[DTrace-devel] [PATCH] add BEGIN and END probes

[Kris Van Hees]

Some extra info sparked by this patch...

> -	/* this has problems if a probe has more than one clause */
> +	/* FIXME: this has problems if a probe has more than one clause */
>  	if (ioctl(prp->event_fd, PERF_EVENT_IOC_SET_BPF, bpf_fd) < 0)
>  		return -errno;

Tracing perf events allow for up to 32 BPF programs to be attached to them.
This is a limit in the kernel that we may have to petition to be raised if we
find this to be a problem.

So, while the ioctl name PERF_EVENT_IOC_SET_BPF seem to imply that there can
only be one BPF attached at a time, that limitation only applies to non-tracing
perf events.  For tracing perf events it acts like a 'add BPF' operation :)

> +	 * FIXME:  What should I use for program type?
> +	 *     BPF_PROG_TYPE_UNSPEC
> +	 *         This causes dtrace-user/libbpf/bpf.c bpf_load_program_xattr()
> +	 *         call to sys_bpf_prog_load() to fail with EINVAL.

The libbpf code uses that setting as an indication that the prog type needs to
be determined some other way, e.g. by section name.  We do not use section
names to identify probes.

> +	 *     BPF_PROG_TYPE_UPROBE
> +	 *         No such thing;  check libbpf/include/linux/bpf.h.

Yes, uprobes use the BPF_PROG_TYPE_KPROBE support because at the kernel level
they use the same underlying BPF / perf eent code..

> +	 *     BPF_PROG_TYPE_KPROBE                   used by Kris for dtrace?

That is the one to use.

> +	 *     BPF_PROG_TYPE_TRACEPOINT               used by fbt

No, we use BPF_PROG_TYPE_KPROBE for FBT.

> +	 *     BPF_PROG_TYPE_RAW_TRACEPOINT           used by sdt
> +	 *     BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE  used by syscall

No, we use BPF_PROG_TYPE_TRACEPOINT for SDT and syscall tracing.