Skip to content

Commit 36456f9

Browse files
anakryikoanakryiko
committed
snooper: find PyVersion and report it
Signed-off-by: Andrii Nakryiko <[email protected]>
1 parent 3ec985d commit 36456f9

File tree

3 files changed

+30
-0
lines changed

3 files changed

+30
-0
lines changed

examples/c/snooper.bpf.c

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -636,6 +636,27 @@ static int enumerate_vmas(struct task_struct *task, struct task_event *event)
636636
if (err)
637637
goto next;
638638

639+
if (task->pid == task->tgid) {
640+
int sym_idx = find_sym(&fdptr, &s->elf, "Py_Version", STT_OBJECT, s);
641+
if (sym_idx > 0) {
642+
long py_ver_addr = vma->vm_start - vma->vm_pgoff * __PAGE_SIZE + s->sym.st_value;
643+
bpf_printk("[PY] Found 'Py_Version' global variable for PID %d (%s) in '%s' at %px",
644+
task->pid, task->comm, vma_name, py_ver_addr);
645+
646+
__u32 py_ver;
647+
err = bpf_copy_from_user_task(&py_ver, sizeof(py_ver), (void *)py_ver_addr, task, 0);
648+
if (err) {
649+
bpf_printk("[PY] Failed to read Py_Version at %px for '%s': %d",
650+
py_ver_addr, vma_name, err);
651+
} else {
652+
bpf_printk("[PY] PID %d (%s) is running Python v%u.%u.%u!",
653+
task->pid, task->comm,
654+
(u8)(py_ver >> 24), (u8)(py_ver >> 16), (u8)(py_ver >> 8), py_ver);
655+
event->py_ver = py_ver;
656+
}
657+
}
658+
}
659+
639660
//print_symbols(&fdptr, &s->elf, s);
640661

641662
long tls_addr = find_tls_var(task, vma, vma_name, &fdptr, tls_var_name, s);
@@ -681,6 +702,7 @@ static int task_work_cb(struct bpf_map *map, void *key, void *value)
681702
goto cleanup;
682703
}
683704

705+
event->py_ver = 0;
684706
event->has_tls = false;
685707
event->ustack_sz = unwind_user_stack(task, event->ustack, MAX_STACK_DEPTH);
686708

examples/c/snooper.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,13 @@ static int handle_event(void *ctx, void *data, size_t size)
104104

105105
printf("Task: %s (PID=%d, TID=%d)\n", event->comm, event->pid, event->tid);
106106

107+
if (event->py_ver) {
108+
printf(" Running Python v%u.%u.%u!\n",
109+
(__u8)(event->py_ver >> 24),
110+
(__u8)(event->py_ver >> 16),
111+
(__u8)(event->py_ver >> 8));
112+
}
113+
107114
if (event->has_tls)
108115
printf(" TLS: %s = %d\n", skel->bss->tls_var_name, (int)event->tls_value);
109116

examples/c/snooper.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ struct task_event {
2323
stack_trace_t ustack;
2424
bool has_tls;
2525
long tls_value;
26+
__u32 py_ver;
2627
};
2728

2829
#endif /* __SNOOPER_H_ */

0 commit comments

Comments
 (0)