Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist

Next message: Jakub Kicinski: "Re: [PATCH net v2] net: atlantic: fix reading SFP module info on some AQC100 cards"
Previous message: Deepak Gupta: "Re: [GIT PULL] RISC-V updates for v7.0"
In reply to: Elly I. Esparza: "[PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist"
Next in thread: Christoph Hellwig: "Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Google

Date: Wed Feb 18 2026 - 20:29:24 EST

On Wed, 18 Feb 2026 11:48:19 -0300
"Elly I. Esparza" <ellyesparza8@xxxxxxxxx> wrote:

> Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> access to blacklisted symbols.
>
> Add kallsyms_lookup_name() to kprobes blacklist.

NACK, this NOKPROBE_SYMBOL() should be used for the functions which
is called inside the kprobe callback handler. kallsyms_lookup_name()
is used when setting up the kprobe, not from the callbacks.

Thanks,

>
> Signed-off-by: Elly I. Esparza <ellyesparza8@xxxxxxxxx>
> ---
> kernel/kallsyms.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 1e7635864124..13a7c0fdb5da 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -234,6 +234,7 @@ unsigned long kallsyms_lookup_name(const char *name)
>
> return module_kallsyms_lookup_name(name);
> }
> +NOKPROBE_SYMBOL(kallsyms_lookup_name)
>
> /*
> * Iterate over all symbols in vmlinux. For symbols from modules use
> --
> 2.43.0
>

--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>