Hello,

is it possible to use libbpf and CO-RE to trace user space programs that have USDT probes defined with Systemtap's sys/sdt.h?

I've managed to build the simple example application with USDT probes as described in #327. However, I'm not sure what steps are required to attach a BPF CO-RE program to the probe, mainly what the SEC value should be and if anything other than the BPF program is required.

I've got the following so far

#include "vmlinux.h"
#include <bpf/bpf_helpers.h>

SEC("uprobe/tmp/trace_user/tick/loop")
int probe_tick_loop_1(struct pt_regs *reg)
{
	bpf_printk("Hello world, from trace!\n");
	return 0;
}

char LICENSE[] SEC("license") = "GPL";

So far various combinations I've tried for the section value didn't work.
The user space loader that I'm using is a basic program that uses skel.h to open, load and attach the program and then reads the trace pipe at /sys/kernel/debug/tracing/trace_pipe. I'm pretty sure that isn't the issue, as depending on the SEC value, the BPF program either gets loaded as a KPROBE type, UNSPEC type, or doesn't get loaded at all.

I've started looking at the trace.py and the corresponding BCC source, but I'm not sure where exactly I should look yet.
Running the trace tool in verbose mode generates a program similar to the one I've provided above, and the following function with it:

./trace -v 'u:/tmp/trace_user:loop "%u", arg1' -T -p $(pidof trace_user)
...
probe.usdt.get_text() =  #include <uapi/linux/ptrace.h>
static __always_inline int _bpf_readarg_probe_loop_1_1(struct pt_regs *ctx, void *dest, size_t len) {
  if (len != sizeof(int32_t)) return -1;
  { u64 __addr = ctx->bp + -4; __asm__ __volatile__("": : :"memory"); int32_t __res = 0x0; bpf_probe_read(&__res, sizeof(__res), (void *)__addr); *((int32_t *)dest) = __res; }
  return 0;
}

I've previously found the place where that is generated in the BCC source, but couldn't find any documentation on what exactly it is supposed to do.

Thanks,
Juraj