To avoid kbind(2) becoming a powerful gadget, it is called inline to a

To avoid kbind(2) becoming a powerful gadget, it is called inline to a
function.  Therefore we cannot create a precise pinsyscall label.  Instead
create a duplicate entry (using inline asm) to force the kernel's pinsyscall
code to skip validation, rather than labelling it illegal.  kbind(2) remains
safe because it self-protects by checking its calling address.
ok kettenis