On Wed, Dec 21, 2022 at 2:59 PM Alexei Starovoitov < [email protected]> wrote:
> On Tue, Dec 20, 2022 at 8:03 AM Andrei Matei <[email protected]> > wrote: > > > > Hi Alexei, > > > > I'm playing around with using BPF to read a given process' memory for > debugging purposes. I'd like to recreate some of the experience that a > debugger gives you by stopping and ptrace-ing another process, except > without the "stopping" part. One of the aspects is around getting a > snapshot of the running process; for example, for a Go program, this > involves reading the information that the Go runtime has about all the > Goroutines, walking their stacks, and collecting different variables from > the different stack frames. > > You'll notice that this use case doesn't quite fit as a uprobe - I don't > want the BPF program to be run when a particular program counter is hit; > instead, I want the BPF program to run whenever the debugger decides to run > it. Crucially, the BPF program needs to run *within the virtual memory > context* of the debugged program, so it can bpf_probe_read_user() its > memory. So, I want process A to trigger a BPF program that will execute > within process B. Or, is there perhaps a way to read the virtual memory of > an arbitrary program? > > yes. That's what bpf iterator of task->vma is for. > The prog doesn't need to execute "within process B" to read its memory. > That's great news! I will play around with these iterators. Thank you! > > > > Have you considered using a task iterator parametrized with a > particular task? > > > > I had not. I'm reading about it now, but I'm not sure if it helps me. If > it applies, can you please say more? > > I think that is exactly what you need. > The iterator can read mm of another process as long as > you can ptrace it. > The same permission checks as gdb. > The main difference is that bpf iter doesn't stop another process. > See task iter and vma selftests including bpf_find_vma helper > that can also be useful. > > > Thanks! > > > > On Tue, Dec 20, 2022 at 9:16 AM Alexei Starovoitov < > [email protected]> wrote: > >> > >> On Sun, Dec 18, 2022 at 4:09 PM Andrei Matei <[email protected]> > wrote: > >> > > >> > Hello iovisor friends, > >> > > >> > I'm curious what my options are for running a BPF program once, > immediately, in the virtual memory context of a particular (user space) > process. For example, say I want to read the current value from a known > virtual memory address in the process' space. I'm curious if there's an > official answer or, short of that, tricks that people might have used. > >> > What I want is similar in spirit to BPF_PROG_RUN, I think, except > that I think I want my program type to be perf-event (and BPF_PROG_RUN > doesn't seem to support this program type), and I want to also control > specify which process I'm interested in. > >> > > >> > I feel like one solution might be around sending a signal to the > process I'm interested in and placing a uprobe somewhere on the signal > handling path, but I'm not sure of a general way to do this. Any suggestion > is most welcome. > >> > >> Could you describe what prog is going to do? > >> Have you considered using a task iterator parametrized with a > particular task? > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2030): https://lists.iovisor.org/g/iovisor-dev/message/2030 Mute This Topic: https://lists.iovisor.org/mt/95756130/21656 Group Owner: [email protected] Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
