Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist

Next message: Ard Biesheuvel: "Re: [PATCH] efi/x86-stub: store acpi_rsdp_addr in bootparams"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v4 1/3] dt-bindings: mmc: sdhci-msm: Add ICE phandle"
In reply to: Google: "Re: [PATCH 2/2] kernel/kallsyms: Prevent bypassing of kprobes blacklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christoph Hellwig

Date: Thu Feb 19 2026 - 02:20:35 EST

On Thu, Feb 19, 2026 at 10:29:15AM +0900, Masami Hiramatsu wrote:
> On Wed, 18 Feb 2026 11:48:19 -0300
> "Elly I. Esparza" <ellyesparza8@xxxxxxxxx> wrote:
>
> > Kprobes can be used to get the adress of kallsyms_lookup_name() providing
> > access to blacklisted symbols.
> >
> > Add kallsyms_lookup_name() to kprobes blacklist.
>
> NACK, this NOKPROBE_SYMBOL() should be used for the functions which
> is called inside the kprobe callback handler. kallsyms_lookup_name()
> is used when setting up the kprobe, not from the callbacks.

I don't think that's the point Elly made. The point is that
kallsyms_lookup_name + kprobes is used to bypass lacking symbol exports.
So preventing it is a good idea, and this seems like a cute hack for
that. But it really needs a better commit log, and a big fat comment
explaining the slight abuse of NOKPROBE_SYMBOL in the code.