This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Notes from the systemtap BOF


Hello,

Mathieu Desnoyers wrote:
A question about djprobes :

What would happen, on a SMP machine, if CPU A modifies the instructions (non
atomically) by inserting a jmp while another cpu, CPU B, has an EIP on its stack
which happens to be at the middle of the jmp address ? Would it cause an invalid
instruction exception when CPU B goes back fetching what it thinks is assembly
instructions while in fact it is a memory adress for the jmp ?

If CPU B stacks the EIP, then yes it cause invalid instruction error.
But before insertion, djprobe has checked whether the all CPUs are through
the djprobe's kprobe bypass.
There is a hazard situation that an interrupt handler calls a recursive function that interrupted by that interrupt handler.
I think, we should check the EIP in the entry of interrupt handler.


I think that the interrupt protection does not guarantee that no CPU has this
EIP address on their stack or in their current EIP : it only protects from CPU
which has not gone in this code path yet.

But maybe am I wrong ?

No, you are right. I do not use the interrupt protection.


* Karim Yaghmour (karim@opersys.com) wrote:

1) Jmps are multiple bytes, need to watch for branches to the middle of
the old code
2) Insertion in "exception areas" like copy_from_user, when emulating
the instructions that could fault.

There was one gentleman who was concerned regarding that all CPUs would pass through the kprob'ed point prior to replacing the original code. I think the question went something like: But what if not all CPUs go through that code path?

If that, djprobe can not replace the breakpoint to jump instruction. And djprobe consumes the overhead same as kprobe in that situation.
I think if the EIP is checked in the interrupt handler, we can insert jmp code.
Currently, I think the entry of most functions are safe areas. Because the functions just save the registers and expand local stacks.


Or, should we consider the idea that we use the simple space that contains just 5 nops(*) ?

(*) like below
#define __JMP_POINT(tname) {asm volatile( ".global" #name "; "\
                                        #name ":nop;nop;nop;nop;nop;");}
#define JMP_POINT(name) __JMP_POINT(name##_tag)



--
Masami HIRAMATSU
2nd Research Dept.
Hitachi, Ltd., Systems Development Laboratory
E-mail: hiramatu@sdl.hitachi.co.jp


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]