Re: [PATCH 8/9] x86/dumpstack: Save first regs set for the executive summary
From: Josh Poimboeuf
Date: Fri Mar 16 2018 - 09:16:12 EST
On Fri, Mar 16, 2018 at 01:11:17PM +0100, Borislav Petkov wrote:
> On Fri, Mar 16, 2018 at 07:01:12AM -0500, Josh Poimboeuf wrote:
> > Hm, the "Code: Bad RIP value" will always be shown for syscall regs,
> > which will probably cause some unnecessary confusion/worry. Should we
> > just skip printing it for the "regs->ip < PAGE_OFFSET" case?
>
> How about we remove that check altogether?
>
> I mean, __copy_from_user_inatomic() by way of probe_kernel_read() should
> be able to handle every address.
>
> And if it doesn't, it says so:
>
> if (probe_kernel_read(opcodes, ip, OPCODE_BUFSIZE)) {
> pr_cont("Bad RIP value.\n");
>
>
> And if we *can* print opcode bytes, why not do so? It is one more hint
> when debugging, who knows, might prove useful...
>
> Hmm?
Yeah, sounds good to me. I think an earlier version of your patches
already printed the user space opcodes anyway.
--
Josh