From: Yonghong Song <yonghong.song@linux.dev>
To: Rong Tao <rtoax@foxmail.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
rongtao@cestc.cn, Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Mykola Lysenko <mykolal@fb.com>,
Shuah Khan <shuah@kernel.org>,
Juntong Deng <juntong.deng@outlook.com>,
Amery Hung <amery.hung@bytedance.com>,
Dave Marchevsky <davemarchevsky@fb.com>,
Hou Tao <houtao1@huawei.com>,
"open list:BPF [GENERAL] (Safe Dynamic Programs and Tools)"
<bpf@vger.kernel.org>, open list <linux-kernel@vger.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>
Subject: Re: [PATCH bpf-next 1/2] bpf: Add bpf_task_cwd_from_pid() kfunc
Date: Thu, 29 May 2025 18:55:56 -0700 [thread overview]
Message-ID: <599838d4-7faf-41ce-9a7f-6eebd5173db7@linux.dev> (raw)
In-Reply-To: <tencent_C8CF57BAD10D440E8308A19E2C894B341507@qq.com>
On 5/29/25 6:28 PM, Rong Tao wrote:
>
> On 5/29/25 13:44, Alexei Starovoitov wrote:
>> On Wed, May 28, 2025 at 8:37 PM Rong Tao <rtoax@foxmail.com> wrote:
>>> From: Rong Tao <rongtao@cestc.cn>
>>>
>>> It is a bit troublesome to get cwd based on pid in bpf program, such as
>>> bpftrace example [1].
>>>
>>> This patch therefore adds a new bpf_task_cwd_from_pid() kfunc which
>>> allows BPF programs to get cwd from a pid.
>>>
>>> [1] https://github.com/bpftrace/bpftrace/issues/3314
>> Yes. This is cumbersome, but adding a very specific kfunc
>> to the kernel is not a solution.
>> This is tracing, no need for precise cwd. probe_read_kernel
>> can do the job. bpftrace needs to have better C interop.
>> Once that happens any kind of tracing extraction will be
>> easy to write in C. Like this bpf_task_cwd_from_pid()
>> can already be written as C bpf program.
> Thanks for your reply, Yesterday I tried many ways to implement
> the solution of getting cwd from pid/task, but all failed. The basic
> idea is to rewrite the d_path() code, but in the bpf program, there
> will be various memory security access problems, even if enough
> `if (!ptr)` are added, the program cannot be loaded successfully.
>
> https://github.com/Rtoax/bcc/commit/2ba7a2389fc1183264e5195ff26561d93038886c
>
>
> bcc/tools$ sudo ./opensnoop.py -F
>
> ; if (dentry == vfsmnt->mnt_root || dentry == dentry->d_parent) {
> @ main.c:174
> 109: (79) r2 = *(u64 *)(r7 +0)
> R7 invalid mem access 'scalar'
I think you can use bpf_probe_read_kernel() helper to get r2?
>
> At the same time, bpf_d_path cannot be used because it can only be
> applied to functions in btf_allowlist_d_path. Currently, it is
> impossible to get cwd from pid/task in user mode. Any suggestions?
>
> In addition, I fully tested this patch yesterday and it performed well.
>
> Rong Tao
>
>
next prev parent reply other threads:[~2025-05-30 1:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1748488784.git.rtoax@foxmail.com>
2025-05-29 3:32 ` [PATCH bpf-next 1/2] bpf: Add bpf_task_cwd_from_pid() kfunc Rong Tao
2025-05-29 5:44 ` Alexei Starovoitov
2025-05-30 1:28 ` Rong Tao
2025-05-30 1:55 ` Yonghong Song [this message]
2025-05-30 6:34 ` Rong Tao
2025-05-29 3:32 ` [PATCH bpf-next 2/2] selftests/bpf: Add selftests for bpf_task_cwd_from_pid() Rong Tao
2025-05-29 20:30 [PATCH bpf-next 1/2] bpf: Add bpf_task_cwd_from_pid() kfunc kernel test robot
2025-06-02 6:20 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=599838d4-7faf-41ce-9a7f-6eebd5173db7@linux.dev \
--to=yonghong.song@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=amery.hung@bytedance.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davemarchevsky@fb.com \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=houtao1@huawei.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=juntong.deng@outlook.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mykolal@fb.com \
--cc=rongtao@cestc.cn \
--cc=rtoax@foxmail.com \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.