Quite frankly, maybe I'm a bit dense, but why don't you just recompile the
whole original function (at run-time), load that new version of a function
as a mini-module, and then insert a marker at the top of the old function
that just does a "jmp replacementfunction".
That has _zero_ cost for the non-marker case, and allows you to do pretty
much any arbitrary code changes for the marker case.
It's also a much simpler replacement.
Yeah, that "jmp replacementfunction" is five or more bytes, but you can
trivially do the actual _replacement_ write by writing it first as a
single-byte debug trap, and after that has been written, write the target
address after it, and then write the first byte of the "jmp" instruction
last. In the (very unlikely) case that another CPU hits that debug trap,
you just fix it up in the debug handler - you only need a single datum of
"this is where that debug trap should relocate", because you simply create
a triial spinlock around the code-sequence that does the instruction
rewrite.
When undoing it, just do the same thing in reverse.
Yeah, this requires you to basically recompile some function snippet when
you insert a probe, but if that scares people, you could basically do it
using the old code and inserting the markers and "relinking" it - avoiding
the C compiler, and just basically have an "assembly recompiler".
And yeah, maybe you want to do without the use of modules, and you'd just
have a memory area that is kept free for these kinds of code replacement
issues. And you can optimize it to not recompile the whole function, but
do it on a finer granularity if you want.
And sure, you want to really make sure that there is security in place so
that this isn't used for rootkits, but isn't that true of pretty much
*any* trace facility?
Linus
--
