Re: bpftrace ustack() pid packing
On Tue, May 28, 2019 at 11:35 AM Daniel Xu <dxu@...> wrote:
The stack ID returned by ustack() points to a stack as a list of
addresses. That gets translated sometime later in user-space by
bpftrace. At that point you just have an address, and you need to know
which PID it belongs to, so you can lookup that processes's address
If BPF one day can save the stack as a list of strings in the kernel
(meaning the kernel must support user-space symbol lookup), then we
wouldn't need the PID (this has been discussed before).
I don't know about this fork problem you mention.