Author: Alexis Lothoré

Alexis works at Bootlin as embedded Linux engineer since 2023. He has packaged full Linux distributions for a variety of devices, mostly for IoT devices

The Dwarves Beneath the Kernel: Forging BTF for eBPF

This blog post is the third installment in our eBPF blog post series, following our posts about eBPF selftests and eBPF trampolines.

In the previous blog post, we discussed how eBPF trampolines are dynamically generated to allow hooking tracing programs to functions’ entry and/or exit. Each trampoline is tailored specifically for the target function on which we want to hook programs: it is then able to read the function context (e.g. function arguments and return value) and to pass those to the hooked programs. However there is one detail that we did not address: how does the trampoline generator know exactly about the function layout ? To be able to generate trampolines that can read and store the function arguments, the trampoline generator needs many details about each argument: the location (a register ? If so, which one ? Or maybe it is on the stack ? And if so, at which offset ?) and its size. Parsing the function machine code is not enough to learn about those, and even if it was, compiler optimizations would obfuscate this kind of info even more. What if besides the actual executable code, the kernel image could be bearing some data about its internal functions ? In this post, we will dive into the DWARF debug information format, and the BPF Type Format (BTF) derived from it to support such a purpose.

Continue reading “The Dwarves Beneath the Kernel: Forging BTF for eBPF”

Bouncing on trampolines to run eBPF programs

This blog post is the second installment in our eBPF blog post series, following our blog post about eBPF selftests.

As eBPF is more and more used in the industry, eBPF kernel developers give considerable attention to eBPF performance: some standard use cases like system monitoring involve hundreds of eBPF programs attached to events triggered at high frequencies. It is then paramount to keep eBPF programs execution overhead as low as possible. This blog post aims to shed some light on an internal eBPF mechanism perfectly showcasing those efforts: the eBPF trampoline.

Continue reading “Bouncing on trampolines to run eBPF programs”

Improving the eBPF tests in the kernel

As part of a partnership with the eBPF Foundation, Bootlin engineers Bastien Curutchet and Alexis Lothoré are working with the kernel community in order to improve eBPF support in the kernel on different aspects. This post is the first one of a series highlighting this effort. For those who need to catch up with the eBPF technology, you can take a look at our “Linux Debugging, tracing and profiling” training course which has been recently updated with eBPF basics !

Continue reading “Improving the eBPF tests in the kernel”

Debugging, tracing and profiling training updated with new eBPF content

Back in January 2023, we announced the availability of a new Bootlin training course  “Linux debugging, profiling, tracing and performance analysis”, initially developed and taught by former Bootlin engineer Clement Léger. A year and a half later, the training course, now taught by Bootlin engineers Luca Ceresoli and Alexis Lothoré, is one of the most requested amongst Bootlin training courses.

Following the feedback received from many people who attended the course, we are happy to announce that a new version of the training is available and  now includes a whole new part about eBPF technology !

Continue reading “Debugging, tracing and profiling training updated with new eBPF content”

Continuous integration in Yocto: improving the regressions detection

The Yocto Project is an open source umbrella project which gathers all needed tools to build full Linux distributions for a wide variety of devices. As the interest for Yocto grew since its first steps, its size and number of use cases increased consequentially. This growth quickly introduced the need of automated testing so that developers can keep introducing new features to the project while making sure not to break any existing part. Bootlin engineer Alexis Lothoré has recently been involved in the Continuous Integration infrastructure of the Yocto Project and has brought improvements to allow Yocto maintainers to detect regressions earlier.

Continue reading “Continuous integration in Yocto: improving the regressions detection”