On Mon, 21 Mar 2022 12:15:49 -0400 Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > And I just thought of another issue, where even my solution wont fix it. > What happens if we trace funcA but not funcB? How do we get to trace the > end of funcA? The only solution I can think of to handle all these cases is if you enable -mfexit, you have to disable tail calls completely. That's going to cause a performance impact. Perhaps we need need compiler help to give us a way to hijack the return address. But is there a way to do this and still not give up the security that CET SHSTK gives us? Or maybe another solution is: funcA: [..] jmp funcB call __fexit__ ret And if funcA is being traced, we change jmp to a call. [..] call funcB call __fexit__ ret Such that we only remove the tail calls if we enable tracing on the function with the tail call. -- Steve
