On Tue, 22 Oct 2019 15:45:26 -0700 Andy Lutomirski <l...@amacapital.net> wrote:
> >> On Oct 22, 2019, at 2:58 PM, Alexei Starovoitov > >> <alexei.starovoi...@gmail.com> wrote: > >> > >> On Tue, Oct 22, 2019 at 05:04:30PM -0400, Steven Rostedt wrote: > >> I gave a solution for this. And that is to add another flag to allow > >> for just the minimum to change the ip. And we can even add another flag > >> to allow for changing the stack if needed (to emulate a call with the > >> same parameters). > > > > your solution is to reduce the overhead. > > my solution is to remove it competely. See the difference? > > > >> By doing this work, live kernel patching will also benefit. Because it > >> is also dealing with the unnecessary overhead of saving regs. > >> And we could possibly even have kprobes benefit from this if a kprobe > >> doesn't need full regs. > > > > Neither of two statements are true. The per-function generated trampoline > > I'm talking about is bpf specific. For a function with two arguments it's > > just: > > push rbp > > mov rbp, rsp > > push rdi > > push rsi > > lea rdi,[rbp-0x10] > > call jited_bpf_prog > > pop rsi > > pop rdi > > leave > > ret > > Why are you saving rsi? You said upthread that you’re saving the > args, but rsi is already available in rsi. The above is for two parameters, and is being called before the function with those two parameters. The jited_bpf_prog will be called with those two parameters as well, but it may also clobber them. Then we need to restore those two parameters before calling the original function. > > Just how custom is this bpf program? It seems to clobber no regs > (except args), and it doesn’t return anything. Is it entirely > specific to the probed function? If so, why not just call it > directly? It's injecting the jited_bpf_prog to be called when the probed function is called, with the same parameters as the probed function. my_probed_function call trampoline trampoline save parameters call jited_bpf_prog (with same parameters) restore paremeters ret Jumps back to the my_probed_function, where my_probed_function is clueless it was just interrupted. No need to save any clobbered registers but the parameters, as the jited_bpf_prog needs to save any registers that it clobbers just like the my_probed_function saves its. -- Steve
