On Thu, Jan 28, 2021 at 06:45:56PM +0200, Nikolay Borisov wrote: > it would be placed on the __fentry__ (and not endbr64) hence it works. > So perhaps a workaround outside of bpf could essentially detect this > scenario and adjust the probe to be on the __fentry__ and not preceding > instruction if it's detected to be endbr64 ? Arguably the fentry handler should also set the nmi context, it can, after all, interrupt pretty much any other context by construction.
