On Fri, Aug 26, 2022 at 11:45 AM Song Liu <songliubraving@xxxxxx> wrote: > > And actually, we can just read ctx->data and get the raw record, > > right..? > > Played with this for a little bit. ctx->data appears to be not > reliable sometimes. I guess (not 100% sure) this is because we > call bpf program before event->orig_overflow_handler. We can > probably add a flag to specify we want to call orig_overflow_handler > first. I'm not sure. The sample_data should be provided by the caller of perf_event_overflow. So I guess the bpf program should see a valid ctx->data. Also I want to control calling the orig_overflow_handler based on the return value of the BPF program. So calling the orig handler before BPF won't work for me. :) Thanks, Namhyung
