Hello.
I'm using SystemTap, and I want to know how many of hooks I implement
using SystemTap can be replaced by IO Visor.
(1) My understanding is that, due to restriction of available instruction
set in eBPF, it is impossible to call arbitrary kernel functions.
There is no way to i
Hello.
I changed the hook as below and confirmed that cp == NULL at bpf_probe_read().
That is, it is bpf_usdt_readarg() which got broken.
--
int do_start(struct pt_regs *ctx) {
char *cp = NULL;
bpf_usdt_readarg(1, ctx, &cp);
struct { char query[QUERY_MAX]; } data = { };
if
Hello.
I noticed that b0f891d129a9b372 ("Force udst ctx->#reg load to be volatile")
broke an USDT probe example shown below.
--
#!/usr/bin/python
>from bcc import BPF, USDT
import sys
import ctypes as ct
def usage():
print("USAGE: usdt PID")
exit()
if len(sys.argv) < 1:
usage
