> So the no-ops will only be written to memory if the current contents of that memory are a call to mcount().
> This all seems pretty safe, except that it fell down in one obscure, but important case
There's another bad case: When the memory was freed and reallocated with vmalloc, then filled with non-code data that includes the same byte sequence as the original call to mcount(). No I/O remapping required and now you've corrupted something. Although the chance of having some random data in kernel memory exactly match the pattern that was there before is probably vanishingly small, it's still there. I'm glad to hear the ftrace code has been reworked to not do this anymore.