Re: [PATCH] Linux Kernel Markers

* Martin Bligh ( wrote:
> How about we combine all three ideas together ...
> 1. Load modified copy of the function in question.
> 2. overwrite the first instruction of the routine with an int3 that
> does what you say (atomically)
> 3. Then overwrite the second instruction with a jump that's faster
> 4. Now atomically overwrite the int3 with a nop, and let the jump
> take over.

Very good idea.. However, overwriting the second instruction with a jump could
be dangerous on preemptible and SMP kernels, because we never know if a thread
has an IP in any of its contexts that would return exactly at the middle of the
jump. I think it would be doable to overwrite a 5+ bytes instruction with a NOP
non-atomically in all cases, but as the instructions nin the prologue seems to
be smaller :

prologue on x86
   0:   55                      push   %ebp
   1:   89 e5                   mov    %esp,%ebp
epilogue on x86
   3:   5d                      pop    %ebp
   4:   c3                      ret

Then is can be a problem. Ideas are welcome.


OpenPGP public key:    
Key fingerprint:     8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68 

