<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 31, 2014 at 12:59 AM, Xin Tong <span dir="ltr"><<a href="mailto:trent.tong@gmail.com" target="_blank">trent.tong@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:'courier new',monospace">why can not <span style="font-family:arial,sans-serif;font-size:12.8px">__builtin_return_address() be made *never* inline and use current level+1 to get the return address of the function of interest. For any stack introspection, having 1 more level will not hurt functionality. </span></div>
</div></blockquote><div><br></div><div>Actually, the answer for your remark is "impossible" - in the case when the kernel is compiled without frame pointer. (CONFIG_FRAME_POINTER=n) which is true for certain variant of RHEL / CentOS. Without the availability of EBP on the stack, there is no way to know when to stop reading the stack to retrieve the previous stackframe. Of course u can statically walk the disassembly of the function and see how much stack space the particular function has allocated. But that requires implementing a disassembler in the kernel.<br>
</div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">
<div style="font-family:'courier new',monospace"><br></div><div style="font-family:'courier new',monospace">given its explanation below </div><div style="font-family:'courier new',monospace">
<br></div><div style="font-family:'courier new',monospace"><span style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">— Built-in Function: void * </span><b style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">__builtin_return_address</b><span style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"> (</span><var style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">unsigned int level</var><span style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">)</span><var style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><a name="14788377b2c29c0a_index-g_t_005f_005fbuiltin_005freturn_005faddress-3207"></a></var><br style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium">
<blockquote style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><p>This function returns the return address of the current function, or of one of its callers. The <var>level</var> argument is number of frames to scan up the call stack. A value of <code>0</code> yields the return address of the current function, a value of <code>1</code> yields the return address of the caller of the current function, and so forth. When inlining the expected behavior is that the function returns the address of the function that is returned to. To work around this behavior use the <code>noinline</code> function attribute.</p>
<p><br></p></blockquote></div></div><br></blockquote></div><br clear="all"><br>-- <br>Regards,<br>Peter Teoh
</div></div>