On 05/15, Edgecombe, Rick P wrote: > > On Wed, 2024-05-15 at 13:35 +0200, Oleg Nesterov wrote: > > > > > I'm ok with not using optimized uretprobe when shadow stack is detected > > > as enabled and we go with current uretprobe in that case > > > > But how can we detect it? Again, suppose userspace does > > the rdssp instruction returns the value of the shadow stack pointer. On non- > shadow stack it is a nop. So you could check if the SSP is non-zero to find if > shadow stack is enabled. But again, the ret-probed function can enable it before it returns? And we need to check if it is enabled on the function entry if we want to avoid sys_uretprobe() in this case. Although I don't understand why we want to avoid it. > This would catch most cases, but I guess there is the > possibility of it getting enabled in a signal that hit between checking and the > rest of operation. Or from signal handler. > Is this uretprobe stuff signal safe in general? In what sense? I forgot everything about this code but I can't recall any problem with signals. Except it doesn't support sigaltstack() + siglongjmp(). Oleg.