On Tue, May 07, 2019 at 08:27:16AM -0400, Steven Rostedt wrote:
On Tue, 7 May 2019 11:27:31 +0200 Peter Zijlstra peterz@infradead.org wrote:
FWIW, both these trampolines assume a kprobe will not int3_emulate_{push/call}(), for both bitnesses.
But then; I'm thinking kprobes should be inspection only and not modify things. So that might just be good enough.
I believe there are kprobe calls that do modify things. Note, they can modify regs->ip.
The kprobe pre_handler as used by kretprobes does, and that is indeed handled by the trampolines.
Kprobes sets the FTRACE_OPS_FL_IPMODIFY flag, thus they can never be put at the same location that is being live patched.
OK, so do we want to allow kprobes that also modify regs->sp ? Because then we need to change these trampolines a bit.
I'd prefer not to allow kprobes this.