On Sun, Jan 02, 2022 at 08:02:01PM +0000, Jhonny Knaak de Vargas wrote: > Hi, > Got some quick questions, > Consider that I am a newbie just studying. > > 1. How can I subscribe to the list? This link seems to not be valid > anymore http://vger.kernel.org/vger-lists.html#bpf It should work. > > 2. What I want to do: > My idea is from user space set the pid of a process to the bpf > program on the kernel side. > On the kernel side I want to have a variable which will have > that PID that came from user space. Now,I want to identify writes to > memory that process owns. > > Question: > I am not sure if I should be looking to use kernel headers for > identifying the memory pages of a process or should I be reading /proc? > > Can you guys please give me some tips on how to achieve that? Where exactly do you hook for identifying memory writes? I guess it may already provide some context for you to follow to find out the process. And you can always use eBPF map to communicate with user-space to filter processes with PID's. Thanks.
