[ Added Masami too. Start of thread is here: http://lkml.kernel.org/r/20190215174712.372898450@goodmis.org ]
On Mon, 18 Feb 2019 10:23:44 -0800 Linus Torvalds torvalds@linux-foundation.org wrote:
So it would be good to not just say "user or kernel", but actually say what *kind* of kernel access it expects.
Note, kprobes are a different kind of beast. I've used kprobes to probe userspace information as well as kernel. Heck, I could see someone even using kprobes to probe IO memory to check if a device is doing what they expect it's doing.
Basically, a kprobe is mostly used for debugging what's happening in a live kernel, to read any address. But for those that are more security minded, perhaps we could add "layers" via CONFIG or /sys files that prevent kprobes from doing certain kinds of probes?
-- Steve