feat: add support for uprobe_multi link

[maxgio92]

This patch introduces support for multi uprobe attach via uprobe_multi link [1], to support attach of multiple uprobes and usdt probes without involving perf events. Normal uprobe is attached through the perf event and attaching many uprobes generates one perf event each.

New BPFProg.AttachUprobeMulti and BPFProg.AttachURetprobeMulti methods are available from this patch, which are
astractions over the libbpf bpf_program__attach_uprobe_multi helper, to attach uprobes and uretprobes respectively.

Moreover, the API is simplified over the bpf_program__attach_uprobe_multi, by abstracting the bpf_uprobe_multi_opts API. Following the libbpf API, only the second set of inputs of the libbpf API is supported now, that is, mentioning libbpf:
bpf_program__attach_uprobe_multi() attaches a BPF program to multiple
uprobes with uprobe_multi link.

User can specify 2 mutually exclusive set of inputs:

1. use only path/func_pattern/pid arguments

2. use path/pid with allowed combinations of
   syms/offsets/ref_ctr_offsets/cookies/cnt

The Go binding API indeed supports the path and offsets set of inputs, in a similar fashion the BPFProg.AttachUprobe and
BPFProg.AttachUretprobe provide.

[1]
https://lore.kernel.org/bpf/[email protected]/

[CLAassistant]

All committers have signed the CLA.

[geyslan]

@maxgio92 Tks for this great contribution. We'll get into it soon.

[maxgio92]

Thank you @geyslan!
I've looked in the meantime at the CI failed checks, but none of them seem related to the new tests for uprobe multi link 🤔

[geyslan]

Thank you @geyslan! I've looked in the meantime at the CI failed checks, but none of them seem related to the new tests for uprobe multi link 🤔

Perhaps due to the double definition in vmlinux.h? LMK.

[maxgio92]

My bad @geyslan, I fixed the declarations, thanks.
The difference there is the new unions for the stack and data segments registers, for the support to Intel FRED available since 6.9.

May I ask you a check and possibly a review?
Thank you so much!

[geyslan]

May I ask you a check and possibly a review? Thank you so much!

Of course! I'll do it as soon as I have a free slot. And thanks again for your contribution!

@yanivagman FYI.

[geyslan]

I'll get here soon.

[Copilot]

Pull Request Overview

This PR adds support for multi uprobe and uretprobe attach via a new uprobe_multi link, simplifying the API compared to using individual perf events. Key changes include new methods in the BPFProg API, updated BPF C helper and binding functions, and associated selftests in Go, C, shell script, and Makefile.

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
selftest/uprobe-multi/test.go	Added Go selftest exercising multiple probe attachments
selftest/uprobe-multi/test.c	Added C selftest for uprobe multi functionality
selftest/uprobe-multi/run.sh	Shell script to automate selftests
selftest/uprobe-multi/main.go	Main selftest implementation using multi uprobes
selftest/uprobe-multi/main.bpf.c	BPF C code for ring buffer event notifications
prog.go	New API additions for multi uprobe attach
libbpfgo.h & libbpfgo.c	Bindings for the new uprobe_multi attach helper
Makefile and go.mod	Build and dependency updates for the new functionality
selftest/common/vmlinux.h	Minor adjustments to support the new BPF changes

[geyslan]

All good. I've requested small changes and we'll be good to go.

--- EDIT

Just forgot to mention before. Please make the commits atomic, I mean, this has changes that are later removed partially in the next.

I ask that since I don't want squash them later 👍🏻.

[maxgio92]

Hi @geyslan, thank you so much. I've addressed all the points.
LMK if anything else needs to be addressed.

[geyslan]

In this it's not available yet, right?

[maxgio92]

Exactly. We do only in the cgo API as decided to simplify its introduction next - considering the fix

[maxgio92]

Everything has been addressed @geyslan. Thanks for your patience :-)
Let me know if you prefer to address the support for the func_pattern argument within this PR. As decided, for now it's only supported in the CGO API to ease future contribution.

[geyslan]

No worries. The missing API can be handled next. Thanks again for this new feature. 🚀

[maxgio92]

Right. min has been introduced in Go 1.21, so tests for Go 1.20 is failing now :) Let me address it soon

[geyslan]

Right. min has been introduced in Go 1.21, so tests for Go 1.20 is failing now :) Let me address it soon

Indeed. Shame on me.

[geyslan]

Note for the future: Currently, bpf_uprobe_multi_opts is only used by bpf_program__attach_uprobe_multi. If this changes, it may be better to manage it with dedicated _new() and _free() handlers.

[maxgio92]

No problem @geyslan at all. I've just added a facade to min so that the test behaves correctly for Go < 1.21 as well - tested with 1.18, 1.19 and 1.20.

[geyslan]

Maybe just placing the Min in the test file or even its logic replacing min would be simpler. WDYT?

P.S.: I used min to not pollute logs.

[maxgio92]

@geyslan What about just removing it? The value this debug brings is not worth it IMO. I mean:

diff --git a/selftest/uprobe-multi/main.go b/selftest/uprobe-multi/main.go
index 61fa1a7..eafcbdc 100644
--- a/selftest/uprobe-multi/main.go
+++ b/selftest/uprobe-multi/main.go
@@ -192,10 +192,6 @@ func getFunSyms(name string) ([]elf.Symbol, error) {
 		return nil, err
 	}
 	log.Printf("found %d symbols in %s\n", len(syms), name)
-	log.Printf("showing first %d symbols\n", utils.Min(10, len(syms)))
-	for i := 0; i < utils.Min(10, len(syms)); i++ {
-		log.Printf("symbol %d: %v\n", i, syms[i])
-	}
 	for _, sym := range syms {
 		// Exclude non-function symbols.
 		if elf.ST_TYPE(sym.Info) != elf.STT_FUNC {

In the meantime, I've simplified the backward compatible min, in case we want to keep it.

[geyslan]

@maxgio92 🚀

[maxgio92]

Thank you so much @geyslan !