arch/powerpc/lib/code-patching.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *  Copyright 2008 Michael Ellerman, IBM Corporation.
   4  */
   5
   6 #include <linux/kernel.h>
   7 #include <linux/kprobes.h>
   8 #include <linux/vmalloc.h>
   9 #include <linux/init.h>
  10 #include <linux/mm.h>
  11 #include <linux/cpuhotplug.h>
  12 #include <linux/slab.h>
  13 #include <linux/uaccess.h>
  14
  15 #include <asm/pgtable.h>
  16 #include <asm/tlbflush.h>
  17 #include <asm/page.h>
  18 #include <asm/code-patching.h>
  19 #include <asm/setup.h>
  20 #include <asm/inst.h>
  21
  22 static int __patch_instruction(unsigned int *exec_addr, unsigned int instr,
  23                                unsigned int *patch_addr)
  24 {
  25         int err = 0;
  26
  27         __put_user_asm(instr, patch_addr, err, "stw");
  28         if (err)
  29                 return err;
  30
  31         asm ("dcbst 0, %0; sync; icbi 0,%1; sync; isync" :: "r" (patch_addr),
  32                                                             "r" (exec_addr));
  33
  34         return 0;
  35 }
  36
  37 int raw_patch_instruction(unsigned int *addr, unsigned int instr)
  38 {
  39         return __patch_instruction(addr, instr, addr);
  40 }
  41
  42 #ifdef CONFIG_STRICT_KERNEL_RWX
  43 static DEFINE_PER_CPU(struct vm_struct *, text_poke_area);
  44
  45 static int text_area_cpu_up(unsigned int cpu)
  46 {
  47         struct vm_struct *area;
  48
  49         area = get_vm_area(PAGE_SIZE, VM_ALLOC);
  50         if (!area) {
  51                 WARN_ONCE(1, "Failed to create text area for cpu %d\n",
  52                         cpu);
  53                 return -1;
  54         }
  55         this_cpu_write(text_poke_area, area);
  56
  57         return 0;
  58 }
  59
  60 static int text_area_cpu_down(unsigned int cpu)
  61 {
  62         free_vm_area(this_cpu_read(text_poke_area));
  63         return 0;
  64 }
  65
  66 /*
  67  * Run as a late init call. This allows all the boot time patching to be done
  68  * simply by patching the code, and then we're called here prior to
  69  * mark_rodata_ro(), which happens after all init calls are run. Although
  70  * BUG_ON() is rude, in this case it should only happen if ENOMEM, and we judge
  71  * it as being preferable to a kernel that will crash later when someone tries
  72  * to use patch_instruction().
  73  */
  74 static int __init setup_text_poke_area(void)
  75 {
  76         BUG_ON(!cpuhp_setup_state(CPUHP_AP_ONLINE_DYN,
  77                 "powerpc/text_poke:online", text_area_cpu_up,
  78                 text_area_cpu_down));
  79
  80         return 0;
  81 }
  82 late_initcall(setup_text_poke_area);
  83
  84 /*
  85  * This can be called for kernel text or a module.
  86  */
  87 static int map_patch_area(void *addr, unsigned long text_poke_addr)
  88 {
  89         unsigned long pfn;
  90         int err;
  91
  92         if (is_vmalloc_addr(addr))
  93                 pfn = vmalloc_to_pfn(addr);
  94         else
  95                 pfn = __pa_symbol(addr) >> PAGE_SHIFT;
  96
  97         err = map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL);
  98
  99         pr_devel("Mapped addr %lx with pfn %lx:%d\n", text_poke_addr, pfn, err);
 100         if (err)
 101                 return -1;
 102
 103         return 0;
 104 }
 105
 106 static inline int unmap_patch_area(unsigned long addr)
 107 {
 108         pte_t *ptep;
 109         pmd_t *pmdp;
 110         pud_t *pudp;
 111         pgd_t *pgdp;
 112
 113         pgdp = pgd_offset_k(addr);
 114         if (unlikely(!pgdp))
 115                 return -EINVAL;
 116
 117         pudp = pud_offset(pgdp, addr);
 118         if (unlikely(!pudp))
 119                 return -EINVAL;
 120
 121         pmdp = pmd_offset(pudp, addr);
 122         if (unlikely(!pmdp))
 123                 return -EINVAL;
 124
 125         ptep = pte_offset_kernel(pmdp, addr);
 126         if (unlikely(!ptep))
 127                 return -EINVAL;
 128
 129         pr_devel("clearing mm %p, pte %p, addr %lx\n", &init_mm, ptep, addr);
 130
 131         /*
 132          * In hash, pte_clear flushes the tlb, in radix, we have to
 133          */
 134         pte_clear(&init_mm, addr, ptep);
 135         flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
 136
 137         return 0;
 138 }
 139
 140 static int do_patch_instruction(unsigned int *addr, unsigned int instr)
 141 {
 142         int err;
 143         unsigned int *patch_addr = NULL;
 144         unsigned long flags;
 145         unsigned long text_poke_addr;
 146         unsigned long kaddr = (unsigned long)addr;
 147
 148         /*
 149          * During early early boot patch_instruction is called
 150          * when text_poke_area is not ready, but we still need
 151          * to allow patching. We just do the plain old patching
 152          */
 153         if (!this_cpu_read(text_poke_area))
 154                 return raw_patch_instruction(addr, instr);
 155
 156         local_irq_save(flags);
 157
 158         text_poke_addr = (unsigned long)__this_cpu_read(text_poke_area)->addr;
 159         if (map_patch_area(addr, text_poke_addr)) {
 160                 err = -1;
 161                 goto out;
 162         }
 163
 164         patch_addr = (unsigned int *)(text_poke_addr) +
 165                         ((kaddr & ~PAGE_MASK) / sizeof(unsigned int));
 166
 167         __patch_instruction(addr, instr, patch_addr);
 168
 169         err = unmap_patch_area(text_poke_addr);
 170         if (err)
 171                 pr_warn("failed to unmap %lx\n", text_poke_addr);
 172
 173 out:
 174         local_irq_restore(flags);
 175
 176         return err;
 177 }
 178 #else /* !CONFIG_STRICT_KERNEL_RWX */
 179
 180 static int do_patch_instruction(unsigned int *addr, unsigned int instr)
 181 {
 182         return raw_patch_instruction(addr, instr);
 183 }
 184
 185 #endif /* CONFIG_STRICT_KERNEL_RWX */
 186
 187 int patch_instruction(unsigned int *addr, unsigned int instr)
 188 {
 189         /* Make sure we aren't patching a freed init section */
 190         if (init_mem_is_free && init_section_contains(addr, 4)) {
 191                 pr_debug("Skipping init section patching addr: 0x%px\n", addr);
 192                 return 0;
 193         }
 194         return do_patch_instruction(addr, instr);
 195 }
 196 NOKPROBE_SYMBOL(patch_instruction);
 197
 198 int patch_branch(unsigned int *addr, unsigned long target, int flags)
 199 {
 200         unsigned int instr;
 201
 202         create_branch(&instr, addr, target, flags);
 203         return patch_instruction(addr, instr);
 204 }
 205
 206 bool is_offset_in_branch_range(long offset)
 207 {
 208         /*
 209          * Powerpc branch instruction is :
 210          *
 211          *  0         6                 30   31
 212          *  +---------+----------------+---+---+
 213          *  | opcode  |     LI         |AA |LK |
 214          *  +---------+----------------+---+---+
 215          *  Where AA = 0 and LK = 0
 216          *
 217          * LI is a signed 24 bits integer. The real branch offset is computed
 218          * by: imm32 = SignExtend(LI:'0b00', 32);
 219          *
 220          * So the maximum forward branch should be:
 221          *   (0x007fffff << 2) = 0x01fffffc =  0x1fffffc
 222          * The maximum backward branch should be:
 223          *   (0xff800000 << 2) = 0xfe000000 = -0x2000000
 224          */
 225         return (offset >= -0x2000000 && offset <= 0x1fffffc && !(offset & 0x3));
 226 }
 227
 228 /*
 229  * Helper to check if a given instruction is a conditional branch
 230  * Derived from the conditional checks in analyse_instr()
 231  */
 232 bool is_conditional_branch(unsigned int instr)
 233 {
 234         unsigned int opcode = ppc_inst_primary_opcode(instr);
 235
 236         if (opcode == 16)       /* bc, bca, bcl, bcla */
 237                 return true;
 238         if (opcode == 19) {
 239                 switch ((ppc_inst_val(instr) >> 1) & 0x3ff) {
 240                 case 16:        /* bclr, bclrl */
 241                 case 528:       /* bcctr, bcctrl */
 242                 case 560:       /* bctar, bctarl */
 243                         return true;
 244                 }
 245         }
 246         return false;
 247 }
 248 NOKPROBE_SYMBOL(is_conditional_branch);
 249
 250 int create_branch(unsigned int *instr,
 251                   const unsigned int *addr,
 252                   unsigned long target, int flags)
 253 {
 254         long offset;
 255
 256         *instr = 0;
 257         offset = target;
 258         if (! (flags & BRANCH_ABSOLUTE))
 259                 offset = offset - (unsigned long)addr;
 260
 261         /* Check we can represent the target in the instruction format */
 262         if (!is_offset_in_branch_range(offset))
 263                 return 1;
 264
 265         /* Mask out the flags and target, so they don't step on each other. */
 266         *instr = 0x48000000 | (flags & 0x3) | (offset & 0x03FFFFFC);
 267
 268         return 0;
 269 }
 270
 271 int create_cond_branch(unsigned int *instr, const unsigned int *addr,
 272                        unsigned long target, int flags)
 273 {
 274         long offset;
 275
 276         offset = target;
 277         if (! (flags & BRANCH_ABSOLUTE))
 278                 offset = offset - (unsigned long)addr;
 279
 280         /* Check we can represent the target in the instruction format */
 281         if (offset < -0x8000 || offset > 0x7FFF || offset & 0x3)
 282                 return 1;
 283
 284         /* Mask out the flags and target, so they don't step on each other. */
 285         *instr = 0x40000000 | (flags & 0x3FF0003) | (offset & 0xFFFC);
 286
 287         return 0;
 288 }
 289
 290 static unsigned int branch_opcode(unsigned int instr)
 291 {
 292         return ppc_inst_primary_opcode(instr) & 0x3F;
 293 }
 294
 295 static int instr_is_branch_iform(unsigned int instr)
 296 {
 297         return branch_opcode(instr) == 18;
 298 }
 299
 300 static int instr_is_branch_bform(unsigned int instr)
 301 {
 302         return branch_opcode(instr) == 16;
 303 }
 304
 305 int instr_is_relative_branch(unsigned int instr)
 306 {
 307         if (ppc_inst_val(instr) & BRANCH_ABSOLUTE)
 308                 return 0;
 309
 310         return instr_is_branch_iform(instr) || instr_is_branch_bform(instr);
 311 }
 312
 313 int instr_is_relative_link_branch(unsigned int instr)
 314 {
 315         return instr_is_relative_branch(instr) && (ppc_inst_val(instr) & BRANCH_SET_LINK);
 316 }
 317
 318 static unsigned long branch_iform_target(const unsigned int *instr)
 319 {
 320         signed long imm;
 321
 322         imm = ppc_inst_val(*instr) & 0x3FFFFFC;
 323
 324         /* If the top bit of the immediate value is set this is negative */
 325         if (imm & 0x2000000)
 326                 imm -= 0x4000000;
 327
 328         if ((ppc_inst_val(*instr) & BRANCH_ABSOLUTE) == 0)
 329                 imm += (unsigned long)instr;
 330
 331         return (unsigned long)imm;
 332 }
 333
 334 static unsigned long branch_bform_target(const unsigned int *instr)
 335 {
 336         signed long imm;
 337
 338         imm = ppc_inst_val(*instr) & 0xFFFC;
 339
 340         /* If the top bit of the immediate value is set this is negative */
 341         if (imm & 0x8000)
 342                 imm -= 0x10000;
 343
 344         if ((ppc_inst_val(*instr) & BRANCH_ABSOLUTE) == 0)
 345                 imm += (unsigned long)instr;
 346
 347         return (unsigned long)imm;
 348 }
 349
 350 unsigned long branch_target(const unsigned int *instr)
 351 {
 352         if (instr_is_branch_iform(*instr))
 353                 return branch_iform_target(instr);
 354         else if (instr_is_branch_bform(*instr))
 355                 return branch_bform_target(instr);
 356
 357         return 0;
 358 }
 359
 360 int instr_is_branch_to_addr(const unsigned int *instr, unsigned long addr)
 361 {
 362         if (instr_is_branch_iform(*instr) || instr_is_branch_bform(*instr))
 363                 return branch_target(instr) == addr;
 364
 365         return 0;
 366 }
 367
 368 int translate_branch(unsigned int *instr, const unsigned int *dest,
 369                      const unsigned int *src)
 370 {
 371         unsigned long target;
 372
 373         target = branch_target(src);
 374
 375         if (instr_is_branch_iform(*src))
 376                 return create_branch(instr, dest, target, ppc_inst_val(*src));
 377         else if (instr_is_branch_bform(*src))
 378                 return create_cond_branch(instr, dest, target, ppc_inst_val(*src));
 379
 380         return 1;
 381 }
 382
 383 #ifdef CONFIG_PPC_BOOK3E_64
 384 void __patch_exception(int exc, unsigned long addr)
 385 {
 386         extern unsigned int interrupt_base_book3e;
 387         unsigned int *ibase = &interrupt_base_book3e;
 388
 389         /* Our exceptions vectors start with a NOP and -then- a branch
 390          * to deal with single stepping from userspace which stops on
 391          * the second instruction. Thus we need to patch the second
 392          * instruction of the exception, not the first one
 393          */
 394
 395         patch_branch(ibase + (exc / 4) + 1, addr, 0);
 396 }
 397 #endif
 398
 399 #ifdef CONFIG_CODE_PATCHING_SELFTEST
 400
 401 static void __init test_trampoline(void)
 402 {
 403         asm ("nop;\n");
 404 }
 405
 406 #define check(x)        \
 407         if (!(x)) printk("code-patching: test failed at line %d\n", __LINE__);
 408
 409 static void __init test_branch_iform(void)
 410 {
 411         int err;
 412         unsigned int instr;
 413         unsigned long addr;
 414
 415         addr = (unsigned long)&instr;
 416
 417         /* The simplest case, branch to self, no flags */
 418         check(instr_is_branch_iform(ppc_inst(0x48000000)));
 419         /* All bits of target set, and flags */
 420         check(instr_is_branch_iform(ppc_inst(0x4bffffff)));
 421         /* High bit of opcode set, which is wrong */
 422         check(!instr_is_branch_iform(ppc_inst(0xcbffffff)));
 423         /* Middle bits of opcode set, which is wrong */
 424         check(!instr_is_branch_iform(ppc_inst(0x7bffffff)));
 425
 426         /* Simplest case, branch to self with link */
 427         check(instr_is_branch_iform(ppc_inst(0x48000001)));
 428         /* All bits of targets set */
 429         check(instr_is_branch_iform(ppc_inst(0x4bfffffd)));
 430         /* Some bits of targets set */
 431         check(instr_is_branch_iform(ppc_inst(0x4bff00fd)));
 432         /* Must be a valid branch to start with */
 433         check(!instr_is_branch_iform(ppc_inst(0x7bfffffd)));
 434
 435         /* Absolute branch to 0x100 */
 436         instr = ppc_inst(0x48000103);
 437         check(instr_is_branch_to_addr(&instr, 0x100));
 438         /* Absolute branch to 0x420fc */
 439         instr = ppc_inst(0x480420ff);
 440         check(instr_is_branch_to_addr(&instr, 0x420fc));
 441         /* Maximum positive relative branch, + 20MB - 4B */
 442         instr = ppc_inst(0x49fffffc);
 443         check(instr_is_branch_to_addr(&instr, addr + 0x1FFFFFC));
 444         /* Smallest negative relative branch, - 4B */
 445         instr = ppc_inst(0x4bfffffc);
 446         check(instr_is_branch_to_addr(&instr, addr - 4));
 447         /* Largest negative relative branch, - 32 MB */
 448         instr = ppc_inst(0x4a000000);
 449         check(instr_is_branch_to_addr(&instr, addr - 0x2000000));
 450
 451         /* Branch to self, with link */
 452         err = create_branch(&instr, &instr, addr, BRANCH_SET_LINK);
 453         check(instr_is_branch_to_addr(&instr, addr));
 454
 455         /* Branch to self - 0x100, with link */
 456         err = create_branch(&instr, &instr, addr - 0x100, BRANCH_SET_LINK);
 457         check(instr_is_branch_to_addr(&instr, addr - 0x100));
 458
 459         /* Branch to self + 0x100, no link */
 460         err = create_branch(&instr, &instr, addr + 0x100, 0);
 461         check(instr_is_branch_to_addr(&instr, addr + 0x100));
 462
 463         /* Maximum relative negative offset, - 32 MB */
 464         err = create_branch(&instr, &instr, addr - 0x2000000, BRANCH_SET_LINK);
 465         check(instr_is_branch_to_addr(&instr, addr - 0x2000000));
 466
 467         /* Out of range relative negative offset, - 32 MB + 4*/
 468         err = create_branch(&instr, &instr, addr - 0x2000004, BRANCH_SET_LINK);
 469         check(err);
 470
 471         /* Out of range relative positive offset, + 32 MB */
 472         err = create_branch(&instr, &instr, addr + 0x2000000, BRANCH_SET_LINK);
 473         check(err);
 474
 475         /* Unaligned target */
 476         err = create_branch(&instr, &instr, addr + 3, BRANCH_SET_LINK);
 477         check(err);
 478
 479         /* Check flags are masked correctly */
 480         err = create_branch(&instr, &instr, addr, 0xFFFFFFFC);
 481         check(instr_is_branch_to_addr(&instr, addr));
 482         check(ppc_inst_equal(instr, ppc_inst(0x48000000)));
 483 }
 484
 485 static void __init test_create_function_call(void)
 486 {
 487         unsigned int *iptr;
 488         unsigned long dest;
 489         unsigned int instr;
 490
 491         /* Check we can create a function call */
 492         iptr = (unsigned int *)ppc_function_entry(test_trampoline);
 493         dest = ppc_function_entry(test_create_function_call);
 494         create_branch(&instr, iptr, dest, BRANCH_SET_LINK);
 495         patch_instruction(iptr, instr);
 496         check(instr_is_branch_to_addr(iptr, dest));
 497 }
 498
 499 static void __init test_branch_bform(void)
 500 {
 501         int err;
 502         unsigned long addr;
 503         unsigned int *iptr, instr, flags;
 504
 505         iptr = &instr;
 506         addr = (unsigned long)iptr;
 507
 508         /* The simplest case, branch to self, no flags */
 509         check(instr_is_branch_bform(ppc_inst(0x40000000)));
 510         /* All bits of target set, and flags */
 511         check(instr_is_branch_bform(ppc_inst(0x43ffffff)));
 512         /* High bit of opcode set, which is wrong */
 513         check(!instr_is_branch_bform(ppc_inst(0xc3ffffff)));
 514         /* Middle bits of opcode set, which is wrong */
 515         check(!instr_is_branch_bform(ppc_inst(0x7bffffff)));
 516
 517         /* Absolute conditional branch to 0x100 */
 518         instr = ppc_inst(0x43ff0103);
 519         check(instr_is_branch_to_addr(&instr, 0x100));
 520         /* Absolute conditional branch to 0x20fc */
 521         instr = ppc_inst(0x43ff20ff);
 522         check(instr_is_branch_to_addr(&instr, 0x20fc));
 523         /* Maximum positive relative conditional branch, + 32 KB - 4B */
 524         instr = ppc_inst(0x43ff7ffc);
 525         check(instr_is_branch_to_addr(&instr, addr + 0x7FFC));
 526         /* Smallest negative relative conditional branch, - 4B */
 527         instr = ppc_inst(0x43fffffc);
 528         check(instr_is_branch_to_addr(&instr, addr - 4));
 529         /* Largest negative relative conditional branch, - 32 KB */
 530         instr = ppc_inst(0x43ff8000);
 531         check(instr_is_branch_to_addr(&instr, addr - 0x8000));
 532
 533         /* All condition code bits set & link */
 534         flags = 0x3ff000 | BRANCH_SET_LINK;
 535
 536         /* Branch to self */
 537         err = create_cond_branch(&instr, iptr, addr, flags);
 538         check(instr_is_branch_to_addr(&instr, addr));
 539
 540         /* Branch to self - 0x100 */
 541         err = create_cond_branch(&instr, iptr, addr - 0x100, flags);
 542         check(instr_is_branch_to_addr(&instr, addr - 0x100));
 543
 544         /* Branch to self + 0x100 */
 545         err = create_cond_branch(&instr, iptr, addr + 0x100, flags);
 546         check(instr_is_branch_to_addr(&instr, addr + 0x100));
 547
 548         /* Maximum relative negative offset, - 32 KB */
 549         err = create_cond_branch(&instr, iptr, addr - 0x8000, flags);
 550         check(instr_is_branch_to_addr(&instr, addr - 0x8000));
 551
 552         /* Out of range relative negative offset, - 32 KB + 4*/
 553         err = create_cond_branch(&instr, iptr, addr - 0x8004, flags);
 554         check(err);
 555
 556         /* Out of range relative positive offset, + 32 KB */
 557         err = create_cond_branch(&instr, iptr, addr + 0x8000, flags);
 558         check(err);
 559
 560         /* Unaligned target */
 561         err = create_cond_branch(&instr, iptr, addr + 3, flags);
 562         check(err);
 563
 564         /* Check flags are masked correctly */
 565         err = create_cond_branch(&instr, iptr, addr, 0xFFFFFFFC);
 566         check(instr_is_branch_to_addr(&instr, addr));
 567         check(ppc_inst_equal(instr, ppc_inst(0x43FF0000)));
 568 }
 569
 570 static void __init test_translate_branch(void)
 571 {
 572         unsigned long addr;
 573         unsigned int *p, *q;
 574         unsigned int instr;
 575         void *buf;
 576
 577         buf = vmalloc(PAGE_ALIGN(0x2000000 + 1));
 578         check(buf);
 579         if (!buf)
 580                 return;
 581
 582         /* Simple case, branch to self moved a little */
 583         p = buf;
 584         addr = (unsigned long)p;
 585         patch_branch(p, addr, 0);
 586         check(instr_is_branch_to_addr(p, addr));
 587         q = p + 1;
 588         translate_branch(&instr, q, p);
 589         patch_instruction(q, instr);
 590         check(instr_is_branch_to_addr(q, addr));
 591
 592         /* Maximum negative case, move b . to addr + 32 MB */
 593         p = buf;
 594         addr = (unsigned long)p;
 595         patch_branch(p, addr, 0);
 596         q = buf + 0x2000000;
 597         translate_branch(&instr, q, p);
 598         patch_instruction(q, instr);
 599         check(instr_is_branch_to_addr(p, addr));
 600         check(instr_is_branch_to_addr(q, addr));
 601         check(ppc_inst_equal(*q, ppc_inst(0x4a000000)));
 602
 603         /* Maximum positive case, move x to x - 32 MB + 4 */
 604         p = buf + 0x2000000;
 605         addr = (unsigned long)p;
 606         patch_branch(p, addr, 0);
 607         q = buf + 4;
 608         translate_branch(&instr, q, p);
 609         patch_instruction(q, instr);
 610         check(instr_is_branch_to_addr(p, addr));
 611         check(instr_is_branch_to_addr(q, addr));
 612         check(ppc_inst_equal(*q, ppc_inst(0x49fffffc)));
 613
 614         /* Jump to x + 16 MB moved to x + 20 MB */
 615         p = buf;
 616         addr = 0x1000000 + (unsigned long)buf;
 617         patch_branch(p, addr, BRANCH_SET_LINK);
 618         q = buf + 0x1400000;
 619         translate_branch(&instr, q, p);
 620         patch_instruction(q, instr);
 621         check(instr_is_branch_to_addr(p, addr));
 622         check(instr_is_branch_to_addr(q, addr));
 623
 624         /* Jump to x + 16 MB moved to x - 16 MB + 4 */
 625         p = buf + 0x1000000;
 626         addr = 0x2000000 + (unsigned long)buf;
 627         patch_branch(p, addr, 0);
 628         q = buf + 4;
 629         translate_branch(&instr, q, p);
 630         patch_instruction(q, instr);
 631         check(instr_is_branch_to_addr(p, addr));
 632         check(instr_is_branch_to_addr(q, addr));
 633
 634
 635         /* Conditional branch tests */
 636
 637         /* Simple case, branch to self moved a little */
 638         p = buf;
 639         addr = (unsigned long)p;
 640         create_cond_branch(&instr, p, addr, 0);
 641         patch_instruction(p, instr);
 642         check(instr_is_branch_to_addr(p, addr));
 643         q = p + 1;
 644         translate_branch(&instr, q, p);
 645         patch_instruction(q, instr);
 646         check(instr_is_branch_to_addr(q, addr));
 647
 648         /* Maximum negative case, move b . to addr + 32 KB */
 649         p = buf;
 650         addr = (unsigned long)p;
 651         create_cond_branch(&instr, p, addr, 0xFFFFFFFC);
 652         patch_instruction(p, instr);
 653         q = buf + 0x8000;
 654         translate_branch(&instr, q, p);
 655         patch_instruction(q, instr);
 656         check(instr_is_branch_to_addr(p, addr));
 657         check(instr_is_branch_to_addr(q, addr));
 658         check(ppc_inst_equal(*q, ppc_inst(0x43ff8000)));
 659
 660         /* Maximum positive case, move x to x - 32 KB + 4 */
 661         p = buf + 0x8000;
 662         addr = (unsigned long)p;
 663         create_cond_branch(&instr, p, addr, 0xFFFFFFFC);
 664         patch_instruction(p, instr);
 665         q = buf + 4;
 666         translate_branch(&instr, q, p);
 667         patch_instruction(q, instr);
 668         check(instr_is_branch_to_addr(p, addr));
 669         check(instr_is_branch_to_addr(q, addr));
 670         check(ppc_inst_equal(*q, ppc_inst(0x43ff7ffc)));
 671
 672         /* Jump to x + 12 KB moved to x + 20 KB */
 673         p = buf;
 674         addr = 0x3000 + (unsigned long)buf;
 675         create_cond_branch(&instr, p, addr, BRANCH_SET_LINK);
 676         patch_instruction(p, instr);
 677         q = buf + 0x5000;
 678         translate_branch(&instr, q, p);
 679         patch_instruction(q, instr);
 680         check(instr_is_branch_to_addr(p, addr));
 681         check(instr_is_branch_to_addr(q, addr));
 682
 683         /* Jump to x + 8 KB moved to x - 8 KB + 4 */
 684         p = buf + 0x2000;
 685         addr = 0x4000 + (unsigned long)buf;
 686         create_cond_branch(&instr, p, addr, 0);
 687         patch_instruction(p, instr);
 688         q = buf + 4;
 689         translate_branch(&instr, q, p);
 690         patch_instruction(q, instr);
 691         check(instr_is_branch_to_addr(p, addr));
 692         check(instr_is_branch_to_addr(q, addr));
 693
 694         /* Free the buffer we were using */
 695         vfree(buf);
 696 }
 697
 698 static int __init test_code_patching(void)
 699 {
 700         printk(KERN_DEBUG "Running code patching self-tests ...\n");
 701
 702         test_branch_iform();
 703         test_branch_bform();
 704         test_create_function_call();
 705         test_translate_branch();
 706
 707         return 0;
 708 }
 709 late_initcall(test_code_patching);
 710
 711 #endif /* CONFIG_CODE_PATCHING_SELFTEST */