Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

magic_write: Translate struct page to virtual address in BPF programs #1507

Closed
AlonZivony opened this issue Feb 23, 2022 · 1 comment
Closed

magic_write: Translate struct page to virtual address in BPF programs #1507

AlonZivony opened this issue Feb 23, 2022 · 1 comment
Assignees
@AlonZivony
Labels
area/ebpf

Comments

@AlonZivony
Copy link
Contributor

In my work on the issue of missing magic_write event during sendfile syscall (#1357) I concluded that given the fact that we can't read from files directly the data, the best thing we have in the flow of the code in the kernel is access to pages that include the data (through the pipe_inode_info struct).
So, to be able to read the data from a page, a method to convert struct page to its matching virtual address is required.
It is a bit complicated to implement because of different physical memory models available and different architecture implementations, but it should be possible using defines, kconfig and globals (#1506 #1504 #1505).
@AlonZivony AlonZivony self-assigned this Feb 23, 2022
@AlonZivony AlonZivony mentioned this issue Feb 28, 2022
Merged
This was referenced Mar 16, 2022
Closed
Closed
Closed
@AlonZivony AlonZivony mentioned this issue Apr 3, 2022
Open
@rafaeldtinoco rafaeldtinoco changed the title Translate struct page to virtual address in BPF programs magic_write: Translate struct page to virtual address in BPF programs Apr 6, 2022
@yanivagman
Copy link
Collaborator

This is more an implementation discussion than an issue in tracee.
Converting to discussion

@aquasecurity aquasecurity locked and limited conversation to collaborators Jan 30, 2023
@yanivagman yanivagman converted this issue into discussion #2654 Jan 30, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees

@AlonZivony AlonZivony

Labels
area/ebpf
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yanivagman @AlonZivony