Skip to content

Commit d2cde62

Browse files
marunrunmarunrun
authored
update fentry (#167)
* update fentry add linux arm kernel version limits * docs(fentry) : translated chineses * docs(fentry) : Complete the missing words
1 parent 59ef373 commit d2cde62

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

src/3-fentry-unlink/README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,22 @@ fentry (function entry) and fexit (function exit) are two types of probes in eBP
1010

1111
Compared to kprobes, fentry and fexit programs have higher performance and availability. In this example, we can directly access the pointers to the functions' parameters, just like in regular C code, without needing various read helpers. The main difference between fexit and kretprobe programs is that fexit programs can access both the input parameters and return values of a function, while kretprobe programs can only access the return value. Starting from the 5.5 kernel, fentry and fexit are available for eBPF programs.
1212

13+
> arm64 kernel version requires 6.0
14+
>
15+
> Refer to the learning eBPF documentation:
16+
>
17+
> A more efficient mechanism for tracing the entry to and exit from kernel functions
18+
> was introduced along with the idea of BPF trampoline in kernel version 5.5 (on x86
19+
> processors; BPF trampoline support doesn’t arrive for ARM processors until Linux
20+
> 6.0). If you’re using a recent enough kernel, fentry/fexit is now the preferred method
21+
> for tracing the entry to or exit from a kernel function
22+
>
23+
> Reference: https://kernelnewbies.org/Linux_6.0#ARM
24+
25+
26+
27+
28+
1329
```c
1430
#include "vmlinux.h"
1531
#include <bpf/bpf_helpers.h>

src/3-fentry-unlink/README.zh.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,18 @@ fentry(function entry)和 fexit(function exit)是 eBPF(扩展的伯克
1010

1111
与 kprobes 相比,fentry 和 fexit 程序有更高的性能和可用性。在这个例子中,我们可以直接访问函数的指针参数,就像在普通的 C 代码中一样,而不需要使用各种读取帮助程序。fexit 和 kretprobe 程序最大的区别在于,fexit 程序可以访问函数的输入参数和返回值,而 kretprobe 只能访问返回值。从 5.5 内核开始,fentry 和 fexit 对 eBPF 程序可用。
1212

13+
> arm64 内核版本需要 6.0
14+
>
15+
> 参考 learning eBPF 文档:
16+
>
17+
> 从内核版本 5.5 开始(适用于 x86 处理器;*BPF trampoline* 支持在 Linux 6.0 之前不适用于 ARM 处理器),引入了一种更高效的机制来跟踪进入和退出内核函数的方式以及 *BPF trampoline* 的概念。如果您正在使用足够新的内核,fentry/fexit 现在是首选的跟踪进入或退出内核函数的方法。
18+
>
19+
> 参考:https://kernelnewbies.org/Linux_6.0#ARM
20+
21+
22+
23+
24+
1325
```c
1426
#include "vmlinux.h"
1527
#include <bpf/bpf_helpers.h>

0 commit comments

Comments
 (0)