* [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
@ 2026-02-18 14:48 Elly I. Esparza
2026-02-19 1:29 ` Masami Hiramatsu
0 siblings, 1 reply; 3+ messages in thread
From: Elly I. Esparza @ 2026-02-18 14:48 UTC (permalink / raw)
To: linux-kernel, will, akpm, ast, yangfeng, gregkh, hch, mhiramat,
qperret
Cc: Elly I . Esparza
Kprobes can be used to get the adress of kallsyms_lookup_name() providing
access to blacklisted symbols.
Add kallsyms_lookup_name() to kprobes blacklist.
Signed-off-by: Elly I. Esparza <ellyesparza8@gmail.com>
---
kernel/kallsyms.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 1e7635864124..13a7c0fdb5da 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -234,6 +234,7 @@ unsigned long kallsyms_lookup_name(const char *name)
return module_kallsyms_lookup_name(name);
}
+NOKPROBE_SYMBOL(kallsyms_lookup_name)
/*
* Iterate over all symbols in vmlinux. For symbols from modules use
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
2026-02-18 14:48 [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist Elly I. Esparza
@ 2026-02-19 1:29 ` Masami Hiramatsu
2026-02-19 7:20 ` Christoph Hellwig
0 siblings, 1 reply; 3+ messages in thread
From: Masami Hiramatsu @ 2026-02-19 1:29 UTC (permalink / raw)
To: Elly I. Esparza
Cc: linux-kernel, will, akpm, ast, yangfeng, gregkh, hch, qperret
On Wed, 18 Feb 2026 11:48:19 -0300
"Elly I. Esparza" <ellyesparza8@gmail.com> wrote:
> Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> access to blacklisted symbols.
>
> Add kallsyms_lookup_name() to kprobes blacklist.
NACK, this NOKPROBE_SYMBOL() should be used for the functions which
is called inside the kprobe callback handler. kallsyms_lookup_name()
is used when setting up the kprobe, not from the callbacks.
Thanks,
>
> Signed-off-by: Elly I. Esparza <ellyesparza8@gmail.com>
> ---
> kernel/kallsyms.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 1e7635864124..13a7c0fdb5da 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -234,6 +234,7 @@ unsigned long kallsyms_lookup_name(const char *name)
>
> return module_kallsyms_lookup_name(name);
> }
> +NOKPROBE_SYMBOL(kallsyms_lookup_name)
>
> /*
> * Iterate over all symbols in vmlinux. For symbols from modules use
> --
> 2.43.0
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
2026-02-19 1:29 ` Masami Hiramatsu
@ 2026-02-19 7:20 ` Christoph Hellwig
0 siblings, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2026-02-19 7:20 UTC (permalink / raw)
To: Masami Hiramatsu
Cc: Elly I. Esparza, linux-kernel, will, akpm, ast, yangfeng, gregkh,
hch, qperret
On Thu, Feb 19, 2026 at 10:29:15AM +0900, Masami Hiramatsu wrote:
> On Wed, 18 Feb 2026 11:48:19 -0300
> "Elly I. Esparza" <ellyesparza8@gmail.com> wrote:
>
> > Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> > access to blacklisted symbols.
> >
> > Add kallsyms_lookup_name() to kprobes blacklist.
>
> NACK, this NOKPROBE_SYMBOL() should be used for the functions which
> is called inside the kprobe callback handler. kallsyms_lookup_name()
> is used when setting up the kprobe, not from the callbacks.
I don't think that's the point Elly made. The point is that
kallsyms_lookup_name + kprobes is used to bypass lacking symbol exports.
So preventing it is a good idea, and this seems like a cute hack for
that. But it really needs a better commit log, and a big fat comment
explaining the slight abuse of NOKPROBE_SYMBOL in the code.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-19 7:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-18 14:48 [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist Elly I. Esparza
2026-02-19 1:29 ` Masami Hiramatsu
2026-02-19 7:20 ` Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox