From: Steven Rostedt <rostedt@goodmis.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Kees Cook <kees@kernel.org>, Dave Hansen <dave.hansen@intel.com>,
"Elly I. Esparza" <ellyesparza8@gmail.com>,
linux-kernel@vger.kernel.org, luto@kernel.org,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
Naveen N Rao <naveen@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] x86: Prevent syscall hooking
Date: Fri, 20 Feb 2026 12:12:22 -0500 [thread overview]
Message-ID: <20260220121222.11510f4e@gandalf.local.home> (raw)
In-Reply-To: <aZiUJ--WJygUU6QP@infradead.org>
On Fri, 20 Feb 2026 09:04:39 -0800
Christoph Hellwig <hch@infradead.org> wrote:
> > Agreed. The blacklist (or blocklist) of kprobes is designed for preventing
> > nesting software breakpoint handling, not for security.
>
> It still can be useful. As mention in the other thread, we just need
> to make it clear. I.e. add something like "noprobe_for_security".
> And if we really, really care it could be conditional on a config
> option.
As I already mentioned, we have the LOCKDOWN infrastructure for that. If
you care about security of kprobes, use lockdown to disable it. As
previously stated, there's 1000 other ways kprobes can get this same
information. Adding a "noprobe_for_security" will lead to a false sense of
security. Basically the same as leaving your car unlocked and hiding the
keys in the visor and thinking nobody will steal your car.
-- Steve
prev parent reply other threads:[~2026-02-20 17:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260218144735.24307-1-ellyesparza8@gmail.com>
2026-02-18 15:18 ` [PATCH 1/2] x86: Prevent syscall hooking Dave Hansen
2026-02-18 15:32 ` Peter Zijlstra
2026-02-19 21:51 ` H. Peter Anvin
2026-02-18 15:52 ` Steven Rostedt
2026-02-18 16:58 ` ellyndra
2026-02-19 18:45 ` Kees Cook
2026-02-20 2:45 ` Masami Hiramatsu
2026-02-20 17:04 ` Christoph Hellwig
2026-02-20 17:12 ` Steven Rostedt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260220121222.11510f4e@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=ellyesparza8@gmail.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=naveen@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox