feat: Add eBPF prctl monitor to detect late OTEL_CTX publication

[nsavoire]

Summary

Adds an eBPF tracepoint on sys_enter_prctl that detects when a tracked process names an anonymous VMA OTEL_CTX via prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, "OTEL_CTX"), and triggers a PID resynchronization so the newly-published process context mapping is observed without waiting for the next SynchronizeProcess.

Without this hook, a process that publishes its OTEL_CTX mapping after the profiler has already synchronized might never have its resource attributes attached to profiles since SynchronizeProcess only re-runs when the unwinder hits an unknown executable mapping, and OTEL_CTX is neither executable nor reachable from a stack.

Implementation notes

• The tracepoint matches on op == PR_SET_VMA and arg2 == PR_SET_VMA_ANON_NAME and checks that passed string is "OTEL_CTX".
• Only PIDs already tracked by the profiler (reported_pids or pid_information_exists) are reported.
• A new metric bpf.num_prctl_set_vma_otel_ctx counts how often the resync hook fires.
• Naming an anonymous VMA via PR_SET_VMA_ANON_NAME requires Linux 5.17+ with CONFIG_ANON_VMA_NAME, but the tracepoint fires regardless of whether the kernel honors the call, so the resync path works on older kernels too.
• The tracepoint emits a generic PID event, which causes user-space to call SynchronizeProcess and re-parse /proc/PID/maps to locate the OTEL_CTX mapping. Since the tracepoint already has the mapping's address and length, a future optimization could introduce a dedicated event type that hands those values directly to readProcessContext, skipping the full /proc/PID/maps re-parse.

Note: this PR includes the commits from #1343 as a base, only the last commit (Add prctl monitor) is new to this PR. Reviewers should focus on that commit, the rest will go away once #1343 lands.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bdecf40d60

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Move the resync trigger after prctl completes

When the target thread is preempted after this sys_enter_prctl hook sends the generic PID event, the agent can process the immediate trigger and re-read /proc/<pid>/maps before the kernel has actually applied PR_SET_VMA_ANON_NAME. In that case SynchronizeProcess still won't see [anon:OTEL_CTX], and report_pid has already ratelimited the PID, so the late context publication can be missed until some unrelated resync happens. Hooking syscall exit or otherwise deferring/retrying the resync avoids racing the VMA rename that this feature depends on.

Useful? React with 👍 / 👎.

[christos68k]

LGTM (assuming we fix the race codex identified), I'll approve after #1343 is wrapped up.