This is the third identical email you've sent, please don't spam the mailing list. Sometimes it takes a bit of time on the mailing list to get an answer. Re-sending your email will just annoy people and won't help you get an answer. As an advice for the future, please try to formulate your problem clearly, before asking a seemingly-random set of questions. See below, I tried to answer your questions as best as I could. On Mon, Oct 19, 2020 at 6:45 PM sheng chen <eason.sheng.chen@xxxxxxxxx> wrote: > > Hi Andrii, > > I'm developing bpftrace tools for Android aarch64 devices to analyze performance, mostly using uprobe/uretprobe and kprobe/kretprobe. > > I'm using the project https://github.com/facebookexperimental/ExtendedAndroidTools for build bpftrace cmd tool. libbpf still not included. > > > First question: > > Currently there is an issue(https://github.com/iovisor/bpftrace/issues/1503) block me to correctly access the pointer address of the uprobe parameters. > > Seems like this require bpf_probe_read_user on linux 5.5(as mension in https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md), if I use the older kernel, I need to apply the patch about the function bpf_probe_read_user, is there any reference code I need to apply as well? I don't understand what reference code you mean. And given this is a bpftrace question, it's probably best to route it to bpftrace Github repo? This mailing list is discussing kernel BPF subsystem and libbpf, for the most part. > > like the following parts: > > linux/include/linux/bpf.h > linux/include/uapi/bpf.h > linux/include/linux/filter.h > linux/include/uapi/filter.h > linux/kernel/bpf/ > linux/net/core/filter.c > linux/kernel/trace/bpf_trace.c > linux/tools/bpf/ > linux/tools/lib/bpf/ > > > Second question: > > Does the trace program like using uprobe/uretprobe and kprobe/kretprobe need libbpf built-in? > I don't think bpftrace relies on libbpf, so I suppose no? > For a specific kernel(like 4.19), how to choose the right version of libbpf for build as the dependency for bcc? You should build with whatever version of libbpf BCC depends on. But then I'm even more confused between you talking about bpftrace, BCC, and libbpf. All three are quite independent projects, with libbpf used by BCC for some functionality. > > Third question: > > Does my kernel need support BTF? Since I need to access the struct members from kernel and userspace. I don't know, because I don't know which kernel is *your* kernel. bpftrace has --btf parameter with which it can use kernel BTF, so I'm guessing that's what you are asking about? If yes, kernels starting from 5.2 version support emitting kernel BTF, but you need to enable it through CONFIG_DEBUG_INFO_BTF=y config value. > > > Thanks > > Eason