On Thu, Nov 29, 2018 at 10:47 AM Steven Rostedt <rost...@goodmis.org> wrote: > > Note, we do have a bit of control at what is getting called. The patch > set requires that the callers are wrapped in macros. We should not > allow just any random callers (like from asm).
Actually, I'd argue that asm is often more controlled than C code. Right now you can do odd things if you really want to, and have the compiler generate indirect calls to those wrapper functions. For example, I can easily imagine a pre-retpoline compiler turning if (cond) fn1(a,b) else fn2(a,b); into a function pointer conditional (cond ? fn1 : fn2)(a,b); and honestly, the way "static_call()" works now, can you guarantee that the call-site doesn't end up doing that, and calling the trampoline function for two different static calls from one indirect call? See what I'm talking about? Saying "callers are wrapped in macros" doesn't actually protect you from the compiler doing things like that. In contrast, if the call was wrapped in an inline asm, we'd *know* the compiler couldn't turn a "call wrapper(%rip)" into anything else. Linus