Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions

Next message: Guenter Roeck: "Re: [PATCH RESEND v1] thermal: core: fix blocking in unregistering zone"
Previous message: Matthieu Baerts: "Re: [PATCH net-next 4/5] mptcp: pm: in-kernel: remove mptcp_pm_has_addr_attr_id"
In reply to: Yafang Shao: "Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions"
Next in thread: Yafang Shao: "Re: [RFC PATCH 2/4] trace: Allow kprobes to override livepatched functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexei Starovoitov

Date: Fri Apr 03 2026 - 10:26:56 EST

On Fri, Apr 3, 2026 at 6:31 AM Yafang Shao <laoar.shao@xxxxxxxxx> wrote:
>
> >
> > If this were to go in, I say it would require both a kernel config, with
> > a big warning about this being a security hole, and a kernel command line
> > option to enable it, so that people don't accidentally have it enabled in
> > their config.
> >
> > The command line should be something like:
> >
> > allow_bpf_to_rootkit_functions
>
> The feature is currently gated by CONFIG_KPROBE_OVERRIDE_KLP_FUNC. In
> the next revision, I will rename this to
> CONFIG_ALLOW_BPF_TO_ROOTKIT_FUNCS and introduce a corresponding kernel
> command-line parameter, allow_bpf_to_rootkit_functions, to control
> it.

No. Even with extra config this is not ok.