[FEATURE] Support read `/sys/bus/event_source/devices/uprobe/type` on old kernel versions

[Officeyutong]

Libbpf will try to read /sys/bus/event_source/devices/uprobe/type when creating uprobe perf event. This file doesn't exist on kernel that doesn't support uprobe. But since userspace uprobe doesn't rely on kernel features, we should make it support such kernel versions.

Possible ways:

• Hook function open and read, so that make libbpf think the file exists
• Put that file in docker image to trick libbpf that the file exists. Possible problem: Do we need to mount /sys from the host so that we can use syscall tracepoint?

[yunwei37]

In docker, you can mount a regular dir into /sys/bus/event_source/devices/uprobe/

So in order to run bpftime on old kernel version, you can simply copy the content of /sys/bus/event_source/devices/uprobe/ on new kernel, put it on old kernel, and mount it with docker.

[yunwei37]

Another approach is hook open function with LD_PRELOAD in syscall-server.so, and prepare a directory with the same content as /sys/bus/event_source/devices/uprobe in ~/.bpftime/event_source/devices/uprobe. When the libbpf tries to read something in /sys/bus/event_source/devices/uprobe but it's not exists, we can change the open file to make it actually read contents in ~/.bpftime/event_source/devices/uprobe.

[yunwei37]

Related to #145

[yunwei37]

Please modify code in https://github.com/eunomia-bpf/bpftime/tree/master/runtime/syscall-server

[zhangzihengya]

hi @Officeyutong @yunwei37 would like to take a crack at this, could you please assign this to me