adding BTF and ebpf program support to the kernal

[mdr3]

Describe the feature

• eBPF: tiny, safe programs that run in the Linux kernel to trace/control events (network, syscalls, functions) without changing binaries.

• BTF: compact type info (like tiny DWARF) that lets eBPF read kernel/user structs correctly and enables CO-RE (compile once, run everywhere).

• The whole thing can help in intercepting system calls and modifying system library bypassing integrity issues in some apps that use RASP protection

• i try to fork the repo and made changes to config by myself but i got boot loop when enabling BTF debug info
  but when i disable it the boot.img works fine
  i don't have much knowledge in kernel engineering so i want to ask for help

Link to documentation

1- https://medium.com/@suruti94/building-the-linux-kernel-with-btf-1a617cfb4a24
2- https://eunomia.dev/en/tutorials/22-android/

Screenshots

No response

[TheWildJames]

@mdr3 Hello there! yeah I can try to add it! are you able to test? what is your kernel version?

[mdr3]

HI, My kernel version is android12-5.10.205
and my phone is Motorola moto g35