[PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
@ 2026-02-18 14:48 Elly I. Esparza
  2026-02-19  1:29 ` Masami Hiramatsu
  0 siblings, 1 reply; 3+ messages in thread
From: Elly I. Esparza @ 2026-02-18 14:48 UTC (permalink / raw)
  To: linux-kernel, will, akpm, ast, yangfeng, gregkh, hch, mhiramat,
	qperret
  Cc: Elly I . Esparza

Kprobes can be used to get the adress of kallsyms_lookup_name() providing
access to blacklisted symbols.

Add kallsyms_lookup_name() to kprobes blacklist.

Signed-off-by: Elly I. Esparza <ellyesparza8@gmail.com>
---
 kernel/kallsyms.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 1e7635864124..13a7c0fdb5da 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -234,6 +234,7 @@ unsigned long kallsyms_lookup_name(const char *name)
 
 	return module_kallsyms_lookup_name(name);
 }
+NOKPROBE_SYMBOL(kallsyms_lookup_name)
 
 /*
  * Iterate over all symbols in vmlinux.  For symbols from modules use
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
  2026-02-18 14:48 [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist Elly I. Esparza
@ 2026-02-19  1:29 ` Masami Hiramatsu
  2026-02-19  7:20   ` Christoph Hellwig
  0 siblings, 1 reply; 3+ messages in thread
From: Masami Hiramatsu @ 2026-02-19  1:29 UTC (permalink / raw)
  To: Elly I. Esparza
  Cc: linux-kernel, will, akpm, ast, yangfeng, gregkh, hch, qperret

On Wed, 18 Feb 2026 11:48:19 -0300
"Elly I. Esparza" <ellyesparza8@gmail.com> wrote:

> Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> access to blacklisted symbols.
> 
> Add kallsyms_lookup_name() to kprobes blacklist.

NACK, this NOKPROBE_SYMBOL() should be used for the functions which
is called inside the kprobe callback handler. kallsyms_lookup_name()
is used when setting up the kprobe, not from the callbacks.

Thanks,


> 
> Signed-off-by: Elly I. Esparza <ellyesparza8@gmail.com>
> ---
>  kernel/kallsyms.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 1e7635864124..13a7c0fdb5da 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -234,6 +234,7 @@ unsigned long kallsyms_lookup_name(const char *name)
>  
>  	return module_kallsyms_lookup_name(name);
>  }
> +NOKPROBE_SYMBOL(kallsyms_lookup_name)
>  
>  /*
>   * Iterate over all symbols in vmlinux.  For symbols from modules use
> -- 
> 2.43.0
> 


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist
  2026-02-19  1:29 ` Masami Hiramatsu
@ 2026-02-19  7:20   ` Christoph Hellwig
  0 siblings, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2026-02-19  7:20 UTC (permalink / raw)
  To: Masami Hiramatsu
  Cc: Elly I. Esparza, linux-kernel, will, akpm, ast, yangfeng, gregkh,
	hch, qperret

On Thu, Feb 19, 2026 at 10:29:15AM +0900, Masami Hiramatsu wrote:
> On Wed, 18 Feb 2026 11:48:19 -0300
> "Elly I. Esparza" <ellyesparza8@gmail.com> wrote:
> 
> > Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> > access to blacklisted symbols.
> > 
> > Add kallsyms_lookup_name() to kprobes blacklist.
> 
> NACK, this NOKPROBE_SYMBOL() should be used for the functions which
> is called inside the kprobe callback handler. kallsyms_lookup_name()
> is used when setting up the kprobe, not from the callbacks.

I don't think that's the point Elly made.  The point is that
kallsyms_lookup_name + kprobes is used to bypass lacking symbol exports.
So preventing it is a good idea, and this seems like a cute hack for
that.  But it really needs a better commit log, and a big fat comment
explaining the slight abuse of NOKPROBE_SYMBOL in the code.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-02-19  7:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-18 14:48 [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist Elly I. Esparza
2026-02-19  1:29 ` Masami Hiramatsu
2026-02-19  7:20   ` Christoph Hellwig

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox