repository: BTFHUB should contain BTF files for all kernel modules

Question

repository: BTFHUB should contain BTF files for all kernel modules

rafaeldtinoco opened this issue 2 years ago · 4 comments

Currently BTFHUB supports BTF files only for the main kernel image (vmlinux) but not for the included modules. This means that, if an eBPF program needs to kprobe a module function, for example, in a kernel without internal BTF information it would not be possible (as the program would have to load an external BTF file describing that module and those BTF files don't exist).

Things to observe:

We will need to extract BTF information from vmlinux and all the module objects and have a SINGLE BTF file containing all the BTF information. That will allow us to use "btfgen" (bpftool gen min_core_btf feature) to generate a minimum BTF file for 1 or multiple objects (even when the objects use type information from the kernel modules).

Answer 1 · 2023-03-08T21:42:01.000Z

@brycekahle Please make sure to constantly rebase as I'm documenting the code and changing some variable names for better "first readers" understanding. Of course, if you are tackling this offline.

If you can't work on this, let me know, then we can try to either split work or I can try to address it myself.

Cheers!

Answer 2 · 2023-04-14T23:19:53.000Z

I'm going to start working on this next week. First, I need to establish the proper generation procedure. I think pahole can handle multiple files, but I need to verify.

Answer 3 · 2023-09-21T18:23:40.000Z

In talking with cilium/ebpf maintainers, it seems that split kernel module BTF files are the preferred approach. This mirrors what a kernel does that natively exposes BTF.

Answer 4 · 2024-01-23T21:14:21.000Z

For those following along, working through this on our fork: DataDog#7