Remove unused load_elf_phdrs kprobe

The kprobe was not used and has hence been dropped.

pkg/ebpftracer/c/headers/types.h

@@ -62,7 +62,6 @@ enum event_id_e {
     SECURITY_BPRM_CHECK,
     SECURITY_SOCKET_CONNECT,
     SOCKET_DUP,
-    LOAD_ELF_PHDRS,
     FILE_MODIFICATION,
     SOCK_SET_STATE,
     PROCESS_OOM_KILLED,

pkg/ebpftracer/c/tracee.bpf.c

@@ -1496,44 +1496,6 @@ int BPF_KPROBE(trace_filp_close)
     return 0;
 }
 
-SEC("kprobe/load_elf_phdrs")
-int BPF_KPROBE(trace_load_elf_phdrs)
-{
-    program_data_t p = {};
-    if (!init_program_data(&p, ctx))
-        return 0;
-
-    if (!should_trace((&p)))
-        return 0;
-
-    proc_info_t *proc_info = p.proc_info;
-
-    struct file *loaded_elf = (struct file *) PT_REGS_PARM2(ctx);
-    const char *elf_pathname =
-        (char *) get_path_str(__builtin_preserve_access_index(&loaded_elf->f_path));
-
-    // The interpreter field will be updated for any loading of an elf, both for the binary and for
-    // the interpreter. Because the interpreter is loaded only after the executed elf is loaded, the
-    // value of the executed binary should be overridden by the interpreter.
-
-    size_t sz = sizeof(proc_info->interpreter.pathname);
-    bpf_probe_read_kernel_str(proc_info->interpreter.pathname, sz, elf_pathname);
-    proc_info->interpreter.id.device = get_dev_from_file(loaded_elf);
-    proc_info->interpreter.id.inode = get_inode_nr_from_file(loaded_elf);
-    proc_info->interpreter.id.ctime = get_ctime_nanosec_from_file(loaded_elf);
-
-    if (should_submit(LOAD_ELF_PHDRS, p.event)) {
-        save_str_to_buf(&p.event->args_buf, (void *) elf_pathname, 0);
-        save_to_submit_buf(&p.event->args_buf, &proc_info->interpreter.id.device, sizeof(dev_t), 1);
-        save_to_submit_buf(
-            &p.event->args_buf, &proc_info->interpreter.id.inode, sizeof(unsigned long), 2);
-
-        events_perf_submit(&p, LOAD_ELF_PHDRS, 0);
-    }
-
-    return 0;
-}
-
 enum signal_handling_method_e {
     SIG_DFL,
     SIG_IGN,

pkg/ebpftracer/events.go

@@ -5259,7 +5259,6 @@ func newEventsDefinitionSet(objs *tracerObjects) map[events.ID]definition {
 				probes: []EventProbe{
 					{handle: ProbeExecBinprm, required: false},
 					{handle: ProbeSchedProcessExec, required: true},
-					{handle: ProbeLoadElfPhdrs, required: false},
 				},
 				tailCalls: []TailCall{
 					{
@@ -5448,22 +5447,6 @@ func newEventsDefinitionSet(objs *tracerObjects) map[events.ID]definition {
 				{Type: "struct sockaddr*", Name: "remote_addr"},
 			},
 		},
-		events.LoadElfPhdrs: {
-			ID:      events.LoadElfPhdrs,
-			id32Bit: events.Sys32Undefined,
-			name:    "load_elf_phdrs",
-			dependencies: dependencies{
-				probes: []EventProbe{
-					{handle: ProbeLoadElfPhdrs, required: true},
-				},
-			},
-			sets: []string{"proc"},
-			params: []argMeta{
-				{Type: "const char*", Name: "pathname"},
-				{Type: "dev_t", Name: "dev"},
-				{Type: "unsigned long", Name: "inode"},
-			},
-		},
 		events.FileModification: {
 			ID:      events.FileModification,
 			id32Bit: events.Sys32Undefined,

pkg/ebpftracer/events/events.go

@@ -36,7 +36,6 @@ const (
 	SecurityBprmCheck
 	SecuritySocketConnect
 	SocketDup
-	LoadElfPhdrs
 	FileModification
 	SockSetState
 	ProcessOomKilled

pkg/ebpftracer/probes.go

@@ -160,7 +160,6 @@ const (
 	ProbeCgroupRmdir
 	ProbeSecurityBPRMCheck
 	ProbeSecuritySocketConnect
-	ProbeLoadElfPhdrs
 	ProbeCgroupSKBIngress
 	ProbeCgroupSKBEgress
 	ProbeFileUpdateTime
@@ -198,7 +197,6 @@ func newProbes(objs *tracerObjects, cgroupPath string) map[handle]probe {
 		ProbeCgroupRmdir:            newTraceProbe(rawTracepoint, "cgroup:cgroup_rmdir", objs.TracepointCgroupCgroupRmdir),
 		ProbeSecurityBPRMCheck:      newTraceProbe(kProbe, "security_bprm_check", objs.TraceSecurityBprmCheck),
 		ProbeSecuritySocketConnect:  newTraceProbe(kProbe, "security_socket_connect", objs.TraceSecuritySocketConnect),
-		ProbeLoadElfPhdrs:           newTraceProbe(kProbe, "load_elf_phdrs", objs.TraceLoadElfPhdrs),
 		ProbeCgroupSKBIngress:       newCgroupProbe(ebpf.AttachCGroupInetIngress, cgroupPath, objs.CgroupSkbIngress),
 		ProbeCgroupSKBEgress:        newCgroupProbe(ebpf.AttachCGroupInetEgress, cgroupPath, objs.CgroupSkbEgress),
 		ProbeFileUpdateTime:         newTraceProbe(kProbe, "file_update_time", objs.TraceFileUpdateTime),