On Fri, 20 Feb 2026 09:04:39 -0800 Christoph Hellwig <[email protected]> wrote:
> > Agreed. The blacklist (or blocklist) of kprobes is designed for preventing > > nesting software breakpoint handling, not for security. > > It still can be useful. As mention in the other thread, we just need > to make it clear. I.e. add something like "noprobe_for_security". > And if we really, really care it could be conditional on a config > option. As I already mentioned, we have the LOCKDOWN infrastructure for that. If you care about security of kprobes, use lockdown to disable it. As previously stated, there's 1000 other ways kprobes can get this same information. Adding a "noprobe_for_security" will lead to a false sense of security. Basically the same as leaving your car unlocked and hiding the keys in the visor and thinking nobody will steal your car. -- Steve
