new tool proposal: bpflist

[brendangregg]

I'm proposing a new tool that would list enabled BPF programs.

This tool could get a lot better with kernel support. But we'd still have the problem of wanting this for older kernels.

Here's what I'm thinking of hacking up quickly for now. A tool based on:

# ls -l /proc/*/fd/* | grep bpf
ls: cannot access '/proc/10702/fd/255': No such file or directory
ls: cannot access '/proc/10702/fd/3': No such file or directory
ls: cannot access '/proc/self/fd/255': No such file or directory
ls: cannot access '/proc/self/fd/3': No such file or directory
ls: cannot access '/proc/thread-self/fd/255': No such file or directory
ls: cannot access '/proc/thread-self/fd/3': No such file or directory
lrwx------ 1 root     root     64 Mar  9 00:58 /proc/10700/fd/3 -> anon_inode:bpf-map
lrwx------ 1 root     root     64 Mar  9 00:58 /proc/10700/fd/4 -> anon_inode:bpf-prog
lrwx------ 1 root     root     64 Mar  9 00:58 /proc/10700/fd/6 -> anon_inode:bpf-prog
# ls -l /sys/fs/bpf/*/*
ls: cannot access '/sys/fs/bpf/*/*': No such file or directory

So FD symlinks with "bpf" reveal process IDs doing BPF, and I can then look up their /proc/PID/comm. Also, take a look in /sys/fs/bpf/*/* for any pinned BPF programs.

I (or whoever writes this tool) can add a verbose mode to print /sys/kernel/debug/tracing/enabled_functions, and/or kprobe_events/uprobe_events.

I haven't seen a way to dump enabled tracepoints yet. Are we missing a /sys/kernel/debug/tracing/tracepoint_events?