On Fri, Apr 3, 2026 at 10:26 PM Alexei Starovoitov <[email protected]> wrote: > > On Fri, Apr 3, 2026 at 6:31 AM Yafang Shao <[email protected]> wrote: > > > > > > > > If this were to go in, I say it would require both a kernel config, with > > > a big warning about this being a security hole, and a kernel command line > > > option to enable it, so that people don't accidentally have it enabled in > > > their config. > > > > > > The command line should be something like: > > > > > > allow_bpf_to_rootkit_functions > > > > The feature is currently gated by CONFIG_KPROBE_OVERRIDE_KLP_FUNC. In > > the next revision, I will rename this to > > CONFIG_ALLOW_BPF_TO_ROOTKIT_FUNCS and introduce a corresponding kernel > > command-line parameter, allow_bpf_to_rootkit_functions, to control > > it. > > No. Even with extra config this is not ok.
I will send patch #3 and #4 as a standalone patchset to upstream the hybrid livepatch first and then figure out how to move allow_bpf_to_rootkit_functions forward. -- Regards Yafang
