From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from verein.lst.de (verein.lst.de [213.95.11.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A32024C676 for ; Thu, 19 Feb 2026 07:20:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.95.11.211 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771485614; cv=none; b=rBY9hECboxSZM4FS+0sVbUBt/LxE08waDffQJ5NAmd6dFAEOHg9tslfoOtIKMwjc9EAZt/ULeQ4iiRf5o9Iq6Jm+i/9Yr8oTPhBuwqfJNlHkrsl3sj8zwGM62F7dS+FusTDoab8/9acmXbfnunMm/WloTOr9fXANLSfaCKbcNt4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771485614; c=relaxed/simple; bh=z6j9p2mesWmcAqLX5/csUhxceRoXlCM0UFKqUkNKevU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=JvT1Xj38sqDiVxN9nP79srcT4wVmTUQmbDH4BgZ3jRNZCmN0QISe4ZjSa/bSBghdfa8FbwF8WwCGVIRw0g9f9B2k+xR8uMZHjJHiKV+fGHKTf1ZVh3Vo9OT5UOmzcvOqMTwKbKIkwL3cP357zwH8F+ek8Hm2AfkGAg5E8uEehUc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=lst.de; spf=pass smtp.mailfrom=lst.de; arc=none smtp.client-ip=213.95.11.211 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=lst.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=lst.de Received: by verein.lst.de (Postfix, from userid 2407) id 322A068C7B; Thu, 19 Feb 2026 08:20:09 +0100 (CET) Date: Thu, 19 Feb 2026 08:20:09 +0100 From: Christoph Hellwig To: Masami Hiramatsu Cc: "Elly I. Esparza" , linux-kernel@vger.kernel.org, will@kernel.org, akpm@linux-foundation.org, ast@kernel.org, yangfeng@kylinos.cn, gregkh@linuxfoundation.org, hch@lst.de, qperret@google.com Subject: Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist Message-ID: <20260219072009.GA5597@lst.de> References: <20260218144819.24326-1-ellyesparza8@gmail.com> <20260219102915.2a79f0713032d95814eee79f@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260219102915.2a79f0713032d95814eee79f@kernel.org> User-Agent: Mutt/1.5.17 (2007-11-01) On Thu, Feb 19, 2026 at 10:29:15AM +0900, Masami Hiramatsu wrote: > On Wed, 18 Feb 2026 11:48:19 -0300 > "Elly I. Esparza" wrote: > > > Kprobes can be used to get the adress of kallsyms_lookup_name() providing > > access to blacklisted symbols. > > > > Add kallsyms_lookup_name() to kprobes blacklist. > > NACK, this NOKPROBE_SYMBOL() should be used for the functions which > is called inside the kprobe callback handler. kallsyms_lookup_name() > is used when setting up the kprobe, not from the callbacks. I don't think that's the point Elly made. The point is that kallsyms_lookup_name + kprobes is used to bypass lacking symbol exports. So preventing it is a good idea, and this seems like a cute hack for that. But it really needs a better commit log, and a big fat comment explaining the slight abuse of NOKPROBE_SYMBOL in the code.