Hi,
I had a bug report[1] from a user trying to add a kretprobe on the system
call entry code path:
arch/x86/kernel/entry_64.S:
ffffffff813dffe2 <system_call_fastpath+0x16>:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
movq %r10,%rcx
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp) <--- return address pointing here
And all hell breaks loose (various types of faults, machine reboots,
applications exit randomly, etc.). I understand that this code path
is not marked as unsafe against kprobes, and I tested that a kprobes
indeed works fine there. However, kretprobes probably presumes a function
stack layout that is just not valid for the syscall entry routine.
Any thoughts on how kretprobes should handle this ?
Thanks,
Mathieu
[1] http://bugs.lttng.org/issues/687
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
