From: Chuck Ebbert <cebbert@redhat.com>
To: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
prasanna@in.ibm.com, ananth@in.ibm.com
Subject: Re: [patch 4/8] Immediate Value - i386 Optimization; kprobes
Date: Mon, 18 Jun 2007 14:44:57 -0400 [thread overview]
Message-ID: <4676D2A9.6090403@redhat.com> (raw)
In-Reply-To: <20070618145702.GA5254@Krystal>
On 06/18/2007 10:57 AM, Mathieu Desnoyers wrote:
> * Chuck Ebbert (cebbert@redhat.com) wrote:
>>> + return NOTIFY_STOP;
>>> + }
>>> + return NOTIFY_DONE;
>>> +}
>>> +
>>> +static struct notifier_block immediate_notify = {
>>> + .notifier_call = immediate_notifier,
>>> + .priority = 0x7fffffff, /* we need to be notified first */
>>> +};
>>> +
>>> +/*
>>> + * The address is not aligned. We can only change 1 byte of the value
>>> + * atomically.
>>> + * Must be called with immediate_mutex held.
>>> + */
>>> +int immediate_optimized_set_enable(void *address, char enable)
>>> +{
>>> + char saved_byte;
>>> + int ret;
>>> + char *dest = address;
>>> +
>>> + if (!(enable ^ dest[1])) /* Must be a state change 0<->1 to execute */
>>> + return 0;
>>> +
>>> +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_PAGEALLOC)
>>> + /* Make sure this page is writable */
>>> + change_page_attr(virt_to_page(address), 1, PAGE_KERNEL_EXEC);
>>> + global_flush_tlb();
>>> +#endif
>> Can't we have a macro or inline to do this, and the setting back
>> to read-only? kprobes also has the same ugly #if blocks...
>>
>> Hmm, what happens if you race with kprobes setting a probe on
>> the same page? Couldn't it unexpectedly become read-only?
>>
>
> Hi Chuck,
>
> I am looking more closely at kprobes; a few comments while we are here:
>
> 1 - Why is kprobe_count an atomic_t variable instead of a simple
> integer? It is always protected by the kprobe_mutex anyway. All this
> synchronization seems redundant.
>
> 2 - I wonder where is the equivalent of my snippet in kprobes code:
>>> +#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_PAGEALLOC)
>>> + /* Make sure this page is writable */
>>> + change_page_attr(virt_to_page(address), 1, PAGE_KERNEL_EXEC);
>>> + global_flush_tlb();
>>> +#endif
>
> I fancy it's done by the kprobe_page_fault handler, but I do not see
> clearly how writing the breakpoint from arch_arm_kprobe() in
> non-writeable memory is done.
Looks like it's not merged yet:
http://lkml.org/lkml/2007/6/7/2
This needs to go in before 2.6.22-final
>
> In any case, I would like not to use that kind of approach; I prefer to
> set the memory page to RWX before doing the memory write so I do not
> depend on the page fault handler (remember that I instrument the page
> fault handler itself...).
>
> Maybe we could use a shared "text_mutex" between kprobes and
> immediate values to insure mutual exclusion for .text modification.
> However, we would still have the following coherency issue when an
> immediate value and a kprobe share the same address:
>
> 1- enable immediate value
> 2- put a kprobe at the immediate value load instruction address
> 3- disable immediate value
> 4- remove kprobe
>
> The kprobe removal would put back the load immediate instruction and
> would not touch the loaded value (which is ok). However, the instruction
> copy kept by kprobes would not be in sync with the immediate value
> state:
>
> Scenario 1: kprobes int3 handler first:
>
> 1- enable immediate value
> 2- put a kprobe at the immediate value load instruction address
>
> -> int3 triggered
> kprobe handler runs. Single-steps the "enabled" state.
>
> 3- disable immediate value
>
> -> int3 triggered
> kprobe handler runs. Single-steps the "enabled" state. This state is
> wrong.
>
> 4- remove kprobe
>
>
> Scenario 2: immediate value int3 handler first:
>
> 1- enable immediate value
> 2- put a kprobe at the immediate value load instruction address
>
> -> int3 triggered
> kprobe handler runs. Single-steps the "enabled" state.
>
> 3- disable immediate value
> -> int3 triggered (while we disable)
> While we disable, the immediate value int3 handler is executed first. It
> would cause the kprobe handler not to be called, and no "missing"
> counter would be incremented.
>
> kprobe handler runs. Single-steps the "enabled" state. This state is
> wrong.
>
> 4- remove kprobe
>
>
> Since I don't want to depend on kprobes to put the breakpoint, because
> of its reentrancy limitations (see all the __probes functions), It would
> be good to figure out a mutual exclusion mechanism between immediate
> values and kprobes. Maybe we could forbid kprobes to insert probes on
> addresses present in the immediate values tables ? Or better: if we
> detect this scenario, we could put the kprobe breakpoint at the
> instruction following the "movl".
>
That's up to you and the kprobes people, I guess...
next prev parent reply other threads:[~2007-06-18 18:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-15 20:23 [patch 0/8] Immediate values for fast branches Mathieu Desnoyers
2007-06-15 20:23 ` [patch 1/8] Immediate Value - Architecture Independent Code Mathieu Desnoyers
2007-06-15 20:23 ` [patch 2/8] Immediate Values - Non Optimized Architectures Mathieu Desnoyers
2007-06-15 20:23 ` [patch 3/8] Immediate Value - Add kconfig menus Mathieu Desnoyers
2007-06-15 20:23 ` [patch 4/8] Immediate Value - i386 Optimization Mathieu Desnoyers
2007-06-15 22:02 ` Chuck Ebbert
2007-06-17 17:50 ` Mathieu Desnoyers
2007-06-18 14:57 ` [patch 4/8] Immediate Value - i386 Optimization; kprobes Mathieu Desnoyers
2007-06-18 18:44 ` Chuck Ebbert [this message]
2007-06-18 18:56 ` Andrew Morton
2007-06-18 19:27 ` Mathieu Desnoyers
2007-06-18 19:32 ` Andi Kleen
2007-06-18 20:16 ` Chuck Ebbert
2007-06-19 10:06 ` [patch 1/2] kprobes i386 quick fix mark-ro-data S. P. Prasanna
2007-06-19 10:08 ` [patch 2/2] kprobes x86_64 " S. P. Prasanna
2007-06-19 13:21 ` Arjan van de Ven
2007-06-19 13:30 ` Mathieu Desnoyers
2007-06-19 13:44 ` Arjan van de Ven
2007-06-19 14:31 ` S. P. Prasanna
2007-06-19 16:47 ` [patch 1/2] kprobes i386 " Andi Kleen
2007-06-15 20:23 ` [patch 5/8] Immediate Value - PowerPC Optimization Mathieu Desnoyers
2007-06-15 20:23 ` [patch 6/8] Immediate Value - Documentation Mathieu Desnoyers
2007-06-15 20:23 ` [patch 7/8] F00F bug fixup for i386 - use immediate values Mathieu Desnoyers
2007-06-15 20:23 ` [patch 8/8] Scheduler profiling - Use " Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4676D2A9.6090403@redhat.com \
--to=cebbert@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ananth@in.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@polymtl.ca \
--cc=prasanna@in.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.