Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1968191ybl;
        Thu, 29 Aug 2019 01:26:11 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz45dF7otsQBZheoKdm9QqoF/IYkVCEVnPEO7Sf3X7yNg9EWChKZM+jJDzxA0G8um6aJKqp
X-Received: by 2002:a17:902:e493:: with SMTP id cj19mr8473784plb.292.1567067171385;
        Thu, 29 Aug 2019 01:26:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1567067171; cv=none;
        d=google.com; s=arc-20160816;
        b=CFgQX2AcfMl6voOFZOenwhtFwdbjBxs7mI4lUKkgq8nC4XH1aqwIrWwu6+Aw0FxkDN
         4pEJsBAYa+xVHJ0YinA3GmXebMJUJQkIWqJFABgLt2zBHuLcIn+/ch690rkuYJahVHCl
         FGq+QPUTsdwPaC1MA9/8iRM3me0/jrI2lsxhZ031ObS9i+phlOa47I3EYrJOmuf2JoNr
         7gYyNz+cAa+Q/lKeaX8MBgSg8eP6sGADmfDZSlorOnrSamtxwe/t3A0fX9En2VZJBqdt
         LpKeWnj5n0bk/muJXe6QYrdc71MfxrsJFhDq3xrsxYstZIngjINzxdKsy1yNftdcIx+x
         fRvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:organization:from:references:cc:to:subject;
        bh=YJxHJqqRvrJEH6lC7x+Xb14f28ZdA2RxgID1VX363fU=;
        b=ew3CUyZjB32aOXXyxvt7o4vM4XYnvbXpTe4dyJbVXWv7bnLuyQZZVh6LijNrvkNiq5
         0xlrtoFn3ZJku60Q7oTbrk6sahJAu4YEoWysOjvecysshuqsStjCPVGlv1NmkXxxH+aP
         xS+fNQhczER5f4Gnlph422vmg9sqU4wz2x9q1pBkGSm1usjY0X5uenPQw7WzmL35GBIA
         LtfH6B1mrgrBJGWfFxqRr1P3Y4j4ORpx/pDAQmrBmba5PX7/GuWsYu2rHw82Xs3RkfDW
         4B/GgFYeOtApN9OfoXa4ES/Z6PJxr9ev7d0cTPJR65zY8HWhAqip4PP8J0gfLQ1YVJLA
         UQow==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d9si1554035pjr.20.2019.08.29.01.25.55;
        Thu, 29 Aug 2019 01:26:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727056AbfH2IZD (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Thu, 29 Aug 2019 04:25:03 -0400
Received: from mga04.intel.com ([192.55.52.120]:17081 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727022AbfH2IZC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Aug 2019 04:25:02 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 01:25:01 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,442,1559545200"; 
   d="scan'208";a="197752669"
Received: from ahunter-desktop.fi.intel.com (HELO [10.237.72.66]) ([10.237.72.66])
  by fmsmga001.fm.intel.com with ESMTP; 29 Aug 2019 01:24:57 -0700
Subject: Tracing text poke / kernel self-modifying code (Was: Re: [RFC v2 0/6]
 x86: dynamic indirect branch promotion)
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Nadav Amit <nadav.amit@gmail.com>, Andi Kleen <ak@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Edward Cree <ecree@solarflare.com>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Borislav Petkov <bp@alien8.de>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        songliubraving@fb.com
References: <87zhshe66w.fsf@linux.intel.com>
 <20190107163227.GH14122@hirez.programming.kicks-ass.net>
 <c4e836e8-1949-27f5-f6a0-ed860f590ec5@intel.com>
 <20190108092559.GA6808@hirez.programming.kicks-ass.net>
 <306d38fb-7ce6-a3ec-a351-6c117559ebaa@intel.com>
 <20190108101058.GB6808@hirez.programming.kicks-ass.net>
 <20190108172721.GN6118@tassilo.jf.intel.com>
 <D1A153D5-D23B-45E6-9E7A-EB9CBAE84B7E@gmail.com>
 <20190108190104.GC1900@hirez.programming.kicks-ass.net>
 <7EB5F9ED-8743-4225-BE97-8D5C8D8E0F84@gmail.com>
 <20190109103544.GH1900@hirez.programming.kicks-ass.net>
From:   Adrian Hunter <adrian.hunter@intel.com>
Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki,
 Business Identity Code: 0357606 - 4, Domiciled in Helsinki
Message-ID: <7b4952c2-d3e3-488f-3697-2e8b71c58063@intel.com>
Date:   Thu, 29 Aug 2019 11:23:52 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190109103544.GH1900@hirez.programming.kicks-ass.net>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 9/01/19 12:35 PM, Peter Zijlstra wrote:
> On Tue, Jan 08, 2019 at 12:47:42PM -0800, Nadav Amit wrote:
> 
>> A general solution is more complicated, however, due to the racy nature of
>> cross-modifying code. There would need to be TSC recording of the time
>> before the modifications start and after they are done.
>>
>> BTW: I am not sure that static-keys are much better. Their change also
>> affects the control flow, and they do affect the control flow.
> 
> Any text_poke() user is a problem; which is why I suggested a
> PERF_RECORD_TEXT_POKE that emits the new instruction. Such records are
> timestamped and can be correlated to the trace.
> 
> As to the racy nature of text_poke, yes, this is a wee bit tricky and
> might need some care. I _think_ we can make it work, but I'm not 100%
> sure on exactly how PT works, but something like:
> 
>  - write INT3 byte
>  - IPI-SYNC
> 
> and ensure the poke_handler preserves the existing control flow (which
> it currently does not, but should be possible).
> 
>  - emit RECORD_TEXT_POKE with the new instruction
> 
> at this point the actual control flow will be through the INT3 and
> handler and not hit the actual instruction, so the actual state is
> irrelevant.
> 
>  - write instruction tail
>  - IPI-SYNC
>  - write first byte
>  - IPI-SYNC
> 
> And at this point we start using the new instruction, but this is after
> the timestamp from the RECORD_TEXT_POKE event and decoding should work
> just fine.
> 

Presumably the IPI-SYNC does not guarantee that other CPUs will not already
have seen the change.  In that case, it is not possible to provide a
timestamp before which all CPUs executed the old code, and after which all
CPUs execute the new code.

So we need 2 events: one before and one after the text poke.  Then it will
be up to the tools to figure out which code path was taken in that time
interval. e.g.

	1. emit RECORD_TEXT_POKE
		flags:	BEFORE (timestamp is before change)
		method:	INT3 (INT3 method used to change code)
		ip
		code size
		code bytes before
		code bytes after

	2. text poke

	3. emit RECORD_TEXT_POKE
		flags:	AFTER (timestamp is after change)
		method:	INT3 (INT3 method used to change code)
		ip
		code size
		code bytes before
		code bytes after

Thoughts?