On Thu, Jun 8, 2023 at 3:35 AM Yafang Shao <laoar.shao@xxxxxxxxx> wrote:
>
> The probed address can be accessed by userspace through querying the task
> file descriptor (fd). However, it is crucial to adhere to the kptr_restrict
> setting and refrain from exposing the address if it is not permitted.
>
> Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx>
> ---
> kernel/trace/trace_kprobe.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> index 59cda19..6564541 100644
> --- a/kernel/trace/trace_kprobe.c
> +++ b/kernel/trace/trace_kprobe.c
> @@ -1551,7 +1551,10 @@ int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type,
> } else {
> *symbol = NULL;
> *probe_offset = 0;
> - *probe_addr = (unsigned long)tk->rp.kp.addr;
> + if (kptr_restrict != 2)
> + *probe_addr = (unsigned long)tk->rp.kp.addr;
> + else
> + *probe_addr = 0;
kallsyms_show_value ?
> }
> return 0;
> }
> --
> 1.8.3.1
>
