Hi,
I have a question about how use bpf dynptr and bpf_probe_read_kernel
together.
Assuming we have an fexit program attached to pty_write(static ssize_t
pty_write(struct tty_struct *tty, const u8 *buf, size_t c))
I want to send some metadata and the written bytes to the pty to user
space via a BPF RingBuf.
While I could reserve a statistically known amount of memory on ringbuf,
it is a waste of the ringbuf's space if there are only one or two bytes
written to pty.
So instead I tried to use bpf_ringbuf_reserve_dynptr to dynamically
reserve the memory on the ringbuf and it works great,
until when I want to use bpf_dynptr_write to read the kernel memory at
buf into the memory managed by dynptr:
78: (85) call bpf_dynptr_write#202
R3 type=scalar expected=fp, pkt, pkt_meta, map_key, map_value,
mem, ringbuf_mem, buf, trusted_ptr_
The verifier appears to be rejecting using bpf_dynptr_write in a way
similar to bpf_probe_read_kernel.
Is there any way to achieve this without reading the data into an
intermediate buffer?
Or could we remove this limitation in the verifier at least for tracing
programs that are already capable of
calling bpf_probe_read_kernel to read arbitrary kernel memory?
Best regards,
Levi
