Re: [RFC PATCH] tracing: BTF testing for kprobe-events

[Steven Rostedt]

On Thu, 23 Sep 2021 21:39:43 +0900
Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:

> Hi Steve,
> 

Hi Masami,

Sorry for the late reply, but Plumbers followed by OSS put me way behind,
and I just got to this email :-/

> Here I share my testing patch of the BTF for kprobe events.
> Currently this only allow user to specify '$$args' for
> tracing all arguments of the function. This is only
> avaialbe if
> - the probe point is on the function entry
> - the kernel is compiled with BTF (CONFIG_DEBUG_INFO_BTF)
> - the kernel is enables BPF (CONFIG_BPF_SYSCALL)
> 
> And Special thanks to Sven! Most of BTF handling part of
> this patch comes from his patch [1]
> 
> [1] https://stackframe.org/0001-ftrace-arg-hack.patch

Which is newer than this patch because he sent a v2, and that's a couple
patches down in my queue. I'll be looking at that one shortly as well.

> 
> What I thought while coding this were;
> - kernel/bpf/btf.c can be moved under lib/ so that
>   the other subsystems can reuse it, independent
>   from BPF. (Also, this should depends on CONFIG_DEBUG_INFO_BTF)

Makes sense.

> - some more utility functions can be exposed.
>   e.g. I copied btf_type_int() from btf.c

Agreed.

> - If there are more comments for the BTF APIs, it will
>   be more useful...
> - Overall, the BTF is easy to understand for who
>   already understand DWARF. Great work!

Great to hear.

> - I think I need 'ptr' and 'bool' types for fetcharg types.
> 
> Anyway, this is just for testing. I have to add some
> more cleanup, features and documentations, etc.

This is awesome, and something to look at for a generic ftrace args point
of view too.

One issue is how do we handle multiple register values? Like a u64 type on
32 bit?  As $arg1 is just a register that is in $arg1, for a u64 parameter
on 32 bit, that is usually handled with two registers.

Have thoughts on that?

I'll play with your patch today.

-- Steve