On Fri, 18 Oct 2019 at 18:11, Sami Tolvanen <samitolvanen@xxxxxxxxxx> wrote: > > With CONFIG_FUNCTION_GRAPH_TRACER, function return addresses are > modified in ftrace_graph_caller and prepare_ftrace_return to redirect > control flow to ftrace_return_to_handler. This is incompatible with > return address protection. > > Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx> How difficult would it be to update the return address on the shadow call stack along with the normal one? Not having to disable infrastructure that is widely used by the distros would make this a lot more palatable in the general case (even if it is Clang only at the moment) > --- > kernel/trace/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig > index e08527f50d2a..b7e5e3bfa0f4 100644 > --- a/kernel/trace/Kconfig > +++ b/kernel/trace/Kconfig > @@ -161,6 +161,7 @@ config FUNCTION_GRAPH_TRACER > depends on HAVE_FUNCTION_GRAPH_TRACER > depends on FUNCTION_TRACER > depends on !X86_32 || !CC_OPTIMIZE_FOR_SIZE > + depends on ROP_PROTECTION_NONE > default y > help > Enable the kernel to trace a function at both its return > -- > 2.23.0.866.gb869b98d4c-goog >
