Re: Official documentation from Intel stating that poking INT3 (single-byte) concurrently is OK ?

[Mathieu Desnoyers]

On 2023-02-21 12:50, Steven Rostedt wrote:
> On Tue, 21 Feb 2023 11:44:42 -0500
> Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote:
>
> > Hi Peter,
> >
> > I have emails from you dating from a few years back unofficially stating
> > that it's OK to update the first byte of an instruction with a single-byte
> > int3 concurrently:
> >
> > https://lkml.indiana.edu/hypermail/linux/kernel/1001.1/01530.html
> >
> > It is referred in the original implementation of text_poke_bp():
> > commit fd4363fff3d9 ("x86: Introduce int3 (breakpoint)-based instruction patching")
> >
> > Olivier Dion is working on the libpatch [1,2] project aiming to use this
> > property for low-latency/low-overhead live code patching in user-space as
> > well, but we cannot find an official statement from Intel that guarantees
> > this breakpoint-bypass technique is indeed OK without stopping the world
> > while patching.
> >
> > Do you know where I could find an official statement of this guarantee ?
>
> The fact that we have been using it for over 10 years without issue should
> be a good guarantee ;-)
>
> I know you probably prefer an official statement, and I thought they
> actually gave one, but can't seem to find it.

I recall an in-person discussion with Peter Anvin shortly after he got 
the official confirmation, but I cannot find any public trace of it. I 
suspect Intel may have documented this internally only.

 Anyway. how does the dynamic
> linker do this? Doesn't it update code on the fly as well?

The dynamic linker is similar to the module loader in the kernel: the 
code modification is done before the loaded code is ever executed, and 
is therefore inherently safe with respect to cross-modification of 
concurrently executing code.

Thanks,

Mathieu

--
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com