Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2043290ybl; Thu, 29 Aug 2019 02:44:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1RjhabSwcFIeyErPNGxyyBsAsgRlJLqOGSnjazd+WH1tG7IBgpS2V+XwfFFuKoQPhC3R8 X-Received: by 2002:a17:90a:bc4b:: with SMTP id t11mr9018725pjv.87.1567071885171; Thu, 29 Aug 2019 02:44:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567071885; cv=none; d=google.com; s=arc-20160816; b=mR9cjA6fsihD/E0/SAQ/86tbDoE4WOfkw5YxNoj7Y48IObkydTNYQAByNyFJMcPCoX EKEsZAVZnAx1wgaWwU9VNjYYwmy8rvFa5jBDrkcBSYQb0Bnh2px5mW3K08jgzlFWOKnF 0L4AfG838Eocd4NHk8ht+dMGgE5NE5GrIPDLjoi/k5B5czaHOGTNBjQvL5c8lGm5H96z 8lgarhopLnm1cWec2IwpJRzsYtJzHiOkzix5MOwkCg2cGdWjGHoUbdTxdaS9c4YfFfE1 03xlUcOlc4Ed5zFZiB7EgDs7eoLwj7lcsJ2UnkuSqXnr5A+HFYD2sRqKNqa63Fq7SMdb Xm6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject; bh=Ujd4aRv8twrMVsn9azwL6rfh8GS6g3BhcecQhk0QobM=; b=atxoqnXcGTNSHXOsovPQ/xQIr53WOxSm6fnkknR2lCIva57MoaaB/fnYnuObFu8X8R enSYFwUgRiQvPW5PcGi0bBILK6/IGRByoes39rTTNv6CpYLoqCXIq5sWIpcPIfFlsbaK WCYjwInFqXZXypAvaFQ6o0sVKSYkf8fR7AljuiuDzS4t5VycIdA/VcQAUed6SuCIx7DA Bqm/LrG4LAcwTewKuGBUEtY5u2jUHno5gznyfjKNSmhIPGySf470wV2suqPvboaunnec //a3HfMXTEegBITX7foylxzrv2rGvdECM5guMqNuwUiI34tvE4wkZ5cNSYxUthYqgARa /nHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h1si1511814pgp.250.2019.08.29.02.44.29; Thu, 29 Aug 2019 02:44:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727028AbfH2JmG (ORCPT + 99 others); Thu, 29 Aug 2019 05:42:06 -0400 Received: from mga11.intel.com ([192.55.52.93]:4341 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727007AbfH2JmG (ORCPT ); Thu, 29 Aug 2019 05:42:06 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 02:42:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,442,1559545200"; d="scan'208";a="197765648" Received: from ahunter-desktop.fi.intel.com (HELO [10.237.72.66]) ([10.237.72.66]) by fmsmga001.fm.intel.com with ESMTP; 29 Aug 2019 02:42:01 -0700 Subject: Re: Tracing text poke / kernel self-modifying code (Was: Re: [RFC v2 0/6] x86: dynamic indirect branch promotion) To: Peter Zijlstra Cc: Nadav Amit , Andi Kleen , Ingo Molnar , Andy Lutomirski , Josh Poimboeuf , Edward Cree , "H . Peter Anvin" , Thomas Gleixner , LKML , X86 ML , Paolo Abeni , Borislav Petkov , David Woodhouse , Alexander Shishkin , songliubraving@fb.com References: <20190108092559.GA6808@hirez.programming.kicks-ass.net> <306d38fb-7ce6-a3ec-a351-6c117559ebaa@intel.com> <20190108101058.GB6808@hirez.programming.kicks-ass.net> <20190108172721.GN6118@tassilo.jf.intel.com> <20190108190104.GC1900@hirez.programming.kicks-ass.net> <7EB5F9ED-8743-4225-BE97-8D5C8D8E0F84@gmail.com> <20190109103544.GH1900@hirez.programming.kicks-ass.net> <7b4952c2-d3e3-488f-3697-2e8b71c58063@intel.com> <20190829085339.GN2369@hirez.programming.kicks-ass.net> From: Adrian Hunter Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki Message-ID: Date: Thu, 29 Aug 2019 12:40:56 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190829085339.GN2369@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 29/08/19 11:53 AM, Peter Zijlstra wrote: > On Thu, Aug 29, 2019 at 11:23:52AM +0300, Adrian Hunter wrote: >> On 9/01/19 12:35 PM, Peter Zijlstra wrote: >>> On Tue, Jan 08, 2019 at 12:47:42PM -0800, Nadav Amit wrote: >>> >>>> A general solution is more complicated, however, due to the racy nature of >>>> cross-modifying code. There would need to be TSC recording of the time >>>> before the modifications start and after they are done. >>>> >>>> BTW: I am not sure that static-keys are much better. Their change also >>>> affects the control flow, and they do affect the control flow. >>> >>> Any text_poke() user is a problem; which is why I suggested a >>> PERF_RECORD_TEXT_POKE that emits the new instruction. Such records are >>> timestamped and can be correlated to the trace. >>> >>> As to the racy nature of text_poke, yes, this is a wee bit tricky and >>> might need some care. I _think_ we can make it work, but I'm not 100% >>> sure on exactly how PT works, but something like: >>> >>> - write INT3 byte >>> - IPI-SYNC >>> >>> and ensure the poke_handler preserves the existing control flow (which >>> it currently does not, but should be possible). >>> >>> - emit RECORD_TEXT_POKE with the new instruction >>> >>> at this point the actual control flow will be through the INT3 and >>> handler and not hit the actual instruction, so the actual state is >>> irrelevant. >>> >>> - write instruction tail >>> - IPI-SYNC >>> - write first byte >>> - IPI-SYNC >>> >>> And at this point we start using the new instruction, but this is after >>> the timestamp from the RECORD_TEXT_POKE event and decoding should work >>> just fine. >>> >> >> Presumably the IPI-SYNC does not guarantee that other CPUs will not already >> have seen the change. In that case, it is not possible to provide a >> timestamp before which all CPUs executed the old code, and after which all >> CPUs execute the new code. > > 'the change' is an INT3 poke, so either you see the old code flow, or > you see an INT3 emulate the old flow in your trace. > > That should be unambiguous. > > Then you emit the RECORD_TEXT_POKE with the new instruction on. This > prepares the decoder to accept a new reality. > > Then we finish the instruction poke. > > And then when the trace no longer shows INT3 exceptions, you know the > new code is in effect. > > How is this ambiguous? It's not. I didn't get that from the first read, sorry. Can you expand on "and ensure the poke_handler preserves the existing control flow"? Whatever the INT3-handler does will be traced normally so long as it does not itself execute self-modified code.