On Mon, 9 Nov 2020 12:10:43 +0100
Peter Zijlstra <[email protected]> wrote:
> > SYM_INNER_LABEL(ftrace_caller_op_ptr, SYM_L_GLOBAL)
> > /* Load the ftrace_ops into the 3rd parameter */
> > movq function_trace_op(%rip), %rdx
> >
> > - /* regs go into 4th parameter (but make it NULL) */
> > - movq $0, %rcx
> > + /* regs go into 4th parameter */
> > + leaq (%rsp), %rcx
> > +
> > + /* Only ops with REGS flag set should have CS register set */
> > + movq $0, CS(%rsp)
> >
> > SYM_INNER_LABEL(ftrace_call, SYM_L_GLOBAL)
> > call ftrace_stub
>
> You now seem to be relying on save_mcount_regs() resulting in a cleared
> CS, however, AFAICT CS is uninitialized stack garbage.
We have two trampolines that are also used to copy for other
trampolines that are dynamically created. There's this one
(ftrace_caller) and then there's the regs one (ftrace_regs_caller).
This one clears the CS in pt_regs to let the arch code know that the
ftrace_regs is not a full pt_regs and anyone trying to get it with
ftrace_get_regs() will get a NULL pointer. But the ftrace_regs_caller
loads the CS register with __KERNEL_CS, which is non zero, and the
ftrace_get_regs() will return the full pt_regs if it is set.
ftrace_caller:
[..]
movq $0, CS(%rsp) <- loads zero into pt_regs->cs for internal use only.
[..]
call callback
ftrace_regs_caller:
[..]
movq $__KERNEL_CS, %rcx
movq %rcx, CS(%rsp)
[..]
call callback
Then in the callback we have:
callback(..., struct ftrace_regs *fregs)
{
struct pt_regs *regs = ftrace_get_regs(fregs);
}
Where ftrace_get_regs is arch specific and returns for x86_64:
static __always_inline struct pt_regs *
arch_ftrace_get_regs(struct ftrace_regs *fregs)
{
/* Only when FL_SAVE_REGS is set, cs will be non zero */
if (!fregs->regs.cs)
return NULL;
return &fregs->regs;
}
What am I missing?
-- Steve
