From: Steven Rostedt <rostedt@goodmis.org>
To: liujing40 <liujing.root@gmail.com>
Cc: menglong.dong@linux.dev, andrii@kernel.org, ast@kernel.org,
bpf@vger.kernel.org, daniel@iogearbox.net, eddyz87@gmail.com,
haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org,
kpsingh@kernel.org, linux-kernel@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, liujing40@xiaomi.com,
martin.lau@linux.dev, mhiramat@kernel.org, sdf@fomichev.me,
song@kernel.org, yonghong.song@linux.dev
Subject: Re: [PATCH 2/2] bpf: Implement kretprobe fallback for kprobe multi link
Date: Mon, 22 Dec 2025 12:15:47 -0500 [thread overview]
Message-ID: <20251222121547.39b35b0d@gandalf.local.home> (raw)
In-Reply-To: <20251222080253.2314895-1-liujing40@xiaomi.com>
On Mon, 22 Dec 2025 16:02:53 +0800
liujing40 <liujing.root@gmail.com> wrote:
> The Dynamic ftrace feature is not enabled in Android for security reasons,
> forcing us to fall back on kretprobe.
Really? I would say kretprobe is a much bigger security risk than ftrace.
Ftrace only attaches to a set of defined functions and anything that is
enabled is displayed in /sys/kernel/tracing/enabled_functions (for security
reasons!)
Whereas kretprobe can attach to anything, and call anything. Not to
mention, there's no way to know if a kretprobe is there or not. So rootkits
that would use this can most definitely go under the wire, whereas they
can't with ftrace.
So if they disable ftrace for security reasons, they most definitely should
be disabling kprobes!
-- Steve
> https://source.android.com/docs/core/tests/debug/ftrace#dftrace
>
> I will provide the benchmark test results as soon as possible.
prev parent reply other threads:[~2025-12-22 17:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 13:06 [PATCH 0/2] bpf: Add kretprobe fallback for kprobe multi link liujing40
2025-12-18 13:06 ` [PATCH 1/2] bpf: Prepare for kprobe multi link fallback patch liujing40
2025-12-18 13:06 ` [PATCH 2/2] bpf: Implement kretprobe fallback for kprobe multi link liujing40
2025-12-18 13:33 ` bot+bpf-ci
2026-01-29 0:13 ` Masami Hiramatsu
2025-12-18 17:53 ` Alexei Starovoitov
2025-12-18 21:09 ` Steven Rostedt
2025-12-22 8:00 ` liujing40
2025-12-19 1:57 ` Menglong Dong
2025-12-22 8:02 ` liujing40
2025-12-22 17:15 ` Steven Rostedt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251222121547.39b35b0d@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=liujing.root@gmail.com \
--cc=liujing40@xiaomi.com \
--cc=martin.lau@linux.dev \
--cc=menglong.dong@linux.dev \
--cc=mhiramat@kernel.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox