Dmitry V. Levin
ldv at altlinux.org
Fri Sep 23 17:40:47 UTC 2022
On Sat, Sep 24, 2022 at 01:31:55AM +0800, SuHsueyu wrote:
> The tracee call BPF_MAP_LOOKUP_ELEM with map_fd, and tracer get the map_fd.
> Fds are process-scoped. For example, a bpf obj with id 4 would have fd 5 in
> tracee process and fd 6 in tracer process. I found that it cannot do some
> operation with the tracee map_fd like bpf_obj_pin, bpf_obj_get_info_by_fd
> in tracer process.
Of course the value of map_fd has its meaning only in the tracee, the
tracer is most likely doesn't have this descriptor opened at all.
However, the descriptor is exposed via tracee's /proc, so there is
a chance it could be found and opened there by the tracer.
> One of the possible way to solve is use bpf_obj_pin in tracee process.
I don't think it's a viable option as we don't inject any code into the
More information about the Strace-devel