|
|
|
|
|
|
by rnrn
80 days ago
|
|
|
> For example, they invented the .eh_frame walking technique to get stack traces from binaries without frame pointers enabled. This is not an accurate summary of what they developed. Using .eh_frame to unwind stacks without frame pointers is not novel - it is exactly what it is for and perf has had an implementation doing it since ~2010. The problem is the kernel support for this was repeatedly rejected so the kernel samples kilobytes of stack and then userspace does the unwind What they developed is an implementation of unwinding from an eBPF program running in the kernel using data from eh_frame. |
|
|
Their invention is about pushing down the .eh_frame walking to kernel space, so you don't need to ship large chunks of stack memory to userspace for post-processing. And eBPF code is the executor of that "pushed down" .eh_frame walking.
The GitHub page mentions a patent on this too: https://patents.google.com/patent/US11604718B1/en