elf: implement Perf Event file descriptor based kprobe

[alban]

gobpf currently uses global kprobes via debugfs/tracefs and not the Perf Event file descriptor based kprobe (Linux >=4.17, commit). So unfortunately, kprobes can remain from previous executions. Ideally, gobpf should implement Perf Event based kprobe and fallback to debugfs/tracefs, like bcc:

https://github.com/iovisor/bcc/blob/6e9b4509fc7a063302b574520bac6d49b01ca97e/src/cc/libbpf.c#L1021-L1027

[drewrip]

If gobpf uses the C binding to bcc's _bpf_attachkprobe, why isn't gobpf also seeing the fix?

gobpf's call to bpf_attach_kprobe

I went looking for the culprit and couldn't seem to reason out why gobpf wouldn't be working with the Perf Event File descriptor based kprobes.

Apologies if I oversimplified things.

[alban]

Gobpf has actually two separate libraries: the one based on bcc (in the bcc directory) and the one with its own bpf loader (in the elf directory). This bug is about the elf library.

tcptracer-bpf uses the elf library.