Re: [PATCH v4 1/2] Provide in-kernel headers for making it easy to extend the kernel

[Masami Hiramatsu]

On Thu, 14 Mar 2019 08:27:48 -0400
Joel Fernandes <joel@xxxxxxxxxxxxxxxxx> wrote:

> > But the eBPF is based on kprobe-events. What kind of usage would you
> > expected? (with macros??)
> 
> eBPF C programs are compiled with kernel headers. They can execute inline
> functions or refer to macros in the kernel headers. They are similar to
> kernel modules where you build a C program that then later is executed in
> kernel context. It goes through the whole compiler pipeline. This is slightly
> different usage from pure kprobe-events.  Also eBPF kprobe programs need
> LINUX_VERSION_CODE (or similarly named) macro which it provides to the bpf(2)
> syscall when loading kprobe programs. This is because eBPF implementation in
> the kernel checks if the eBPF programs that use kprobes are being loaded
> against the right kernel.

Ah, I got it. It's similar to SystemTap. :)

Thank you,

-- 
Masami Hiramatsu <mhiramat@xxxxxxxxxx>