On Thu, 24 Oct 2024 10:48:55 -0700 Andrii Nakryiko <[email protected]> wrote:
> > You record cred, targ_ns and capable_ns but don't use it in TP_printk? > > > > It's fine to print pointers there. Is there a reason you do not? > > Are those pointers really useful for anything? Maybe it's better to > print ns->ns.inum instead? At least that's something that is usable > from user space side, no? Pointers are actually useful from user space. It allows you to add eprobes to get data from the structure. Yes, you can do this from BPF but sometimes a shell script is nicer to use. $ gdb vmlinux (gdb) print &(((struct user_namespace *)0)->ns.inum) $2 = (unsigned int *) 0xe8 # cd /sys/kernel/tracing # echo 'e:cap capability/capable num=+0e8($capable-ns)' > dynamic_events # echo 1 > events/eprobes/cap/enable # cat trace Thus pointers give a nice way of getting info dynamically, and having the pointer printed out in the TP_printk also helps to know you can do this. I realize that eprobes is not documented well (or at all) which needs to be fixed. -- Steve
