From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: "Gabriele N. Tornetta" <phoenix1987@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Yonghong Song <yhs@fb.com>,
bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH bpf-next 1/1] bpf: Add bpf_copy_from_user_remote to read a process VM given its PID.
Date: Wed, 19 Jan 2022 13:44:44 -0800 [thread overview]
Message-ID: <CAADnVQ+SqfhWP_wG8N3d-LH_ZZKAbudTnmBbOhCV2f-nJax_BQ@mail.gmail.com> (raw)
In-Reply-To: <YeadK5ykhh7slnXL@debian.home>
On Tue, Jan 18, 2022 at 2:57 AM Gabriele N. Tornetta
<phoenix1987@gmail.com> wrote:
>
> Add a new BPF helper to read the VM of a process identified by PID.
> Whilst PIDs are ambiguous without a namespace, many traditional
> observability tools, like profilers and debuggers, accept a PID to
> attach to a running process. The new helper proposed by this patch
> is aimed at providing the capability of reading a remote process VM
> to similar tools.
So how exactly is it going to be used with a pid provided by a tool?
I'm guessing if bpf prog attaches to some syscall it will filter out
all events that don't match the pid.
Then when current_pid == user_provided_pid it will read memory.
In such case the prog can use bpf_get_current_task_btf()
and Kenny's bpf_access_process_vm(), right?
next prev parent reply other threads:[~2022-01-19 21:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 10:57 [PATCH bpf-next 1/1] bpf: Add bpf_copy_from_user_remote to read a process VM given its PID Gabriele N. Tornetta
2022-01-19 21:44 ` Alexei Starovoitov [this message]
2022-01-20 16:56 ` Gabriele
2022-01-21 2:09 ` Alexei Starovoitov
2022-01-23 10:47 ` Gabriele
2022-01-25 4:42 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQ+SqfhWP_wG8N3d-LH_ZZKAbudTnmBbOhCV2f-nJax_BQ@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=phoenix1987@gmail.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.