On Mon, 15 Sep 2025 09:36:38 -0700 Kalesh Singh kaleshsingh@google.com wrote:
Needed observability on in field devices can be collected with minimal overhead and can be toggled on and off. Event driven telemetry can be done with tracepoint BPF programs.
The process comm is provided for aggregation across devices and tgid is to enable per-process aggregation per device.
What do you mean about comm being used to aggregation across devices? What's special about this trace event that will make it used across devices?
Note, if BPF is being used, can't the BPF program just add the current comm? Why waste space in the ring buffer for it?
+TRACE_EVENT(max_vma_count_exceeded,
- TP_PROTO(struct task_struct *task),
Why pass in the task if it's always going to be current?
- TP_ARGS(task),
- TP_STRUCT__entry(
__string(comm, task->comm)
This could be:
__string(comm, current)
But I still want to know what makes this trace event special over other trace events to store this, and can't it be retrieved another way, especially if BPF is being used to hook to it?
-- Steve
__field(pid_t, tgid)- ),
- TP_fast_assign(
__assign_str(comm);__entry->tgid = task->tgid;- ),
- TP_printk("comm=%s tgid=%d", __get_str(comm), __entry->tgid)
+);