Jiri Kosina <ji...@kernel.org> wrote: > > The idea is to prevent cryptographic data for filesystems and other things > > from being read out of the kernel memory as well as to prevent unauthorised > > modification of kernel memory. > > Then it would make sense to actually lock down dumping of registers / > function arguments (kprobes can currently do that, ftrace eventually could > as well I guess), but disabling the whole ftrace altogether seems like a > totally unnecessary overkill.
That would be fine by me. I have a patch that locks down kprobes in this series. Steven says that ftrace might acquire the ability to dump registers in the future. David