On Thu, 2 May 2019 19:31:29 -0400 Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > Digging a little further, I pinpointed it out to being kretprobes. The > problem I believe is the use of kernel_stack_pointer() which does some > magic on x86_32. kretprobes uses this to hijack the return address of > the function (much like the function graph tracer does). I do have code > that would allow kretprobes to use the function graph tracer instead, > but that's still in progress (almost done!). But still, we should not > have this break the use of kernel_stack_pointer() either. > > Adding some printks in that code, it looks to be returning "®s->sp" > which I think we changed. > This appears to fix it! -- Steve diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 4b8ee05dd6ad..600ead178bf4 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -171,8 +171,12 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) unsigned long sp = (unsigned long)®s->sp; u32 *prev_esp; - if (context == (sp & ~(THREAD_SIZE - 1))) + if (context == (sp & ~(THREAD_SIZE - 1))) { + /* int3 code adds a gap */ + if (sp == regs->sp - 5*4) + return regs->sp; return sp; + } prev_esp = (u32 *)(context); if (*prev_esp)