Expanding eBPF Compile Once, Run Everywhere(CO-RE) to Userspace Compatibility

eBPF (extended Berkeley Packet Filter) is a powerful technology used in modern Linux systems, allowing sandboxed programs to run in a virtual machine-like environment within the kernel. Co-RE (Compile Once, Run Everywhere) is a feature that enables eBPF programs to run on various kernel versions without recompilation, simplifying deployment and maintenance. However, Co-RE is not designed for userspace applications, which require a different approach to achieve compatibility across different application versions. To implement Co-RE for userspace applications, the BPF Type Format (BTF) is used to provide type information and compatibility support. This approach is particularly beneficial for tracing applications like OpenSSL, where maintaining separate eBPF programs for each version is impractical. The BTF from userspace applications can solve the problem of compatibility by providing rich type information about data structures and functions. By using BTF, eBPF programs can be compiled with Co-RE support, allowing them to run on different kernel versions without recompilation. The Co-RE solution abstracts away specific kernel dependencies, enabling eBPF programs to be more portable. This approach has several advantages, including write once, run anywhere, safety, and stability, and ease of development. By leveraging Co-RE for userspace applications, eBPF uprobe tracing programs can be made compatible with different application versions without modifications.