Trump to the press: I will crush you like the bugs you are.
Journalists: Haha there goes Trump again.
Biden: I'm incredibly disappointed in your coverage:
Journalists: How dare you? Resign immediately, you ungrateful pathetic SOB.
Flow planned for my cheapo #BPF flame graph for a single driver:
The host side then consumes the fixed-size packets and puts matching stacks to the same bucket. A second thread can periodically then compose flame graph of the data corrected so far.
Somehow got into learning this eBPF stuff during the holidays :-) Super interesting and addicting.
GitHub's co-founder and former CEO launched the Ladybird initiative, a brand-new independent browser written from scratch and backed by a non-profit.
https://linuxiac.com/ladybird-is-a-new-browser-initiative-backed-up-by-1m/
I think, just based on experience on previous tech revolutions, that #AI is neither useless nor it is going to repeal and replace human labor.
It just hasn’t hit the its roof, or more precisely constraints, yet.
Media only giving voice to either AI companies or AI researchers turned into doomsday predictors, is at least quite strong signal of a bubble.
If you feel that AI is evil, here’s couple of suggestions what you can do:
I’ll try next open coding sudo bpftrace -e 'kprobe:tpm_transmit { @[kstack] = count(); }'
.
I.e. probably something like this (at least compiles and loads):
#include "vmlinux.h"
#include <bpf/bpf_core_read.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
char LICENSE[] SEC("license") = "GPL";
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__type(key, int);
__type(value, int);
__uint(max_entries, 100);
} tpm_transmits SEC(".maps");
SEC("kprobe/tpm_transmit")
int BPF_KPROBE(kprobe__tpm_transmit, struct pt_regs *regs)
{
/* TODO: update tpm_transmits map */
return 0;
}
Also, kprobe requires target architecture, so the object file is now compiled as follows:
clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -c payload.c
Binary has now a symbol for maps:
~/work/local/ebpf master*
❯ nm payload.o
0000000000000000 T kprobe__tpm_transmit
0000000000000000 r ____kprobe__tpm_transmit.____fmt
0000000000000000 D LICENSE
0000000000000000 D tpm_transmits
I don’t have any particular use for eBPF but it is nice to get a bit more in-depth picture on the topic…
Here’s a minimal shenanigans for #eBPF #C host, with bpftool
taking care of header generation.
Payload (payload.c
):
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
SEC("tracepoint/syscalls/sys_enter_execve")
int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter *ctx)
{
bpf_printk("execve");
return 0;
}
char LICENSE[] SEC("license") = "GPL";
Host (main.c
):
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
#include <signal.h>
#include "payload.h"
static volatile bool interrupted = false;
struct payload *obj;
void do_sigint(int value)
{
interrupted = true;
}
int main(void)
{
struct sigaction sa;
ssize_t ret;
obj = payload__open();
if (!obj)
exit(1);
ret = payload__load(obj);
if (ret)
goto err;
ret = payload__attach(obj);
if (ret)
goto err;
sa.sa_handler = do_sigint;
sigaction(SIGINT, &sa, NULL);
while (!interrupted);
fprintf(stderr, "\ndone\n");
payload__destroy(obj);
exit(0);
err:
payload__destroy(obj);
exit(1);
}
Build (build.sh
):
#!/usr/bin/env sh
# vmlinux
bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
# payload
clang -g -O2 -target bpf -I . -c payload.c -o payload.o
bpftool gen skeleton payload.o > payload.h
# main
clang -g -O2 -Wall -I . -c main.c -o main.o
# hello-ebpf
clang -Wall -O2 -g main.o -lbpf -lelf -lz -o hello-ebpf
While running trace_pipe
is expected to have output like this:
cat-61135 [011] ....1 8303.116335: bpf_trace_printk: execve
zsh-61136 [002] ....1 8303.116691: bpf_trace_printk: execve
zsh-61139 [004] ....1 8303.118436: bpf_trace_printk: execve