On Mon, 6 May 2019 20:05:24 -0700 Linus Torvalds torvalds@linux-foundation.org wrote:
It would emulate the call that has had its first byte overwritten by 'int3'. Without doing any lookups of what it was supposed to change the call to, because it simply depends on what the rewriting code is doing on another CPU (or on the same CPU - it wouldn't care).
OK, so this is just about what to have it call.
So no need to look up anything, not at int3 time, and not at return time. It would just emulate the instruction atomically, with no state, and no need to look up what the 'ip' instruction is at the time.
It could literally just use a single flag: "is ftrace updating call instructions". Add another flag for the "I'm nop'ing out call instructions" so that it knows to emulate a jump-over instead. That's it.
Well we have that, and we have to look up the record regardless to know if this was a ftrace int3 or not (the ftrace_location(ip) does that). And the record has a counter to # of attached callers. Zero being to turn it into a nop.
Note, if we are going from nop to call or call to nop, it would need to read the offset to see if it is a nop (don't want to call with the nop offset)
Because all the actual *values* would be entirely be determined by the actual rewriting that is going on independently of the 'int3' exception.
But still, we need to emulate the call, which requires pushing the return code back onto the stack. I believe that part is the part we are struggling with.
-- Steve