On Wed, Jun 15, 2016 at 11:07 AM, Borislav Petkov <[email protected]> wrote:
> On Wed, Jun 15, 2016 at 10:55:34AM -0700, Andy Lutomirski wrote:
>> Isn't it this one?
>
> Yes, it is.
>
>> I'm not. If %pF points at some silly helper, we still want the frames below
>> it.
>
> Why silly helper? It points to the rIP where the *MSR instruction is.
> Can't get more precise than that.
A hypothetical helper.
void do_thing(unsigned long msr)
{
rdmsr(...);
}
void actual_problem(void)
{
do_thing(0xbaadc0de);
}
I want to see actual_problem in the log.
--Andy
