06-15, 14:45–15:20 (Europe/Prague), D0207 (capacity 90)
These days, Linux kernel contains almost 80,000 functions which various observability tools, such as ftrace, BPF, or perf, can attach to. There's usually just a minimal overhead but what if you wanted to attach to all the functions at once? Is that even possible or will it crash the kernel? In this talk, we'll explore the current state of things, show how different tools approach the task, and finally present some very recent kernel contributions which move us towards this goal.
I'm a senior software engineer in Linux kernel engineering at Red Hat. My main focus is on the BPF technology, especially on its applications for system tracing and observability. I'm a upstream maintainer of the bpftrace tool. Also, I have a PhD in computer science from the area of static analysis and verification of software.