On Mon, 21 Mar 2022 12:12:09 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Mon, 21 Mar 2022 17:04:28 +0100
> Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> > On Mon, Mar 21, 2022 at 11:28:05AM -0400, Steven Rostedt wrote:
> > > On Mon, 21 Mar 2022 14:04:05 +0100
> > > Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
> >
> > > > Also, folks, I'm thinking we should start to move to __fexit__, if CET
> > > > SHSTK ever wants to come to kernel land return trampolines will
> > > > insta-stop working.
> > > >
> > > > Hjl, do you think we could get -mfexit to go along with -mfentry ?
> >
> > > int funcA () {
> > > [..]
> > > return funcB();
> > > }
> >
> > > This currently works with function graph and kretprobe tracing because of
> > > the shadow stack. Let's say we traced both funcA and funcB
> > >
> > > funcA:
> > > call __fentry__
> > push funcA on trace-stack
> > >
> > > [..]
> > > jmp funcB
> > >
> > > funcB:
> > > call __fentry__
> > push funcB on trace-stack
> > >
> > > [..]
> > call __fexit__
> > pop trace-stack until empty
This seems wrong. We don't pop the trace-stack until empty, but we will
record the real stack pointer at funcA.
> > 'exit funcB'
> > 'exit funcA'
>
> And what happens if funcC called funcA and it too was on the stack. We pop
> that too? But it's not done yet, because calling of funcA was not a tail
> call.
Thus when the funcC is called, the trace-stack will be poped until funcA,
because we can see the real stack pointer at the 'ret'.
So the funcC is still on the trace-stack after that.
Thank you,
>
> -- Steve
>
>
> >
> > > ret
> >
> > >
> > > That is, the current algorithm traces the end of both funcA and funcB
> > > without issue, because of how the shadow stack works.
> >
> > And it all works, no? Or what am I missing?
>
>
>
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>
