From: Peter Zijlstra <peterz@infradead.org>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Eva Kurchatova <eva.kurchatova@virtuozzo.com>,
mhiramat@kernel.org, linux-trace-kernel@vger.kernel.org,
linux-kernel@vger.kernel.org, mathieu.desnoyers@efficios.com,
jpoimboe@kernel.org, samitolvanen@google.com
Subject: Re: [PATCH] tracing: fix CFI violation in probestub helper
Date: Fri, 29 May 2026 22:08:26 +0200 [thread overview]
Message-ID: <20260529200826.GO3493090@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20260528164902.1bb985f3@gandalf.local.home>
On Thu, May 28, 2026 at 04:49:02PM -0400, Steven Rostedt wrote:
> On Sun, 24 May 2026 18:43:01 +0300
> Eva Kurchatova <eva.kurchatova@virtuozzo.com> wrote:
>
> > When multiple callbacks are registered on the same tracepoint, probestub
> > will be indirectly called via traceiter helper.
> >
> > Pointer to probestub callback resides in __tracepoints section, which is
> > excluded from ENDBR checks in objtool. Pointers to regfunc/unregfunc
> > callbacks reside in extended structure however, which is not affected.
> >
> > Registering multiple callbacks will result in a #CP exception due to
> > missed ENDBR in __probestub helper on a CFI-enabled machine.
> >
> > Fix this by adding CFI_NOSEAL annotation to probestub declaration.
> >
> > Fixes: d5173f753750 ("objtool: Exclude __tracepoints data from ENDBR checks")
> > Signed-off-by: Eva Kurchatova <eva.kurchatova@virtuozzo.com>
>
> Wait! The probestub is not in the __tracepoints section. At least it
> shouldn't be. Are you sure there's not another issue here?
>
> #define __DEFINE_TRACE_EXT(_name, _ext, proto, args) \
> static const char __tpstrtab_##_name[] \
> __section("__tracepoints_strings") = #_name; \
> extern struct static_call_key STATIC_CALL_KEY(tp_func_##_name); \
> int __traceiter_##_name(void *__data, proto); \
> void __probestub_##_name(void *__data, proto); \
> struct tracepoint __tracepoint_##_name __used \
> __section("__tracepoints") = { \
>
> Here the structure __tracepoint_##name is in the __tracepoints section.
>
> .name = __tpstrtab_##_name, \
> .key = STATIC_KEY_FALSE_INIT, \
> .static_call_key = &STATIC_CALL_KEY(tp_func_##_name), \
> .static_call_tramp = STATIC_CALL_TRAMP_ADDR(tp_func_##_name), \
> .iterator = &__traceiter_##_name, \
> .probestub = &__probestub_##_name, \
^^^^^^^^^^ this
> .funcs = NULL, \
> .ext = _ext, \
> }; \
> __TRACEPOINT_ENTRY(_name); \
> int __traceiter_##_name(void *__data, proto) \
> { \
> struct tracepoint_func *it_func_ptr; \
> void *it_func; \
> \
> it_func_ptr = \
> rcu_dereference_raw((&__tracepoint_##_name)->funcs); \
> if (it_func_ptr) { \
> do { \
> it_func = READ_ONCE((it_func_ptr)->func); \
> __data = (it_func_ptr)->data; \
> ((void(*)(void *, proto))(it_func))(__data, args); \
> } while ((++it_func_ptr)->func); \
> } \
> return 0; \
> } \
> void __probestub_##_name(void *__data, proto) \
> { \
> }
>
> But above, probestub is just a function defined wherever the tracepoint is
> created.
>
> In fact, it's just there for fprobes to work. It doesn't get called if you
> add more than one callback to the tracepoint. So your explanation is totally
> bogus.
The only place the function address lives is in that __tracepoint
section. Since that is explicitly excluded by objtool, it figures there
are no actual references to __probestub and the function goes on the
seal list and the kernel explicitly scribbles the ENDBR on boot.
Then, if it ever gets used on an IBT enabled host, *boom*.
I agree it would've perhaps been clearer if there was part of a splat in
the changelog, but the issue is real afaict.
Also, I do think this:
> > @@ -356,6 +357,7 @@ static inline struct tracepoint *tracepoint_ptr_deref(tracepoint_ptr_t *p)
> > void __probestub_##_name(void *__data, proto) \
> > { \
> > } \
> > + CFI_NOSEAL(__probestub_##_name); \
> > DEFINE_STATIC_CALL(tp_func_##_name, __traceiter_##_name);
> >
> > #define DEFINE_TRACE_FN(_name, _reg, _unreg, _proto, _args) \
could do with a comment, explaining why it wants the NOSEAL.
next prev parent reply other threads:[~2026-05-29 20:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-24 15:43 [PATCH] tracing: fix CFI violation in probestub helper Eva Kurchatova
2026-05-28 20:49 ` Steven Rostedt
2026-05-29 20:08 ` Peter Zijlstra [this message]
2026-05-29 23:51 ` Steven Rostedt
2026-05-30 15:52 ` Masami Hiramatsu
2026-05-30 21:19 ` David Laight
2026-05-30 22:57 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260529200826.GO3493090@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=eva.kurchatova@virtuozzo.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox