On Tue, Feb 19, 2019 at 12:38:42PM +0100, Thomas Gleixner wrote: > On Tue, 19 Feb 2019, Peter Zijlstra wrote: > > > On Tue, Feb 19, 2019 at 10:04:09AM +0100, Peter Zijlstra wrote: > > > > Does that make more sense? > > > > > > It appears to me you're going about it backwards. > > > > So how about you do a GCC plugin that verifies limits on code-gen > > between user_access_begin/user_access_end() ? > > > > - No CALL/RET > > - implies user_access_end() happens > > - implies no fentry hooks > > - No __preempt_count frobbing > > - No tracepoints > > - ... > > > > That way you put the burden on the special code, not on the rest of the > > kernel. > > And then you have kprobes ....
They prod the INT3 byte and then take an exception, and exceptions are 'fine'.
