Optimize kprobe session#10955
Closed
andrey-grodzovsky wants to merge 3 commits intokernel-patches:bpf-next_basefrom
Closed
Optimize kprobe session#10955andrey-grodzovsky wants to merge 3 commits intokernel-patches:bpf-next_basefrom
andrey-grodzovsky wants to merge 3 commits intokernel-patches:bpf-next_basefrom
Conversation
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
2 times, most recently
from
a003c26 to
48fc95a
Compare
Implement dual-path optimization in attach_kprobe_session(): - Fast path: Use syms[] array for exact function names (no kallsyms parsing) - Slow path: Use pattern matching with kallsyms only for wildcards This avoids expensive kallsyms file parsing (~150ms) when function names are specified exactly, improving attachment time 50x (~3-5ms). Error code normalization: The fast path returns ESRCH from kernel's ftrace_lookup_symbols(), while slow path returns ENOENT from userspace kallsyms parsing. Convert ESRCH to ENOENT in fast path to maintain API consistency - both paths now return identical error codes for "symbol not found". Signed-off-by: Andrey Grodzovsky <andrey.grodzovsky@crowdstrike.com>
andrey-grodzovsky
force-pushed
the
optimize-kprobe-session
branch
from
5cd1c63 to
44ed1d9
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
48fc95a to
43c5e2a
Compare
andrey-grodzovsky
force-pushed
the
optimize-kprobe-session
branch
2 times, most recently
from
4ee4d8a to
137de4d
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
43c5e2a to
7e4a3f3
Compare
Add test_session_syms() to verify the optimization works correctly with exact function names, and test_session_errors() to verify error code consistency between fast and slow paths. test_session_syms_skel_api(): - Tests entry/return execution with exact function names - Verifies return probe suppression works correctly - Uses kprobe.session/bpf_fentry_test1 (exact name, no wildcards) test_session_errors(): - Verifies both fast path (exact name) and slow path (wildcard pattern) return the same error code (ENOENT) for non-existent functions - Protects against future kernel or libbpf changes that might alter error return values - Uses impossible function names that cannot exist in kernel code: * __impossible_test_func_xyz_wildcard_* for slow path * __impossible_test_func_xyz_exact_123 for fast path Signed-off-by: Andrey Grodzovsky <andrey.grodzovsky@crowdstrike.com>
andrey-grodzovsky
force-pushed
the
optimize-kprobe-session
branch
from
137de4d to
8efc961
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
11 times, most recently
from
2294d0a to
254af9f
Compare
|
Automatically cleaning up stale PR; feel free to reopen if needed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement dual-path optimization in attach_kprobe_session: use fast syms[] array for exact function names, fall back to slow pattern matching only for wildcards. This avoids expensive kallsyms parsing (~150ms) when function names are specified exactly, improving attachment time 50x (~3-5ms).
Add test coverage with kprobe_multi_session_syms test program that exercises the fast path with exact function names