On Fri, Jul 10, 2020 at 12:49:10PM +0200, Peter Zijlstra wrote: > On Fri, Jul 10, 2020 at 01:36:38PM +0300, Jarkko Sakkinen wrote: > > Just so that I know (and learn), what did exactly disable optprobes? > > So regular, old-skool style kprobe is: > > - copy original instruction out > - replace instruction with breakpoint (int3 on x86) > - have exception handler return to the copied instruction with > single-step on > - have single step exception handler return to the original > instruction stream > > which is 2 exceptions.
Out of pure interest, how does it handle a jump (as the original opcode), given that it single steps a copy? > optprobes avoid the single-step by not only writing a single > instruction, but additionally placing a JMP instruction behind it such > that it will automagically continue in the original instruction stream. > > This brings the requirement that the copied instruction is placed > within the JMP displacement of the regular kernel text (s32 on x86). > > module_alloc() ensures the memory provided is within that range. Right, a relative jump is placed instead of 0xcc to the breakpoint? /Jarkko
