On Mon, 21 Mar 2022 12:12:09 -0400 Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > On Mon, 21 Mar 2022 17:04:28 +0100 > Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > > On Mon, Mar 21, 2022 at 11:28:05AM -0400, Steven Rostedt wrote: > > > On Mon, 21 Mar 2022 14:04:05 +0100 > > > Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > > > > > Also, folks, I'm thinking we should start to move to __fexit__, if CET > > > > SHSTK ever wants to come to kernel land return trampolines will > > > > insta-stop working. > > > > > > > > Hjl, do you think we could get -mfexit to go along with -mfentry ? > > > > > int funcA () { > > > [..] > > > return funcB(); > > > } > > > > > This currently works with function graph and kretprobe tracing because of > > > the shadow stack. Let's say we traced both funcA and funcB > > > > > > funcA: > > > call __fentry__ > > push funcA on trace-stack > > > > > > [..] > > > jmp funcB > > > > > > funcB: > > > call __fentry__ > > push funcB on trace-stack > > > > > > [..] > > call __fexit__ > > pop trace-stack until empty This seems wrong. We don't pop the trace-stack until empty, but we will record the real stack pointer at funcA. > > 'exit funcB' > > 'exit funcA' > > And what happens if funcC called funcA and it too was on the stack. We pop > that too? But it's not done yet, because calling of funcA was not a tail > call. Thus when the funcC is called, the trace-stack will be poped until funcA, because we can see the real stack pointer at the 'ret'. So the funcC is still on the trace-stack after that. Thank you, > > -- Steve > > > > > > > ret > > > > > > > > That is, the current algorithm traces the end of both funcA and funcB > > > without issue, because of how the shadow stack works. > > > > And it all works, no? Or what am I missing? > > > -- Masami Hiramatsu <mhiramat@xxxxxxxxxx>