On Fri, Mar 16, 2018 at 01:11:17PM +0100, Borislav Petkov wrote: > On Fri, Mar 16, 2018 at 07:01:12AM -0500, Josh Poimboeuf wrote: > > Hm, the "Code: Bad RIP value" will always be shown for syscall regs, > > which will probably cause some unnecessary confusion/worry. Should we > > just skip printing it for the "regs->ip < PAGE_OFFSET" case? > > How about we remove that check altogether? > > I mean, __copy_from_user_inatomic() by way of probe_kernel_read() should > be able to handle every address. > > And if it doesn't, it says so: > > if (probe_kernel_read(opcodes, ip, OPCODE_BUFSIZE)) { > pr_cont("Bad RIP value.\n"); > > > And if we *can* print opcode bytes, why not do so? It is one more hint > when debugging, who knows, might prove useful... > > Hmm?
Yeah, sounds good to me. I think an earlier version of your patches already printed the user space opcodes anyway. -- Josh