On Sat, Mar 2, 2024 at 12:46 PM Jiri Olsa <olsajiri@xxxxxxxxx> wrote: > > > I'm bit in the dark in here, but uprobe_write_opcode stores the int3 > byte by allocating new page, copying the contents of the old page over > and updating it with int3 byte.. then calls __replace_page to put new > page in place > > should that be enough also for 5 bytes update? the cpu executing that > exact page will page fault and get the new updated page? I discussed > with Oleg and got this understanding, I might be wrong > > hm what if the cpu is just executing the address in the middle of the > uprobe's original instructions and the page gets updated.. I need to > check more on this ;-) I suspect it's all working fine already. Only x86 is using single byte uprobe. All other archs are using 2 or 4 byte. So replacing an insn or two with a call should work. > I saw this as generic uprobe enhancement, should it be sys_bpf syscall, > not a some generic one? we will call all the uprobe's handlers/consumers yeah. If we can make all uprobes faster without relying on nop5 usdt then it's certainly better. But if "replace any insn" turns out to be too complex we can limit it to replacing nop5 or replacing simple insns in the prologue like push, mov.
