack.h
@@ -0,0 +1,39 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#ifndef DUMPSTACK_H
+#define DUMPSTACK_H
+#ifdef CONFIG_X86_32
+#define STACKSLOTS_PER_LINE 8
+#define get_bp(bp) asm("movl %%ebp, %0" : "=r" (bp) :)
+#else
+#define STACKSLOTS_PER_LINE 4
+#define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
+#endif
+extern unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end, int *graph);
+extern void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl);
+extern void
+show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *sp, unsigned long bp, char *log_lvl);
+extern unsigned int code_bytes;
+extern int kstack_depth_to_print;
+/* The form of the top of the frame on the stack */
+struct stack_frame {
+        struct stack_frame *next_frame;
+        unsigned long return_address;
+};
+#endif
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
index b3614752197b..d593cd1f58dc 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -17,69 +17,14 @@
 #include <asm/stacktrace.h>
-#define STACKSLOTS_PER_LINE 8
+#include "dumpstack.h"
-#define get_bp(bp) asm("movl %%ebp, %0" : "=r" (bp) :)
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
-static unsigned int code_bytes = 64;
-static int die_counter;
-void printk_address(unsigned long address, int reliable)
-{
-        printk(" [<%p>] %s%pS\n", (void *) address,
-                        reliable ? "" : "? ", (void *) address);
-}
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size, void *end)
-{
-        void *t = tinfo;
-        if (end) {
-                if (p < end && p >= (end-THREAD_SIZE))
-                        return 1;
-                else
-                        return 0;
-        }
-        return p > t && p < t + THREAD_SIZE - size;
-}
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
-                unsigned long addr;
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + sizeof(long)) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
 void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp,
                const struct stacktrace_ops *ops, void *data)
 {
+        int graph = 0;
        if (!task)
                task = current;
@@ -107,7 +52,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                context = (struct thread_info *)
                        ((unsigned long)stack & (~(THREAD_SIZE - 1)));
-                bp = print_context_stack(context, stack, bp, ops, data, NULL);
+                bp = print_context_stack(context, stack, bp, ops,
+                                         data, NULL, &graph);
                stack = (unsigned long *)context->previous_esp;
                if (!stack)
@@ -119,57 +65,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
 }
 EXPORT_SYMBOL(dump_trace);
-static void
+void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        printk(data);
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s%s\n", (char *)data, msg);
-}
-static int print_trace_stack(void *data, char *name)
-{
-        printk("%s <%s> ", (char *)data, name);
-        return 0;
-}
-/*
- * Print one address/symbol entries per line.
- */
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        touch_nmi_watchdog();
-        printk(data);
-        printk_address(addr, reliable);
-}
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
-{
-        printk("%sCall Trace:\n", log_lvl);
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-}
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
-{
-        show_trace_log_lvl(task, regs, stack, bp, "");
-}
-static void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
                unsigned long *sp, unsigned long bp, char *log_lvl)
 {
@@ -196,33 +92,6 @@ show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
 }
-void show_stack(struct task_struct *task, unsigned long *sp)
-{
-        show_stack_log_lvl(task, NULL, sp, 0, "");
-}
-/*
- * The architecture-independent dump_stack generator
- */
-void dump_stack(void)
-{
-        unsigned long bp = 0;
-        unsigned long stack;
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                get_bp(bp);
-#endif
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-        show_trace(NULL, NULL, &stack, bp);
-}
-EXPORT_SYMBOL(dump_stack);
 void show_registers(struct pt_regs *regs)
 {
@@ -283,167 +152,3 @@ int is_valid_bugaddr(unsigned long ip)
        return ud2 == 0x0b0f;
 }
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-unsigned __kprobes long oops_begin(void)
-{
-        unsigned long flags;
-        oops_enter();
-        if (die_owner != raw_smp_processor_id()) {
-                console_verbose();
-                raw_local_irq_save(flags);
-                __raw_spin_lock(&die_lock);
-                die_owner = smp_processor_id();
-                die_nest_count = 0;
-                bust_spinlocks(1);
-        } else {
-                raw_local_irq_save(flags);
-        }
-        die_nest_count++;
-        return flags;
-}
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        bust_spinlocks(0);
-        die_owner = -1;
-        add_taint(TAINT_DIE);
-        __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-        if (!regs)
-                return;
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        if (in_interrupt())
-                panic("Fatal exception in interrupt");
-        if (panic_on_oops)
-                panic("Fatal exception");
-        oops_exit();
-        do_exit(signr);
-}
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned short ss;
-        unsigned long sp;
-        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        sysfs_printk_last_file();
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
-                return 1;
-        show_registers(regs);
-        /* Executive summary in case the oops scrolled away */
-        sp = (unsigned long) (&regs->sp);
-        savesegment(ss, ss);
-        if (user_mode(regs)) {
-                sp = regs->sp;
-                ss = regs->ss & 0xffff;
-        }
-        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
-        print_symbol("%s", regs->ip);
-        printk(" SS:ESP %04x:%08lx\n", ss, sp);
-        return 0;
-}
-/*
- * This is gone through when something in the kernel has done something bad
- * and is about to be terminated:
- */
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-        if (die_nest_count < 3) {
-                report_bug(regs->ip, regs);
-                if (__die(str, regs, err))
-                        regs = NULL;
-        } else {
-                printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
-        }
-        oops_end(flags, regs, SIGSEGV);
-}
-static DEFINE_SPINLOCK(nmi_print_lock);
-void notrace __kprobes
-die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-        spin_lock(&nmi_print_lock);
-        /*
-        * We are in trouble anyway, lets at least try
-        * to get a message out:
-        */
-        bust_spinlocks(1);
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (do_panic)
-                panic("Non maskable interrupt");
-        console_silent();
-        spin_unlock(&nmi_print_lock);
-        /*
-         * If we are in kernel we are probably nested up pretty bad
-         * and might aswell get out now while we still can:
-         */
-        if (!user_mode_vm(regs)) {
-                current->thread.trap_no = 2;
-                crash_kexec(regs);
-        }
-        bust_spinlocks(0);
-        do_exit(SIGSEGV);
-}
-static int __init oops_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        if (!strcmp(s, "panic"))
-                panic_on_oops = 1;
-        return 0;
-}
-early_param("oops", oops_setup);
-static int __init kstack_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-        return 0;
-}
-early_param("kstack", kstack_setup);
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
index 96a5db7da8a7..c302d0707048 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -17,19 +17,7 @@
 #include <asm/stacktrace.h>
-#define STACKSLOTS_PER_LINE 4
+#include "dumpstack.h"
-#define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
-static unsigned int code_bytes = 64;
-static int die_counter;
-void printk_address(unsigned long address, int reliable)
-{
-        printk(" [<%p>] %s%pS\n", (void *) address,
-                        reliable ? "" : "? ", (void *) address);
-}
 static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
                                        unsigned *usedp, char **idp)
@@ -113,51 +101,6 @@ static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
 * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
 */
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size, void *end)
-{
-        void *t = tinfo;
-        if (end) {
-                if (p < end && p >= (end-THREAD_SIZE))
-                        return 1;
-                else
-                        return 0;
-        }
-        return p > t && p < t + THREAD_SIZE - size;
-}
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
-                unsigned long addr;
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + sizeof(long)) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
 void dump_trace(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp,
                const struct stacktrace_ops *ops, void *data)
@@ -166,6 +109,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
        unsigned long *irqstack_end = (unsigned long *)cpu_pda(cpu)->irqstackptr;
        unsigned used = 0;
        struct thread_info *tinfo;
+        int graph = 0;
        if (!task)
                task = current;
@@ -206,7 +150,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                                break;
                        bp = print_context_stack(tinfo, stack, bp, ops,
-                                                        data, estack_end);
+                                                 data, estack_end, &graph);
                        ops->stack(data, "<EOE>");
                        /*
                         * We link to the next stack via the
@@ -225,7 +169,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
                                if (ops->stack(data, "IRQ") < 0)
                                        break;
                                bp = print_context_stack(tinfo, stack, bp,
-                                                ops, data, irqstack_end);
+                                        ops, data, irqstack_end, &graph);
                                /*
                                 * We link to the next stack (which would be
                                 * the process stack normally) the last
@@ -243,62 +187,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
        /*
         * This handles the process stack:
         */
-        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL);
+        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL, &graph);
        put_cpu();
 }
 EXPORT_SYMBOL(dump_trace);
-static void
+void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        printk(data);
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s%s\n", (char *)data, msg);
-}
-static int print_trace_stack(void *data, char *name)
-{
-        printk("%s <%s> ", (char *)data, name);
-        return 0;
-}
-/*
- * Print one address/symbol entries per line.
- */
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        touch_nmi_watchdog();
-        printk(data);
-        printk_address(addr, reliable);
-}
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
-{
-        printk("%sCall Trace:\n", log_lvl);
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-}
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
-{
-        show_trace_log_lvl(task, regs, stack, bp, "");
-}
-static void
 show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
                unsigned long *sp, unsigned long bp, char *log_lvl)
 {
@@ -342,33 +236,6 @@ show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
 }
-void show_stack(struct task_struct *task, unsigned long *sp)
-{
-        show_stack_log_lvl(task, NULL, sp, 0, "");
-}
-/*
- * The architecture-independent dump_stack generator
- */
-void dump_stack(void)
-{
-        unsigned long bp = 0;
-        unsigned long stack;
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                get_bp(bp);
-#endif
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-        show_trace(NULL, NULL, &stack, bp);
-}
-EXPORT_SYMBOL(dump_stack);
 void show_registers(struct pt_regs *regs)
 {
        int i;
@@ -429,147 +296,3 @@ int is_valid_bugaddr(unsigned long ip)
        return ud2 == 0x0b0f;
 }
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-unsigned __kprobes long oops_begin(void)
-{
-        int cpu;
-        unsigned long flags;
-        oops_enter();
-        /* racy, but better than risking deadlock. */
-        raw_local_irq_save(flags);
-        cpu = smp_processor_id();
-        if (!__raw_spin_trylock(&die_lock)) {
-                if (cpu == die_owner)
-                        /* nested oops. should stop eventually */;
-                else
-                        __raw_spin_lock(&die_lock);
-        }
-        die_nest_count++;
-        die_owner = cpu;
-        console_verbose();
-        bust_spinlocks(1);
-        return flags;
-}
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        die_owner = -1;
-        bust_spinlocks(0);
-        die_nest_count--;
-        if (!die_nest_count)
-                /* Nest count reaches zero, release the lock. */
-                __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-        if (!regs) {
-                oops_exit();
-                return;
-        }
-        if (in_interrupt())
-                panic("Fatal exception in interrupt");
-        if (panic_on_oops)
-                panic("Fatal exception");
-        oops_exit();
-        do_exit(signr);
-}
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        sysfs_printk_last_file();
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
-                return 1;
-        show_registers(regs);
-        add_taint(TAINT_DIE);
-        /* Executive summary in case the oops scrolled away */
-        printk(KERN_ALERT "RIP ");
-        printk_address(regs->ip, 1);
-        printk(" RSP <%016lx>\n", regs->sp);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        return 0;
-}
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-        if (!user_mode(regs))
-                report_bug(regs->ip, regs);
-        if (__die(str, regs, err))
-                regs = NULL;
-        oops_end(flags, regs, SIGSEGV);
-}
-notrace __kprobes void
-die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        unsigned long flags;
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-        flags = oops_begin();
-        /*
-         * We are in trouble anyway, lets at least try
-         * to get a message out.
-         */
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        if (do_panic || panic_on_oops)
-                panic("Non maskable interrupt");
-        oops_end(flags, NULL, SIGBUS);
-        nmi_exit();
-        local_irq_enable();
-        do_exit(SIGBUS);
-}
-static int __init oops_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        if (!strcmp(s, "panic"))
-                panic_on_oops = 1;
-        return 0;
-}
-early_param("oops", oops_setup);
-static int __init kstack_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-        return 0;
-}
-early_param("kstack", kstack_setup);
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 28b597ef9ca1..43ceb3f454bf 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -1157,6 +1157,9 @@ ENTRY(mcount)
 END(mcount)
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        pushl %eax
        pushl %ecx
        pushl %edx
@@ -1171,6 +1174,11 @@ ftrace_call:
        popl %edx
        popl %ecx
        popl %eax
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+.globl ftrace_graph_call
+ftrace_graph_call:
+        jmp ftrace_stub
+#endif
 .globl ftrace_stub
 ftrace_stub:
@@ -1180,8 +1188,18 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        cmpl $ftrace_stub, ftrace_trace_function
        jnz trace
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+        cmpl $ftrace_stub, ftrace_graph_return
+        jnz ftrace_graph_caller
+        cmpl $ftrace_graph_entry_stub, ftrace_graph_entry
+        jnz ftrace_graph_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
        ret
@@ -1200,12 +1218,43 @@ trace:
        popl %edx
        popl %ecx
        popl %eax
        jmp ftrace_stub
 END(mcount)
 #endif /* CONFIG_DYNAMIC_FTRACE */
 #endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+ENTRY(ftrace_graph_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        movl 0xc(%esp), %edx
+        lea 0x4(%ebp), %eax
+        subl $MCOUNT_INSN_SIZE, %edx
+        call prepare_ftrace_return
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+END(ftrace_graph_caller)
+.globl return_to_handler
+return_to_handler:
+        pushl $0
+        pushl %eax
+        pushl %ecx
+        pushl %edx
+        call ftrace_return_to_handler
+        movl %eax, 0xc(%esp)
+        popl %edx
+        popl %ecx
+        popl %eax
+        ret
+#endif
 .section .rodata,"a"
 #include "syscall_table_32.S"
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index b86f332c96a6..54e0bbdccb99 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -68,6 +68,8 @@ ENTRY(mcount)
 END(mcount)
 ENTRY(ftrace_caller)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        /* taken from glibc */
        subq $0x38, %rsp
@@ -96,6 +98,12 @@ ftrace_call:
        movq (%rsp), %rax
        addq $0x38, %rsp
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+.globl ftrace_graph_call
+ftrace_graph_call:
+        jmp ftrace_stub
+#endif
 .globl ftrace_stub
 ftrace_stub:
        retq
@@ -103,8 +111,20 @@ END(ftrace_caller)
 #else /* ! CONFIG_DYNAMIC_FTRACE */
 ENTRY(mcount)
+        cmpl $0, function_trace_stop
+        jne  ftrace_stub
        cmpq $ftrace_stub, ftrace_trace_function
        jnz trace
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+        cmpq $ftrace_stub, ftrace_graph_return
+        jnz ftrace_graph_caller
+        cmpq $ftrace_graph_entry_stub, ftrace_graph_entry
+        jnz ftrace_graph_caller
+#endif
 .globl ftrace_stub
 ftrace_stub:
        retq
@@ -140,6 +160,69 @@ END(mcount)
 #endif /* CONFIG_DYNAMIC_FTRACE */
 #endif /* CONFIG_FUNCTION_TRACER */
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+ENTRY(ftrace_graph_caller)
+        cmpl $0, function_trace_stop
+        jne ftrace_stub
+        subq $0x38, %rsp
+        movq %rax, (%rsp)
+        movq %rcx, 8(%rsp)
+        movq %rdx, 16(%rsp)
+        movq %rsi, 24(%rsp)
+        movq %rdi, 32(%rsp)
+        movq %r8, 40(%rsp)
+        movq %r9, 48(%rsp)
+        leaq 8(%rbp), %rdi
+        movq 0x38(%rsp), %rsi
+        subq $MCOUNT_INSN_SIZE, %rsi
+        call    prepare_ftrace_return
+        movq 48(%rsp), %r9
+        movq 40(%rsp), %r8
+        movq 32(%rsp), %rdi
+        movq 24(%rsp), %rsi
+        movq 16(%rsp), %rdx
+        movq 8(%rsp), %rcx
+        movq (%rsp), %rax
+        addq $0x38, %rsp
+        retq
+END(ftrace_graph_caller)
+.globl return_to_handler
+return_to_handler:
+        subq  $80, %rsp
+        movq %rax, (%rsp)
+        movq %rcx, 8(%rsp)
+        movq %rdx, 16(%rsp)
+        movq %rsi, 24(%rsp)
+        movq %rdi, 32(%rsp)
+        movq %r8, 40(%rsp)
+        movq %r9, 48(%rsp)
+        movq %r10, 56(%rsp)
+        movq %r11, 64(%rsp)
+        call ftrace_return_to_handler
+        movq %rax, 72(%rsp)
+        movq 64(%rsp), %r11
+        movq 56(%rsp), %r10
+        movq 48(%rsp), %r9
+        movq 40(%rsp), %r8
+        movq 32(%rsp), %rdi
+        movq 24(%rsp), %rsi
+        movq 16(%rsp), %rdx
+        movq 8(%rsp), %rcx
+        movq (%rsp), %rax
+        addq $72, %rsp
+        retq
+#endif
 #ifndef CONFIG_PREEMPT
 #define retint_kernel retint_restore_args
 #endif  
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 50ea0ac8c9bf..1b43086b097a 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -14,14 +14,17 @@
 #include <linux/uaccess.h>
 #include <linux/ftrace.h>
 #include <linux/percpu.h>
+#include <linux/sched.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <asm/ftrace.h>
+#include <linux/ftrace.h>
 #include <asm/nops.h>
+#include <asm/nmi.h>
-static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+#ifdef CONFIG_DYNAMIC_FTRACE
 union ftrace_code_union {
        char code[MCOUNT_INSN_SIZE];
@@ -31,18 +34,12 @@ union ftrace_code_union {
        } __attribute__((packed));
 };
 static int ftrace_calc_offset(long ip, long addr)
 {
        return (int)(addr - ip);
 }
-unsigned char *ftrace_nop_replace(void)
+static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
-{
-        return ftrace_nop;
-}
-unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
 {
        static union ftrace_code_union calc;
@@ -56,7 +53,142 @@ unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr)
        return calc.code;
 }
-int
+/*
+ * Modifying code must take extra care. On an SMP machine, if
+ * the code being modified is also being executed on another CPU
+ * that CPU will have undefined results and possibly take a GPF.
+ * We use kstop_machine to stop other CPUS from exectuing code.
+ * But this does not stop NMIs from happening. We still need
+ * to protect against that. We separate out the modification of
+ * the code to take care of this.
+ *
+ * Two buffers are added: An IP buffer and a "code" buffer.
+ *
+ * 1) Put the instruction pointer into the IP buffer
+ *    and the new code into the "code" buffer.
+ * 2) Set a flag that says we are modifying code
+ * 3) Wait for any running NMIs to finish.
+ * 4) Write the code
+ * 5) clear the flag.
+ * 6) Wait for any running NMIs to finish.
+ *
+ * If an NMI is executed, the first thing it does is to call
+ * "ftrace_nmi_enter". This will check if the flag is set to write
+ * and if it is, it will write what is in the IP and "code" buffers.
+ *
+ * The trick is, it does not matter if everyone is writing the same
+ * content to the code location. Also, if a CPU is executing code
+ * it is OK to write to that code location if the contents being written
+ * are the same as what exists.
+ */
+static atomic_t in_nmi = ATOMIC_INIT(0);
+static int mod_code_status;             /* holds return value of text write */
+static int mod_code_write;              /* set when NMI should do the write */
+static void *mod_code_ip;               /* holds the IP to write to */
+static void *mod_code_newcode;          /* holds the text to write to the IP */
+static unsigned nmi_wait_count;
+static atomic_t nmi_update_count = ATOMIC_INIT(0);
+int ftrace_arch_read_dyn_info(char *buf, int size)
+{
+        int r;
+        r = snprintf(buf, size, "%u %u",
+                     nmi_wait_count,
+                     atomic_read(&nmi_update_count));
+        return r;
+}
+static void ftrace_mod_code(void)
+{
+        /*
+         * Yes, more than one CPU process can be writing to mod_code_status.
+         *    (and the code itself)
+         * But if one were to fail, then they all should, and if one were
+         * to succeed, then they all should.
+         */
+        mod_code_status = probe_kernel_write(mod_code_ip, mod_code_newcode,
+                                             MCOUNT_INSN_SIZE);
+}
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+        /* Must have in_nmi seen before reading write flag */
+        smp_mb();
+        if (mod_code_write) {
+                ftrace_mod_code();
+                atomic_inc(&nmi_update_count);
+        }
+}
+void ftrace_nmi_exit(void)
+{
+        /* Finish all executions before clearing in_nmi */
+        smp_wmb();
+        atomic_dec(&in_nmi);
+}
+static void wait_for_nmi(void)
+{
+        int waited = 0;
+        while (atomic_read(&in_nmi)) {
+                waited = 1;
+                cpu_relax();
+        }
+        if (waited)
+                nmi_wait_count++;
+}
+static int
+do_ftrace_mod_code(unsigned long ip, void *new_code)
+{
+        mod_code_ip = (void *)ip;
+        mod_code_newcode = new_code;
+        /* The buffers need to be visible before we let NMIs write them */
+        smp_wmb();
+        mod_code_write = 1;
+        /* Make sure write bit is visible before we wait on NMIs */
+        smp_mb();
+        wait_for_nmi();
+        /* Make sure all running NMIs have finished before we write the code */
+        smp_mb();
+        ftrace_mod_code();
+        /* Make sure the write happens before clearing the bit */
+        smp_wmb();
+        mod_code_write = 0;
+        /* make sure NMIs see the cleared bit */
+        smp_mb();
+        wait_for_nmi();
+        return mod_code_status;
+}
+static unsigned char ftrace_nop[MCOUNT_INSN_SIZE];
+static unsigned char *ftrace_nop_replace(void)
+{
+        return ftrace_nop;
+}
+static int
 ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                   unsigned char *new_code)
 {
@@ -81,7 +213,7 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
                return -EINVAL;
        /* replace the text with the new text */
-        if (probe_kernel_write((void *)ip, new_code, MCOUNT_INSN_SIZE))
+        if (do_ftrace_mod_code(ip, new_code))
                return -EPERM;
        sync_core();
@@ -89,6 +221,29 @@ ftrace_modify_code(unsigned long ip, unsigned char *old_code,
        return 0;
 }
+int ftrace_make_nop(struct module *mod,
+                    struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+        old = ftrace_call_replace(ip, addr);
+        new = ftrace_nop_replace();
+        return ftrace_modify_code(rec->ip, old, new);
+}
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+        unsigned char *new, *old;
+        unsigned long ip = rec->ip;
+        old = ftrace_nop_replace();
+        new = ftrace_call_replace(ip, addr);
+        return ftrace_modify_code(rec->ip, old, new);
+}
 int ftrace_update_ftrace_func(ftrace_func_t func)
 {
        unsigned long ip = (unsigned long)(&ftrace_call);
@@ -165,3 +320,218 @@ int __init ftrace_dyn_arch_init(void *data)
        return 0;
 }
+#endif
+#ifdef CONFIG_FUNCTION_GRAPH_TRACER
+#ifdef CONFIG_DYNAMIC_FTRACE
+extern void ftrace_graph_call(void);
+static int ftrace_mod_jmp(unsigned long ip,
+                          int old_offset, int new_offset)
+{
+        unsigned char code[MCOUNT_INSN_SIZE];
+        if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
+                return -EFAULT;
+        if (code[0] != 0xe9 || old_offset != *(int *)(&code[1]))
+                return -EINVAL;
+        *(int *)(&code[1]) = new_offset;
+        if (do_ftrace_mod_code(ip, &code))
+                return -EPERM;
+        return 0;
+}
+int ftrace_enable_ftrace_graph_caller(void)
+{
+        unsigned long ip = (unsigned long)(&ftrace_graph_call);
+        int old_offset, new_offset;
+        old_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
+        new_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
+        return ftrace_mod_jmp(ip, old_offset, new_offset);
+}
+int ftrace_disable_ftrace_graph_caller(void)
+{
+        unsigned long ip = (unsigned long)(&ftrace_graph_call);
+        int old_offset, new_offset;
+        old_offset = (unsigned long)(&ftrace_graph_caller) - (ip + MCOUNT_INSN_SIZE);
+        new_offset = (unsigned long)(&ftrace_stub) - (ip + MCOUNT_INSN_SIZE);
+        return ftrace_mod_jmp(ip, old_offset, new_offset);
+}
+#else /* CONFIG_DYNAMIC_FTRACE */
+/*
+ * These functions are picked from those used on
+ * this page for dynamic ftrace. They have been
+ * simplified to ignore all traces in NMI context.
+ */
+static atomic_t in_nmi;
+void ftrace_nmi_enter(void)
+{
+        atomic_inc(&in_nmi);
+}
+void ftrace_nmi_exit(void)
+{
+        atomic_dec(&in_nmi);
+}
+#endif /* !CONFIG_DYNAMIC_FTRACE */
+/* Add a function return address to the trace stack on thread info.*/
+static int push_return_trace(unsigned long ret, unsigned long long time,
+                                unsigned long func, int *depth)
+{
+        int index;
+        if (!current->ret_stack)
+                return -EBUSY;
+        /* The return trace stack is full */
+        if (current->curr_ret_stack == FTRACE_RETFUNC_DEPTH - 1) {
+                atomic_inc(&current->trace_overrun);
+                return -EBUSY;
+        }
+        index = ++current->curr_ret_stack;
+        barrier();
+        current->ret_stack[index].ret = ret;
+        current->ret_stack[index].func = func;
+        current->ret_stack[index].calltime = time;
+        *depth = index;
+        return 0;
+}
+/* Retrieve a function return address to the trace stack on thread info.*/
+static void pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret)
+{
+        int index;
+        index = current->curr_ret_stack;
+        if (unlikely(index < 0)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                /* Might as well panic, otherwise we have no where to go */
+                *ret = (unsigned long)panic;
+                return;
+        }
+        *ret = current->ret_stack[index].ret;
+        trace->func = current->ret_stack[index].func;
+        trace->calltime = current->ret_stack[index].calltime;
+        trace->overrun = atomic_read(&current->trace_overrun);
+        trace->depth = index;
+        barrier();
+        current->curr_ret_stack--;
+}
+/*
+ * Send the trace to the ring-buffer.
+ * @return the original return address.
+ */
+unsigned long ftrace_return_to_handler(void)
+{
+        struct ftrace_graph_ret trace;
+        unsigned long ret;
+        pop_return_trace(&trace, &ret);
+        trace.rettime = cpu_clock(raw_smp_processor_id());
+        ftrace_graph_return(&trace);
+        if (unlikely(!ret)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                /* Might as well panic. What else to do? */
+                ret = (unsigned long)panic;
+        }
+        return ret;
+}
+/*
+ * Hook the return address and push it in the stack of return addrs
+ * in current thread info.
+ */
+void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr)
+{
+        unsigned long old;
+        unsigned long long calltime;
+        int faulted;
+        struct ftrace_graph_ent trace;
+        unsigned long return_hooker = (unsigned long)
+                                &return_to_handler;
+        /* Nmi's are currently unsupported */
+        if (unlikely(atomic_read(&in_nmi)))
+                return;
+        if (unlikely(atomic_read(&current->tracing_graph_pause)))
+                return;
+        /*
+         * Protect against fault, even if it shouldn't
+         * happen. This tool is too much intrusive to
+         * ignore such a protection.
+         */
+        asm volatile(
+                "1: " _ASM_MOV " (%[parent_old]), %[old]\n"
+                "2: " _ASM_MOV " %[return_hooker], (%[parent_replaced])\n"
+                "   movl $0, %[faulted]\n"
+                ".section .fixup, \"ax\"\n"
+                "3: movl $1, %[faulted]\n"
+                ".previous\n"
+                _ASM_EXTABLE(1b, 3b)
+                _ASM_EXTABLE(2b, 3b)
+                : [parent_replaced] "=r" (parent), [old] "=r" (old),
+                  [faulted] "=r" (faulted)
+                : [parent_old] "0" (parent), [return_hooker] "r" (return_hooker)
+                : "memory"
+        );
+        if (unlikely(faulted)) {
+                ftrace_graph_stop();
+                WARN_ON(1);
+                return;
+        }
+        if (unlikely(!__kernel_text_address(old))) {
+                ftrace_graph_stop();
+                *parent = old;
+                WARN_ON(1);
+                return;
+        }
+        calltime = cpu_clock(raw_smp_processor_id());
+        if (push_return_trace(old, calltime,
+                                self_addr, &trace.depth) == -EBUSY) {
+                *parent = old;
+                return;
+        }
+        trace.func = self_addr;
+        /* Only trace if the calling function expects to */
+        if (!ftrace_graph_entry(&trace)) {
+                current->curr_ret_stack--;
+                *parent = old;
+        }
+}
+#endif /* CONFIG_FUNCTION_GRAPH_TRACER */
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index c622772744d8..c27af49a4ede 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -7,6 +7,7 @@
 #include <linux/module.h>
 #include <linux/pm.h>
 #include <linux/clockchips.h>
+#include <linux/ftrace.h>
 #include <asm/system.h>
 unsigned long idle_halt;
@@ -100,6 +101,9 @@ static inline int hlt_use_halt(void)
 void default_idle(void)
 {
        if (hlt_use_halt()) {
+                struct power_trace it;
+                trace_power_start(&it, POWER_CSTATE, 1);
                current_thread_info()->status &= ~TS_POLLING;
                /*
                 * TS_POLLING-cleared state must be visible before we
@@ -112,6 +116,7 @@ void default_idle(void)
                else
                        local_irq_enable();
                current_thread_info()->status |= TS_POLLING;
+                trace_power_end(&it);
        } else {
                local_irq_enable();
                /* loop is done by the caller */
@@ -154,24 +159,31 @@ EXPORT_SYMBOL_GPL(cpu_idle_wait);
 */
 void mwait_idle_with_hints(unsigned long ax, unsigned long cx)
 {
+        struct power_trace it;
+        trace_power_start(&it, POWER_CSTATE, (ax>>4)+1);
        if (!need_resched()) {
                __monitor((void *)&current_thread_info()->flags, 0, 0);
                smp_mb();
                if (!need_resched())
                        __mwait(ax, cx);
        }
+        trace_power_end(&it);
 }
 /* Default MONITOR/MWAIT with no hints, used for default C1 state */
 static void mwait_idle(void)
 {
+        struct power_trace it;
        if (!need_resched()) {
+                trace_power_start(&it, POWER_CSTATE, 1);
                __monitor((void *)&current_thread_info()->flags, 0, 0);
                smp_mb();
                if (!need_resched())
                        __sti_mwait(0, 0);
                else
                        local_irq_enable();
+                trace_power_end(&it);
        } else
                local_irq_enable();
 }
@@ -183,9 +195,13 @@ static void mwait_idle(void)
 */
 static void poll_idle(void)
 {
+        struct power_trace it;
+        trace_power_start(&it, POWER_CSTATE, 0);
        local_irq_enable();
        while (!need_resched())
                cpu_relax();
+        trace_power_end(&it);
 }
 /*
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 0a1302fe6d45..24c2276aa453 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -38,6 +38,7 @@
 #include <linux/percpu.h>
 #include <linux/prctl.h>
 #include <linux/dmi.h>
+#include <linux/ftrace.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -548,7 +549,8 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
 * the task-switch, and shows up in ret_from_fork in entry.S,
 * for example.
 */
-struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+__notrace_funcgraph struct task_struct *
+__switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 {
        struct thread_struct *prev = &prev_p->thread,
                                 *next = &next_p->thread;
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index c958120fb1b6..fbb321d53d34 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -39,6 +39,7 @@
 #include <linux/prctl.h>
 #include <linux/uaccess.h>
 #include <linux/io.h>
+#include <linux/ftrace.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -551,8 +552,9 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
 * - could test fs/gs bitsliced
 *
 * Kprobes not supported here. Set the probe on schedule instead.
+ * Function graph tracer not supported too.
 */
-struct task_struct *
+__notrace_funcgraph struct task_struct *
 __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 {
        struct thread_struct *prev = &prev_p->thread;
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 0a6d8c12e10d..2c8ec1ba75e6 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -668,14 +668,14 @@ static int ptrace_bts_read_record(struct task_struct *child, size_t index,
        size_t bts_index, bts_end;
        int error;
-        error = ds_get_bts_end(child, &bts_end);
+        error = ds_get_bts_end(child->bts, &bts_end);
        if (error < 0)
                return error;
        if (bts_end <= index)
                return -EINVAL;
-        error = ds_get_bts_index(child, &bts_index);
+        error = ds_get_bts_index(child->bts, &bts_index);
        if (error < 0)
                return error;
@@ -684,7 +684,7 @@ static int ptrace_bts_read_record(struct task_struct *child, size_t index,
        if (bts_end <= bts_index)
                bts_index -= bts_end;
-        error = ds_access_bts(child, bts_index, &bts_record);
+        error = ds_access_bts(child->bts, bts_index, &bts_record);
        if (error < 0)
                return error;
@@ -705,14 +705,14 @@ static int ptrace_bts_drain(struct task_struct *child,
        size_t end, i;
        int error;
-        error = ds_get_bts_index(child, &end);
+        error = ds_get_bts_index(child->bts, &end);
        if (error < 0)
                return error;
        if (size < (end * sizeof(struct bts_struct)))
                return -EIO;
-        error = ds_access_bts(child, 0, (const void **)&raw);
+        error = ds_access_bts(child->bts, 0, (const void **)&raw);
        if (error < 0)
                return error;
@@ -723,18 +723,13 @@ static int ptrace_bts_drain(struct task_struct *child,
                        return -EFAULT;
        }
-        error = ds_clear_bts(child);
+        error = ds_clear_bts(child->bts);
        if (error < 0)
                return error;
        return end;
 }
-static void ptrace_bts_ovfl(struct task_struct *child)
-{
-        send_sig(child->thread.bts_ovfl_signal, child, 0);
-}
 static int ptrace_bts_config(struct task_struct *child,
                             long cfg_size,
                             const struct ptrace_bts_config __user *ucfg)
@@ -760,23 +755,45 @@ static int ptrace_bts_config(struct task_struct *child,
                goto errout;
        if (cfg.flags & PTRACE_BTS_O_ALLOC) {
-                ds_ovfl_callback_t ovfl = NULL;
+                bts_ovfl_callback_t ovfl = NULL;
                unsigned int sig = 0;
-                /* we ignore the error in case we were not tracing child */
+                error = -EINVAL;
-                (void)ds_release_bts(child);
+                if (cfg.size < (10 * bts_cfg.sizeof_bts))
+                        goto errout;
                if (cfg.flags & PTRACE_BTS_O_SIGNAL) {
                        if (!cfg.signal)
                                goto errout;
+                        error = -EOPNOTSUPP;
+                        goto errout;
                        sig  = cfg.signal;
-                        ovfl = ptrace_bts_ovfl;
                }
-                error = ds_request_bts(child, /* base = */ NULL, cfg.size, ovfl);
+                if (child->bts) {
-                if (error < 0)
+                        (void)ds_release_bts(child->bts);
+                        kfree(child->bts_buffer);
+                        child->bts = NULL;
+                        child->bts_buffer = NULL;
+                }
+                error = -ENOMEM;
+                child->bts_buffer = kzalloc(cfg.size, GFP_KERNEL);
+                if (!child->bts_buffer)
+                        goto errout;
+                child->bts = ds_request_bts(child, child->bts_buffer, cfg.size,
+                                            ovfl, /* th = */ (size_t)-1);
+                if (IS_ERR(child->bts)) {
+                        error = PTR_ERR(child->bts);
+                        kfree(child->bts_buffer);
+                        child->bts = NULL;
+                        child->bts_buffer = NULL;
                        goto errout;
+                }
                child->thread.bts_ovfl_signal = sig;
        }
@@ -823,15 +840,15 @@ static int ptrace_bts_status(struct task_struct *child,
        if (cfg_size < sizeof(cfg))
                return -EIO;
-        error = ds_get_bts_end(child, &end);
+        error = ds_get_bts_end(child->bts, &end);
        if (error < 0)
                return error;
-        error = ds_access_bts(child, /* index = */ 0, &base);
+        error = ds_access_bts(child->bts, /* index = */ 0, &base);
        if (error < 0)
                return error;
-        error = ds_access_bts(child, /* index = */ end, &max);
+        error = ds_access_bts(child->bts, /* index = */ end, &max);
        if (error < 0)
                return error;
@@ -884,10 +901,7 @@ static int ptrace_bts_write_record(struct task_struct *child,
                return -EINVAL;
        }
-        /* The writing task will be the switched-to task on a context
+        return ds_write_bts(child->bts, bts_record, bts_cfg.sizeof_bts);
-         * switch. It needs to write into the switched-from task's BTS
-         * buffer. */
-        return ds_unchecked_write_bts(child, bts_record, bts_cfg.sizeof_bts);
 }
 void ptrace_bts_take_timestamp(struct task_struct *tsk,
@@ -929,17 +943,16 @@ void __cpuinit ptrace_bts_init_intel(struct cpuinfo_x86 *c)
        switch (c->x86) {
        case 0x6:
                switch (c->x86_model) {
+                case 0 ... 0xC:
+                        /* sorry, don't know about them */
+                        break;
                case 0xD:
                case 0xE: /* Pentium M */
                        bts_configure(&bts_cfg_pentium_m);
                        break;
-                case 0xF: /* Core2 */
+                default: /* Core2, Atom, ... */
-        case 0x1C: /* Atom */
                        bts_configure(&bts_cfg_core2);
                        break;
-                default:
-                        /* sorry, don't know about them */
-                        break;
                }
                break;
        case 0xF:
@@ -973,13 +986,17 @@ void ptrace_disable(struct task_struct *child)
        clear_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 #endif
 #ifdef CONFIG_X86_PTRACE_BTS
-        (void)ds_release_bts(child);
+        if (child->bts) {
+                (void)ds_release_bts(child->bts);
+                kfree(child->bts_buffer);
+                child->bts_buffer = NULL;
-        child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
+                child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
-        if (!child->thread.debugctlmsr)
+                if (!child->thread.debugctlmsr)
-                clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
+                        clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
-        clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
+                clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
+        }
 #endif /* CONFIG_X86_PTRACE_BTS */
 }
@@ -1111,9 +1128,16 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                        (child, data, (struct ptrace_bts_config __user *)addr);
                break;
-        case PTRACE_BTS_SIZE:
+        case PTRACE_BTS_SIZE: {
-                ret = ds_get_bts_index(child, /* pos = */ NULL);
+                size_t size;
+                ret = ds_get_bts_index(child->bts, &size);
+                if (ret == 0) {
+                        BUG_ON(size != (int) size);
+                        ret = (int) size;
+                }
                break;
+        }
        case PTRACE_BTS_GET:
                ret = ptrace_bts_read_record
@@ -1121,7 +1145,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                break;
        case PTRACE_BTS_CLEAR:
-                ret = ds_clear_bts(child);
+                ret = ds_clear_bts(child->bts);
                break;
        case PTRACE_BTS_DRAIN:
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index a03e7f6d90c3..10786af95545 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -6,6 +6,7 @@
 #include <linux/sched.h>
 #include <linux/stacktrace.h>
 #include <linux/module.h>
+#include <linux/uaccess.h>
 #include <asm/stacktrace.h>
 static void save_stack_warning(void *data, char *msg)
@@ -83,3 +84,66 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
                trace->entries[trace->nr_entries++] = ULONG_MAX;
 }
 EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+/* Userspace stacktrace - based on kernel/trace/trace_sysprof.c */
+struct stack_frame {
+        const void __user       *next_fp;
+        unsigned long           ret_addr;
+};
+static int copy_stack_frame(const void __user *fp, struct stack_frame *frame)
+{
+        int ret;
+        if (!access_ok(VERIFY_READ, fp, sizeof(*frame)))
+                return 0;
+        ret = 1;
+        pagefault_disable();
+        if (__copy_from_user_inatomic(frame, fp, sizeof(*frame)))
+                ret = 0;
+        pagefault_enable();
+        return ret;
+}
+static inline void __save_stack_trace_user(struct stack_trace *trace)
+{
+        const struct pt_regs *regs = task_pt_regs(current);
+        const void __user *fp = (const void __user *)regs->bp;
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = regs->ip;
+        while (trace->nr_entries < trace->max_entries) {
+                struct stack_frame frame;
+                frame.next_fp = NULL;
+                frame.ret_addr = 0;
+                if (!copy_stack_frame(fp, &frame))
+                        break;
+                if ((unsigned long)fp < regs->sp)
+                        break;
+                if (frame.ret_addr) {
+                        trace->entries[trace->nr_entries++] =
+                                frame.ret_addr;
+                }
+                if (fp == frame.next_fp)
+                        break;
+                fp = frame.next_fp;
+        }
+}
+void save_stack_trace_user(struct stack_trace *trace)
+{
+        /*
+         * Trace user stack if we are not a kernel thread
+         */
+        if (current->mm) {
+                __save_stack_trace_user(trace);
+        }
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 0b8b6690a86d..6f3d3d4cd973 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -17,6 +17,9 @@
 *  want per guest time just set the kernel.vsyscall64 sysctl to 0.
 */
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
 #include <linux/time.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 9e68075544f6..4a20b2f9a381 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -39,7 +39,7 @@ static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned lon
 #define __do_strncpy_from_user(dst, src, count, res)                       \
 do {                                                                       \
        int __d0, __d1, __d2;                                              \
-        might_sleep();                                                     \
+        might_fault();                                                     \
        __asm__ __volatile__(                                              \
                "       testl %1,%1\n"                                     \
                "       jz 2f\n"                                           \
@@ -126,7 +126,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 #define __do_clear_user(addr,size)                                      \
 do {                                                                    \
        int __d0;                                                       \
-        might_sleep();                                                  \
+        might_fault();                                                  \
        __asm__ __volatile__(                                           \
                "0:     rep; stosl\n"                                   \
                "       movl %2,%0\n"                                   \
@@ -155,7 +155,7 @@ do {									\
 unsigned long
 clear_user(void __user *to, unsigned long n)
 {
-        might_sleep();
+        might_fault();
        if (access_ok(VERIFY_WRITE, to, n))
                __do_clear_user(to, n);
        return n;
@@ -197,7 +197,7 @@ long strnlen_user(const char __user *s, long n)
        unsigned long mask = -__addr_ok(s);
        unsigned long res, tmp;
-        might_sleep();
+        might_fault();
        __asm__ __volatile__(
                "       testl %0, %0\n"
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index f4df6e7c718b..64d6c84e6353 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -15,7 +15,7 @@
 #define __do_strncpy_from_user(dst,src,count,res)                          \
 do {                                                                       \
        long __d0, __d1, __d2;                                             \
-        might_sleep();                                                     \
+        might_fault();                                                     \
        __asm__ __volatile__(                                              \
                "       testq %1,%1\n"                                     \
                "       jz 2f\n"                                           \
@@ -64,7 +64,7 @@ EXPORT_SYMBOL(strncpy_from_user);
 unsigned long __clear_user(void __user *addr, unsigned long size)
 {
        long __d0;
-        might_sleep();
+        might_fault();
        /* no memory constraint because it doesn't change any memory gcc knows
           about */
        asm volatile(
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fea4565ff576..d8cc96a2738f 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -8,9 +8,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
-obj-$(CONFIG_MMIOTRACE_HOOKS)   += kmmio.o
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
-mmiotrace-y                     := pf_in.o mmio-mod.o
+mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
 obj-$(CONFIG_NUMA)              += numa_$(BITS).o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 31e8730fa246..21e996a70d68 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -53,7 +53,7 @@
 static inline int kmmio_fault(struct pt_regs *regs, unsigned long addr)
 {
-#ifdef CONFIG_MMIOTRACE_HOOKS
+#ifdef CONFIG_MMIOTRACE
        if (unlikely(is_kmmio_active()))
                if (kmmio_handler(regs, addr) == 1)
                        return -1;
@@ -413,6 +413,7 @@ static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs,
                                 unsigned long error_code)
 {
        unsigned long flags = oops_begin();
+        int sig = SIGKILL;
        struct task_struct *tsk;
        printk(KERN_ALERT "%s: Corrupted page table at address %lx\n",
@@ -423,8 +424,8 @@ static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs,
        tsk->thread.trap_no = 14;
        tsk->thread.error_code = error_code;
        if (__die("Bad pagetable", regs, error_code))
-                regs = NULL;
+                sig = 0;
-        oops_end(flags, regs, SIGKILL);
+        oops_end(flags, regs, sig);
 }
 #endif
@@ -590,6 +591,7 @@ void __kprobes do_page_fault(struct pt_regs *regs, unsigned long error_code)
        int fault;
 #ifdef CONFIG_X86_64
        unsigned long flags;
+        int sig;
 #endif
        tsk = current;
@@ -849,11 +851,12 @@ no_context:
        bust_spinlocks(0);
        do_exit(SIGKILL);
 #else
+        sig = SIGKILL;
        if (__die("Oops", regs, error_code))
-                regs = NULL;
+                sig = 0;
        /* Executive summary in case the body of the oops scrolled away */
        printk(KERN_EMERG "CR2: %016lx\n", address);
-        oops_end(flags, regs, SIGKILL);
+        oops_end(flags, regs, sig);
 #endif
 /*
diff --git a/arch/x86/vdso/vclock_gettime.c b/arch/x86/vdso/vclock_gettime.c
index 1ef0f90813d6..d9d35824c56f 100644
--- a/arch/x86/vdso/vclock_gettime.c
+++ b/arch/x86/vdso/vclock_gettime.c
@@ -9,6 +9,9 @@
 * Also alternative() doesn't work.
 */
+/* Disable profiling for userspace code: */
+#define DISABLE_BRANCH_PROFILING
 #include <linux/kernel.h>
 #include <linux/posix-timers.h>
 #include <linux/time.h>