Helper function bpf_probe_write_user
Definition
Copyright (c) 2015 The Libbpf Authors. All rights reserved.
Attempt in a safe way to write len bytes from the buffer src to dst in memory. It only works for threads that are in user context, and dst must be a valid user space address.
This helper should not be used to implement any kind of security mechanism because of TOC-TOU attacks, but rather to debug, divert, and manipulate execution of semi-cooperative processes.
Keep in mind that this feature is meant for experiments, and it has a risk of crashing the system and running programs. Therefore, when an eBPF program using this helper is attached, a warning including PID and process name is printed to kernel logs.
Returns
0 on success, or a negative error in case of failure.
static long (* const bpf_probe_write_user)(void *dst, const void *src, __u32 len) = (void *) 36;
Usage
Docs could be improved
This part of the docs is incomplete, contributions are very welcome
Program types
This helper call can be used in the following program types:
- BPF_PROG_TYPE_KPROBE
- BPF_PROG_TYPE_LSM
- BPF_PROG_TYPE_PERF_EVENT
- BPF_PROG_TYPE_RAW_TRACEPOINT
- BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
- BPF_PROG_TYPE_SYSCALL
- BPF_PROG_TYPE_TRACEPOINT
- BPF_PROG_TYPE_TRACING
Example
Docs could be improved
This part of the docs is incomplete, contributions are very welcome