Toke, thanks for the quick response!
Yes, I was checking the bpf_probe_read return values, and was reading the
number of bytes expected, so nothing wrong there!
Now that you mention CO-RE, it does actually make sense that these sorts of
errors could be shifted to load time rather than attach time (that the right
phrase?). I've fiddled with CO-RE a bit but I haven't adopted it for a few
reasons (which I could certainly be mistaken about).
I don't have control over kernel versions or compilation flags for the kernel
on the systems I'm targeting and I've had significant difficulty trying to
compile CO-RE programs (e.g. from the BCC repo's libbpf-tools) on Linux <5.4
because I've had a hard time getting the vmlinux. I can't remember if I used
bpftool though (this was about a year ago that I last played with CO-RE), so
perhaps I'll give it another shot.
I've also been very unclear, and have gotten many different answers regarding
the target systems and whether they need to be custom compiled with BTF enabled
for CO-RE programs to run on them, or if you can put a CO-RE program onto a
generic kernel build and it "just works?" From your answer, the answer seems to
be that /sys/kernel/btf/vmlinux needs to be on the target system, so it must
have that BTF_ENABLE flag set? If that's set, do you also need a vmlinux.h file
as well? A coworker was recently messing with CO-RE and seemed to think that
deploying a CO-RE program required shipping the vmlinux.h file and I think he
mentioned that file was about 1Gb big, which is certainly a no-go for our
position.
In addition to that, I've been unclear in the role of BTF in BPF generally.
When I began tinkering with BPF I was under the impression that BTF was *only*
something used for CO-RE programs (something I actually might've gotten from
the article referenced and written by Andrii), but I've periodically seen
errors arise that cite BTF reasons for erroring. Unfortunately I haven't saved
any of these errors and can't remember the causes specifically, but something
like the "updated" maps declarations, i.e.
struct {
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
__uint(key_size, sizeof(u32));
__uint(value_size, sizeof(u32));
} events SEC(".maps");
I've learned does use BTF? Am I misunderstanding what BTF is and the role it
plays in BPF? Or maybe has libbpf development moved so far toward CO-RE that
non-CO-RE development gets similar or the same error messages that just aren't
as clear for it?
I have tons of other questions, like the relationship with BPF and perf's
utilities, but I think I've probably asked enough for this message!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1955): https://lists.iovisor.org/g/iovisor-dev/message/1955
Mute This Topic: https://lists.iovisor.org/mt/80853471/21656
Group Owner: iovisor-dev+ow...@lists.iovisor.org
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
