On Tue, Dec 20, 2016 at 10:39:16AM +0100, Petr Mladek wrote: > On Mon 2016-12-19 11:25:49, Josh Poimboeuf wrote: > > 3) probably some kind of runtime NMI stack checking feature to > > complement objtool, along with a lot of burn time to ensure there are > > no issues, particularly in entry code > > Could you please provide more details about this NMI stack checking? > What is it supposed to protect that objtool could not? > Will it run regularly or will it be just a random check? save_stack_trace_tsk_reliable(current) would be called periodically from an NMI handler, and a warning would be printed if it ever doesn't reach the "end" of the stack (i.e., user-mode pt_regs). Due to the performance impact it would probably only be a debug option. It would verify the special hand-coded areas which objtool isn't smart enough to understand, like entry code, ftrace, kprobes, bpf. It would also make sure that objtool itself didn't missing anything. -- Josh -- To unsubscribe from this list: send the line "unsubscribe live-patching" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
