samples, bpf: Refactor kprobe tracing user progs with libbpf
Currently, the kprobe BPF program attachment method for bpf_load is
quite old. The implementation of bpf_load "directly" controls and
manages(create, delete) the kprobe events of DEBUGFS. On the other hand,
using using the libbpf automatically manages the kprobe event.
(under bpf_link interface)
By calling bpf_program__attach(_kprobe) in libbpf, the corresponding
kprobe is created and the BPF program will be attached to this kprobe.
To remove this, by simply invoking bpf_link__destroy will clean up the
event.
This commit refactors kprobe tracing programs (tracex{1~7}_user.c) with
libbpf using bpf_link interface and bpf_program__attach.
tracex2_kern.c, which tracks system calls (sys_*), has been modified to
append prefix depending on architecture.
Signed-off-by: 
Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: 
Daniel Borkmann <daniel@iogearbox.net>
Acked-by: 
Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200516040608.1377876-3-danieltimlee@gmail.com
Showing
- samples/bpf/Makefile 6 additions, 6 deletionssamples/bpf/Makefile
- samples/bpf/trace_common.h 13 additions, 0 deletionssamples/bpf/trace_common.h
- samples/bpf/tracex1_user.c 30 additions, 7 deletionssamples/bpf/tracex1_user.c
- samples/bpf/tracex2_kern.c 2 additions, 1 deletionsamples/bpf/tracex2_kern.c
- samples/bpf/tracex2_user.c 42 additions, 9 deletionssamples/bpf/tracex2_user.c
- samples/bpf/tracex3_user.c 45 additions, 16 deletionssamples/bpf/tracex3_user.c
- samples/bpf/tracex4_user.c 40 additions, 11 deletionssamples/bpf/tracex4_user.c
- samples/bpf/tracex6_user.c 43 additions, 6 deletionssamples/bpf/tracex6_user.c
- samples/bpf/tracex7_user.c 31 additions, 8 deletionssamples/bpf/tracex7_user.c
Loading
Please register or sign in to comment