Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions

Next message: Calvin Owens: "Re: [PATCH] clockevents: Prevent timer interrupt starvation"
Previous message: Michael Kelley: "RE: [PATCH v2 4/4] drivers: hv: mark channel attributes as const"
In reply to: Alexei Starovoitov: "Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions"
Next in thread: Yafang Shao: "Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yafang Shao

Date: Fri Apr 03 2026 - 12:01:05 EST

On Fri, Apr 3, 2026 at 10:26 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Fri, Apr 3, 2026 at 6:31 AM Yafang Shao <laoar.shao@xxxxxxxxx> wrote:
> >
> > >
> > > If this were to go in, I say it would require both a kernel config, with
> > > a big warning about this being a security hole, and a kernel command line
> > > option to enable it, so that people don't accidentally have it enabled in
> > > their config.
> > >
> > > The command line should be something like:
> > >
> > > allow_bpf_to_rootkit_functions
> >
> > The feature is currently gated by CONFIG_KPROBE_OVERRIDE_KLP_FUNC. In
> > the next revision, I will rename this to
> > CONFIG_ALLOW_BPF_TO_ROOTKIT_FUNCS and introduce a corresponding kernel
> > command-line parameter, allow_bpf_to_rootkit_functions, to control
> > it.
>
> No. Even with extra config this is not ok.

I will send patch #3 and #4 as a standalone patchset to upstream the
hybrid livepatch first and then figure out how to move
allow_bpf_to_rootkit_functions forward.

--
Regards
Yafang