Re: Hitachi djprobe mechanism

[Karim Yaghmour <karim at opersys dot com>]

Satoshi Oshima wrote:
> step 2: safety check;
>          make sure that all CPUs don't run on the code that will
>          be replaced with jmp instruction (also check whether stack
>          include EIP of the code which is subject to replace)

Please explain exactly how you will make sure that there is no pre-existing
reference to any of the replaced instructions, whether it be on the stack
or elsewhere. Consider a system that has many thousands of processes running
in parallel on different CPUs.

Also consider that you may find things on the stack that look like address
references to the range you wish to replace, but are actually valid data.

> step 3: (after all CPU pass safety check) replace with jmp
>          instruction without first byte. leave int 3 instruction
>          unchanged at this time (new step).

This still fails to cover the very simple case I explained earlier:
	if (...)
		goto label;
	<more code>
	single_byte_asm_instruction_code();
label:
	foo();

You still can't replace the instruction right before the label, and you'd
have to have an integrated disassembler to go through all the code and
make sure it too doesn't have a reference to the address of "label:".

In as far as I can see, it remains that the only safe way to use djprobe
is to not touch any instruction that is less than 5 bytes, that's if
there aren't other limitations as I mentioned earlier.

Karim
-- 
Author, Speaker, Developer, Consultant
Pushing Embedded and Real-Time Linux Systems Beyond the Limits
http://www.opersys.com || karim@opersys.com || 1-866-677-4546