Skip to content

Helper function bpf_probe_write_user

v4.8

Definition

Copyright (c) 2015 The Libbpf Authors. All rights reserved.

Attempt in a safe way to write len bytes from the buffer src to dst in memory. It only works for threads that are in user context, and dst must be a valid user space address.

This helper should not be used to implement any kind of security mechanism because of TOC-TOU attacks, but rather to debug, divert, and manipulate execution of semi-cooperative processes.

Keep in mind that this feature is meant for experiments, and it has a risk of crashing the system and running programs. Therefore, when an eBPF program using this helper is attached, a warning including PID and process name is printed to kernel logs.

Returns

0 on success, or a negative error in case of failure.

static long (* const bpf_probe_write_user)(void *dst, const void *src, __u32 len) = (void *) 36;

Usage

Docs could be improved

This part of the docs is incomplete, contributions are very welcome

Program types

This helper call can be used in the following program types:

Example

Docs could be improved

This part of the docs is incomplete, contributions are very welcome