Places where the kernel modifies itself (.text) during runtime

Andrew Case atcuno at gmail.com
Wed Sep 5 15:56:39 EDT 2012


Hello,

I am trying to determine all the ways/methods in which the kernel will
modify its own .text section after the machine has booted. I am
working with the latest Fedora kernel (3.5.2-3.fc17.x86_64).

So far I have identified:

1) smp_locks
2) .alt_instructions - although from writing a script to parse the
alt_instr structures, it seems these may not affect .text, any
clarification on this would be greatly appreciated.
3) dynamic ftracing (related to mcount)

4)
I also see where the paravirt instructions (PVOP_CALL4) seems to
compile as absolute call instructions, but then become relative calls
at runtime. I figured this one out this by diffing the disassembly of
xen_cpuid_base in both memory and from the vmlinux after noticing they
were not the same:

# diff xen_cpuid_base-memory xen_cpuid_base-disk
20,21c20
< 0000003C  E8A2E5A3FF        call dword 0xffffffffffa3e5e3
< 00000041  6690              xchg ax,ax
---
> 0000003C  FF142580DCC181    call qword [0xffffffff81c1dc80]

and the 0xffffffff81c1dc80 instruction relates to the cpuid function
which ends up in paravirt code.

Any clarifications or links to docs on this changing of the calls in
the paravirt subsystem would be helpful.

I also would like to find out if the kernel changes itself in any
other way besides those that I have listed.

Thanks,
Andrew



More information about the Kernelnewbies mailing list