Indirect branch tracking for Intel CPUs
Indirect branch tracking for Intel CPUs
Posted Mar 31, 2022 20:25 UTC (Thu) by donald.buczek (subscriber, #112892)In reply to: Indirect branch tracking for Intel CPUs by mb
Parent article: Indirect branch tracking for Intel CPUs
There are legitimate reasons to call a non-exported kernel function from a module. E.g. when you create a module to install a ftrace-based wrapper around a kernel function with a security problem because you can't immediately reboot into a fixed kernel for one reason or another and you are not prepared for live patching.
We recently had to do that [1] and needed to work around a missing kallsym_lookup_name, which we did with register_kprobe.
The attempt of the kernel to restrict modules reminds me of DRM. You don't really succeed, bad guys work around anyway, but you make life harder for legitimate users.
[1]: https://github.molgen.mpg.de/mariux64/fix-lpp/blob/main/f...
Posted Apr 2, 2022 1:45 UTC (Sat)
by developer122 (guest, #152928)
[Link] (1 responses)
Half-object because there would be *some* maintenance burden to making changes for out of tree code. The kernel already has to periodically sync against other upstream projects whose code it uses.
Posted Apr 6, 2022 16:34 UTC (Wed)
by immibis (subscriber, #105511)
[Link]
Indirect branch tracking for Intel CPUs
Indirect branch tracking for Intel CPUs