examples: adapt uretprobe example to use link/uretprobe

[mmat11]

No description provided.

[mmat11]

@ti-mo @lmb FYI pmu uprobes are broken; they were working before doing some refactoring. I suppose it's the offset not being passed correctly to perf_event_open:

$ sudo bpftool perf
pid 1056229  fd 3: prog_id 712  uretprobe  filename /bin/bash  offset 0

I am continuing to debug.

PS. currently I believe there aren't "e2e" tests, are these planned?

[mmat11]

Very funny

fmt.Println("Ext2: ", attr.Ext2)
fd, err := unix.PerfEventOpen(&attr, perfAllThreads, 0, -1, unix.PERF_FLAG_FD_CLOEXEC)

$ strace -e perf_event_open -v -s 10000 -f go run ./uretprobe

Ext2:  829312
[pid 1072682] perf_event_open({type=0x7 /* PERF_TYPE_??? */, size=0 /* PERF_ATTR_SIZE_??? */, config=0x1, sample_period=0, sample_type=0, read_format=0, disabled=0, inherit=0, pinned=0, exclusive=0, exclusive_user=0, exclude_kernel=0, exclude_hv=0, exclude_idle=0, mmap=0, comm=0, freq=0, inherit_stat=0, enable_on_exec=0, task=0, watermark=0, precise_ip=0 /* arbitrary skid */, mmap_data=0, sample_id_all=0, exclude_host=0, exclude_guest=0, exclude_callchain_kernel=0, exclude_callchain_user=0, mmap2=0, comm_exec=0, use_clockid=0, context_switch=0, write_backward=0, namespaces=0, wakeup_events=0, config1=0xc0002b7d60}, -1, 0, -1, PERF_FLAG_FD_CLOEXEC) = 3

ext2/config2 is getting lost somewhere 🤔

[lmb]

Not sure what you mean about e2e, but it's probably worth adding a test for uprobes. Spawn something like cat with stdin / stdout a pipe, attach a uprobe to the read function and then assert that the uprobe was called?

[mmat11]

Not sure what you mean about e2e, but it's probably worth adding a test for uprobes. Spawn something like cat with stdin / stdout a pipe, attach a uprobe to the read function and then assert that the uprobe was called?

yes, something like that

[ti-mo]

I've fixed up this commit a bit and added some comments.

Spawn something like cat with stdin / stdout a pipe, attach a uprobe to the read function and then assert that the uprobe was called?

Unfortunately, cat is 99% dylib. I've found a Bash function parse_and_execute that gets fed a string pointer to the argument of bash -C "foo123", (so, a pointer to string foo123), which is something we could use. Most of the Bash codebase (including that function) hasn't been touched in 26 years, so that's unlikely to change. Otherwise, we could always build a tiny static ELF and include it in the repo for testing purposes. (https://www.muppetlabs.com/~breadbox/software/tiny/teensy.html)