DTrace Patches for the Linux Kernel

This repository hosts the upstream Linux kernel, plus the necessary patches to run DTrace. There are two flavors of patches, one set that works with the most recent implementation of DTrace, based on BPF, and the other set that works with the previous implementation of DTrace which didn't use BPF and relies on a kernel module (dtrace.ko).

The set of patches for the BPF based version of DTrace are much more limited in scope:

• Add /proc/kallmodsyms which provides a mapping between kernel symbol and module name that only changes when the kernel source code is changed. This mapping does not change simply because a module becomes built into the kernel. It also provides size information to determine whether an address is within a symbol or outside it, especially given that there could be huge gaps between symbols.

• dwarf2ctf, a tool which runs whenever 'make ctf' is run, extracting information on the kernel's types and global variables from the DWARF-format debug information in the kernel build tree, deduplicating it, and emitting it in Sun's Compact Type Format into a mmappable type archive named vmlinux.ctfa, which is installed at 'make install' time into /lib/modules/$(uname -r)/kernel/.

• waitfd(): new syscall implementing waitpid() over fds. fd = waitfd(P_PID, some_pid, WEXITED | WSTOPPED, 0); This returns a file descriptor which becomes ready whenever waitpid() would return, and when read() returns the return value waitpid() would have returned.

• Usage of the Toolchain-based CTF support: kernel is build with -gt for CTF generation using GCC: Add two new CONFIGs for a CTF enabled toolchain and a kernel build with -gt/-lctf respectively:

  • new config HAVE_CTF_TOOLCHAIN which is set if the toolchain supports CTF generation.
  • new config CTF_USING_BINUTILS to control whether CTF generation is to be done using the GNU Toolchain. This config is unset by default.This adds the option to use a new CTF deduplicator based on the libctf linking machinery.