On Tue, Jan 18, 2022 at 2:57 AM Gabriele N. Tornetta <phoenix1987@xxxxxxxxx> wrote: > > Add a new BPF helper to read the VM of a process identified by PID. > Whilst PIDs are ambiguous without a namespace, many traditional > observability tools, like profilers and debuggers, accept a PID to > attach to a running process. The new helper proposed by this patch > is aimed at providing the capability of reading a remote process VM > to similar tools. So how exactly is it going to be used with a pid provided by a tool? I'm guessing if bpf prog attaches to some syscall it will filter out all events that don't match the pid. Then when current_pid == user_provided_pid it will read memory. In such case the prog can use bpf_get_current_task_btf() and Kenny's bpf_access_process_vm(), right?
