Re: Hitachi djprobe mechanism

[Mathieu Desnoyers <compudj at krystal dot dyndns dot org>]

* Mathieu Lacage (Mathieu.Lacage@sophia.inria.fr) wrote:
> On Thu, 2005-07-28 at 21:53 -0400, Frank Ch. Eigler wrote:
> > But that would render the facility nearly powerless.  Let us try
> > harder to characterize those cases where it can safely used as an int3
> > substitute.
> 
> If I read the djprobe documentation well and if I assume that
> inserting/removing the probe can be done safely, independently of how
> many bytes I overwrite in the source function, the rules, for now, are
> rather simple.
> 
> Let's say you want to insert probe at location x. If there is no
> relative jmp or indirect call or ret instruction in [x,x+5], you can
> insert the probe at location x.
> 

If you follow the discussions on the system tap mailing list, you will find out
that any instruction smaller that 5 bytes is a bad thing to overwrite.
(interrupts and preemption problems, as well as cpu instruction cache coherency)
Some of those cases (interrupts and instruction cache coherency) only shows on
SMP machines (assuming the overwriting code would return in the modified path
through an interruption on UP, which is plausible).

> The kerninst papers explain how to avoid the constraint on the "relative
> jmp" by relocating it in the allocated instruction buffer and I fail to
> see an obvious flaw in it so, I assume it would work if there is a need
> to optimize this case.
> 
> I have probably missed other cases. Would someone who knows a lot more
> about this fill in the missing rules so that I can do a more interesting
> statistical analysis of the binaries on my system than simply counting
> the number of instructions bigger than 5 ?
> 

I would tend to say that it seems difficult for now to overwrite instructions <=
5 bytes. Or maybe someone has a genial idea ?


Mathieu


OpenPGP public key:              http://krystal.dyndns.org:8080/key/compudj.gpg
Key fingerprint:     8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68