Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750921AbbBJGLI (ORCPT ); Tue, 10 Feb 2015 01:11:08 -0500 Received: from mail-qc0-f171.google.com ([209.85.216.171]:55493 "EHLO mail-qc0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750726AbbBJGLG (ORCPT ); Tue, 10 Feb 2015 01:11:06 -0500 MIME-Version: 1.0 From: Alexei Starovoitov Date: Mon, 9 Feb 2015 22:10:45 -0800 Message-ID: Subject: Re: [PATCH v3 linux-trace 1/8] tracing: attach eBPF programs to tracepoints and syscalls To: Steven Rostedt Cc: Ingo Molnar , Namhyung Kim , Arnaldo Carvalho de Melo , Jiri Olsa , Masami Hiramatsu , Linux API , Network Development , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2208 Lines: 48 On Mon, Feb 9, 2015 at 9:13 PM, Steven Rostedt wrote: >> \ >> + if (prog) { \ >> + __maybe_unused const u64 z = 0; \ >> + struct bpf_context __ctx = ((struct bpf_context) { \ >> + __BPF_CAST6(args, z, z, z, z, z) \ > > Note, there is no guarantee that args is at most 6. For example, in > drivers/net/wireless/brcm80211/brcmsmac/brcms_trace_events.h, the > trace_event brcms_txstatus has 8 args. > > But I guess that's OK if you do not need those last args, right? yeah, some tracepoints pass a lot of things. That's rare and in most of the cases they can be fetched from parent structure. > I'm nervous about showing args of tracepoints too, because we don't want > that to become a strict ABI either. One can argue that current TP_printk format is already an ABI, because somebody might be parsing the text output. so in some cases we cannot change tracepoints without somebody complaining that his tool broke. In other cases tracepoints are used for debugging only and no one will notice when they change... It was and still a grey area. bpf doesn't change any of that. It actually makes addition of new tracepoints easier. In the future we might add a tracepoint and pass a single pointer to interesting data struct to it. bpf programs will walk data structures 'as safe modules' via bpf_fetch*() methods without exposing it as ABI. whereas today we pass a lot of fields to tracepoints and make all of these fields immutable. To me tracepoints are like gdb breakpoints. and bpf programs like live debugger that examine things. the next step is to be able to write bpf scripts on the fly without leaving debugger. Something like perf probe + editor + live execution. Truly like gdb for kernel. while kernel is running. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/