BPF 实践学习
bpf 应该算是近些年来营销最为成功的技术之一, bpf 社区也雄心勃勃的把 bpf 往 docker 的高度推。
与近些年来的 rust 热颇为相似, 有的人看来是 Hype,一问都说牛,再问都不学。 毕竟招聘软件一搜关键词真没几个岗位要求这个。
我比较容易受营销策略影响(请在我退休后给我推销脑白金), 于是乎我就真的去学 bpf 了。
关键 Hack
蹦床/Trampoline
借助编译器的编译参数实现 动态修改内核函数调用 Linux Kernel Debugging (P428)
The brilliant solution to this situation is to enable a config option called dynamic ftrace CONFIG_DYNAMIC_FTRACE. When set to y, the kernel performs something amazing (and, in truth, scary); it can (and does!) modify kernel machine instructions on the fly in RAM, patching kernel functions to jump into ftrace or not, as required (this is often called a trampoline)!
准确来说是利用的编译器的 -pg -mfentry 选项 doc (P560)。
-mfentry -mno-fentry If profiling is active (-pg), put the profiling counter call before the prologue. Note: On x86 architectures the attribute ms_hook_prologue isn’t possible at the moment for -mfentry and -pg.
儿童蹦床/Trampoline
尝试实现最小化的用户空间 trampoline Demo,称之为儿童蹦床。
// TODO:
void foo() {}