zhenwei pi [Tue, 17 Aug 2021 12:46:54 +0000 (20:46 +0800)]
libbpf-tools: runqslow: add '-P' optional
Sync change
508d9694ba7ea503cce821175ffca5a7740b832b.
During a task hits schedule delay, in the high probability, the
previous task takes a long time to run. It's possible to dump the
previous task comm and TID by '-P' or '--previous' option.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Dave Marchevsky [Thu, 19 Aug 2021 00:06:00 +0000 (17:06 -0700)]
bcc/python: Add x86 and sw test to test_attach_perf_event.py
Since the current test can't run on github actions since there's no HW
perf counter access, add a test using software page faults perf
event, which might work.
Also, rename the current HW test in there to highlight that it'll work
for PowerPC, and add a similar test for x86.
Dave Marchevsky [Sat, 14 Aug 2021 04:02:12 +0000 (21:02 -0700)]
bcc/python: Add test_attach_perf_event.py to CMake tests
Add to CMakeLists.txt of tests so that the test is run as part of github
actions test suite. Shorten the sleep duration so test finishes faster -
since it's just testing attach currently the extra time isn't producing
more signal.
Also add python equivalent of `perf_event_sample_format` enum so
`sample_type` can be more clearly set.
v2: The test doesn't work on ubuntu 16.04 due to old kernel headers. It
doesn't work on the rest of the github actions VMs due to hardware perf
events not being supported, so add necessary check / skip.
Dave Marchevsky [Sat, 14 Aug 2021 08:29:31 +0000 (01:29 -0700)]
bcc/python tests: pull kernel_version_ge into utils
This helper is replicated in a few different places, let's pull it out.
Dave Marchevsky [Sat, 14 Aug 2021 03:17:27 +0000 (20:17 -0700)]
bcc/python: extend perf_event_attr ctype
This commit brings the Perf.perf_event_attr ctype in line with version 6
of struct perf_event_attr (see uapi/linux/perf_event.h kernel header).
Specifically:
* All named fields are added, including field names within anonymous
unions and bitfields
* Perf.perf_event_attr now complains when a field which isn't part of
the ctype struct is set.
* Goal here is to prevent users from setting a
recently-added field - which we haven't updated the ctype _fields_ to
include - and getting confused when it doesn't propagate to the
perf_event_open syscall. This bit me in #3571 and I am pretty
familiar with bcc internals so I'd like to prevent this from
confusing others down the line.
* Perf.perf_event_attr's 'flags' field is removed as it was a standin
for the bitfields. The _old_ profile.py was the only script in bcc
tools that I could find using this.
The last bullet is a breaking change. Although `tools/old/profile.py`
has been migrated to use the bitfield it was flipping using `flags`,
there could be some scripts out in the wild which break. I don't think
this is likely: this stuff hasn't been significantly touched since 2016
and I suspect if users of the python interface were writing lots of
perf_event programs we would've seen more python tools or activity here.
Regardless, there is probably a way to keep `flags` field working while
also exposing named bitfields, but I suspect it'll be ugly and wanted to
see if anyone thought it was necessary.
Dave Marchevsky [Fri, 13 Aug 2021 22:44:33 +0000 (18:44 -0400)]
Merge pull request #3571 from athira-rajeev/attach_perf_event_raw
bcc/python: Add support for API 'bpf_attach_perf_event_raw' in BPF py…
zhenwei pi [Thu, 12 Aug 2021 10:04:17 +0000 (18:04 +0800)]
tools/runqslower: add '-P' optional
During a task hits schedule delay, in the high probability, the
previous task takes a long time to run. It's possible to dump the
previous task comm and TID by '-P' or '--previous' option.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Athira Rajeev [Mon, 26 Jul 2021 16:56:06 +0000 (12:56 -0400)]
bcc/python: Add support for API 'bpf_attach_perf_event_raw' in BPF python interface
Add python interface for attach_perf_event_raw to bcc.
The bpf_attach_perf_event_raw API provide flexibility to use
advanced features of perf events with BPF. Presently, this
API is available to use in BPF programs via C and C++ interface.
Patch enables support to use in python interface.
Patch also adds testcase under 'tests/python' which uses
the newly added python interface 'attach_perf_event_raw'.
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
chendotjs [Fri, 13 Aug 2021 06:11:29 +0000 (14:11 +0800)]
Add support for driver/native mode (#3574)
Add support for driver/native mode in example xdp_drop_count.py.
Hariharan Ananthakrishnan [Thu, 12 Aug 2021 12:55:21 +0000 (05:55 -0700)]
Added IPv4/IPv6 filter support for tcp trace tools (#3565)
* Added IPv4/IPv6 filter support for tcp trace tools
* Fixed a typo
* Added usage for TCP syn backlog
* Fixed a typo
* Fixed a typo
* Added man support for IPv4/IPv6 family filters
Hengqi Chen [Sun, 8 Aug 2021 03:15:56 +0000 (11:15 +0800)]
libbpf-tools: add exitsnoop (#3564)
add exitsnoop libbpf tool.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Dave Marchevsky [Fri, 6 Aug 2021 19:24:32 +0000 (15:24 -0400)]
Merge pull request #3566 from davemarchevsky/davemarchevsky_remapped_refactor
ClangLoader: Pull out common remapped file operations
Dave Marchevsky [Fri, 6 Aug 2021 05:12:17 +0000 (22:12 -0700)]
ClangLoader: Pull out common remapped file operations
I'm making some larger modifications to the loader. While reading
through the `do_compile` code I noticed that the common "remapped file"
operations - telling various CompilerInvocations about 'virtual'
includes and the virtual main c file - could be factored out to enhance
clarity.
This patch doesn't change functionality at all, nor does it try to make
any opinionated refactoring changes.
Rosen [Tue, 3 Aug 2021 18:26:23 +0000 (02:26 +0800)]
tcpstates: incorrect display of dport (#3560)
fix incorrect display of dport for kprobe attachment in tcpstates
Jerome Marchand [Fri, 30 Jul 2021 16:15:05 +0000 (18:15 +0200)]
libbpf-tools: readahead: don't mark struct hist as static
Libbpf readahead tool does not compile with bpftool v5.14. Since
commit
31332ccb756 ("bpftool: Stop emitting static variables in BPF
skeleton"), bpftool gen skeleton does not include static variables
into the skeleton file anymore.
Fixes the following compilation error:
readahead.c: In function 'main':
readahead.c:153:26: error: 'struct readahead_bpf__bss' has no member named 'hist'
153 | histp = &obj->bss->hist;
| ^~
Hengqi Chen [Sun, 30 May 2021 08:36:37 +0000 (16:36 +0800)]
libbpf-tools: add mountsnoop
This commit adds a new libbpf tool mountsnoop.
It has the same functionalities just as its
counterpart in BCC tools. The default output
is the same.
```
$ mountsnoop
COMM PID TID MNT_NS CALL
dockerd 1827 1903
4026531840 mount("overlay", "/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", "overlay", 0x0, "index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/diff,workdir=/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/work") = 0
dockerd 1827 1903
4026531840 umount("/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", MS_NOSUID) = 0
```
Also, we provide a detailed mode enabled by -d
option which displays each mount/umount syscall
vertically with more field. In this way, the
output looks more friendly.
```
$ mountsnoop -d -t
PID: 1827
TID: 1864
COMM: dockerd
OP: MOUNT
RET: 0
LAT: 246us
MNT_NS:
4026531840
FS: overlay
SOURCE: overlay
TARGET: /data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA: index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/diff,workdir=/data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/work
FLAGS: 0x0
PID: 1827
TID: 1864
COMM: dockerd
OP: UMOUNT
RET: 0
LAT: 95us
MNT_NS:
4026531840
FS:
SOURCE:
TARGET: /data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA:
FLAGS: MS_NOSUID
```
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 28 Jul 2021 15:49:11 +0000 (23:49 +0800)]
bcc/tools: use device number and inode number to identify a file
Currently, the filetop tool use (tid, filename, type) tuple to
key a file, which is not enough to uniquely identify a file.
A thread write to multi files with the same name would add up to
same value in the map which can be repro by the following command:
$ cat somefile | tee /foo/bar/xxx /fuz/baz/xxx
Let us add device number and inode number to uniquely identify
a file.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Thu, 15 Jul 2021 16:04:28 +0000 (00:04 +0800)]
libbpf-tools: add filetop
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Wen Yang [Wed, 21 Apr 2021 08:21:56 +0000 (16:21 +0800)]
Tools: add the PPID/PCOMM fields in mountsnoop
It is found that in the production environment, the system() function
or shell command is often used to start the mount process temporarily,
so the PPID/PCOMM field needs to be added to find the corresponding program.
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Markus Dreseler [Tue, 20 Jul 2021 11:49:58 +0000 (13:49 +0200)]
profile.py: Remove unused kernel_ret_ip
With
7157e6ec, `DO_KERNEL_RIP` was removed. That was the only user of the `kernel_ret_ip` field. I believe we can now remove that field.
sum12 [Tue, 20 Jul 2021 14:47:48 +0000 (16:47 +0200)]
bcc/tools: update mountsnoop's based on comment in containers.py
this patch just replicates the fix done in
ef330a393be4b472627b1bfa7fbe50934e519e25
Tsai-Wei Wu [Tue, 20 Jul 2021 07:00:11 +0000 (15:00 +0800)]
tools/criticalstat: Add new kconfig option to warning message
In kernel 4.19 and later, the CONFIG_PREEMPTIRQ_EVENTS option is unused.
Instead, it requires a kernel built with CONFIG_PREEMPTIRQ_TRACEPOINTS.
Yonghong Song [Sun, 18 Jul 2021 23:25:43 +0000 (16:25 -0700)]
update debian changelog for release v0.21.0
* Support for kernel up to 5.13
* support for debug information from libdebuginfod
* finished support for map elements items_*_batch() APIs
* add atomic_increment() API
* support attach_func() and detach_func() in python
* fix displaying PID instead of TID for many tools
* new tools: kvmexit.py
* new libbpf-tools: gethostlatency, statsnoop, fsdist and solisten
* fix tools ttysnoop/readahead for newer kernels
* doc update and bug fixes
Signed-off-by: Yonghong Song <yhs@fb.com>
yonghong-song [Sun, 18 Jul 2021 22:05:34 +0000 (15:05 -0700)]
sync with latest libbpf repo (#3529)
sync with latest libbpf repo which is upto commit
21f90f61b084 sync: latest libbpf changes from kernel
Signed-off-by: Yonghong Song <yhs@fb.com>
Mauricio Vásquez [Fri, 16 Jul 2021 21:55:36 +0000 (16:55 -0500)]
tools: Fix filtering by mount namespace
The filtering by mount namespace implementation relies on the
redefinition of the "struct mnt_namespace" internal kernel structure.
The layout of this structure changed in Linux 5.11 (https://github.com/torvalds/linux/commit/
1a7b8969e664d6af328f00fe6eb7aabd61a71d13),
this commit adds a conditional on the kernel version to adapt to this
change.
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Hengqi Chen [Thu, 15 Jul 2021 16:18:55 +0000 (00:18 +0800)]
bcc/tools: remove unused signal handlers
Several top tools defined signal handler, but not used.
They work well without signal handler, so just remove it.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sat, 10 Jul 2021 10:25:47 +0000 (18:25 +0800)]
libbpf-tools: gethostlatency allow specify libc path
This commit adds a new option to gethostlatency which
allows user to specify which libc to use for tracing.
This is useful when application is not linked against
default libc.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sun, 27 Jun 2021 15:44:14 +0000 (23:44 +0800)]
libbpf-tools: gethostlatency code cleanup
This commit updates the code to conform the kernel
code style guide.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Oleg Guba [Wed, 14 Jul 2021 04:25:09 +0000 (21:25 -0700)]
[py3:tools/deadlock.py] fix usage of str.replace() method to make it py3 compartible
Dave Marchevsky [Mon, 12 Jul 2021 06:44:04 +0000 (02:44 -0400)]
Merge pull request #3498 from davemarchevsky/davemarchevsky_exe_syms
ProcSyms should treat the executable like any other mapped file when symbolizing
Hengqi Chen [Thu, 1 Jul 2021 13:16:15 +0000 (21:16 +0800)]
libbpf-tools: fix uprobe helper get_elf_func_offset
get_elf_func_offset didn't work properly when use with
statically linked binary. It seems like not subtract the
base load address cause the problem. This commits fixes
that like BCC does. see [0] and [1].
[0]: https://github.com/iovisor/bcc/blob/v0.20.0/src/cc/bcc_syms.cc#L751-L764
[1]: https://github.com/iovisor/bcc/blob/v0.20.0/src/cc/bcc_elf.c#L723-L756
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Fei Li [Mon, 31 Aug 2020 13:35:33 +0000 (21:35 +0800)]
kvmexit.py: introduce a tool to show kvm exit reasons and counts
Considering virtual machines' frequent exits can cause performance
problems, introduce a tool to show kvm exit reasons and counts, so
that the most frequent exited reasons could be located, reduced, or
even avoided.
For better performance, this tool employs a percpu array and percpu
hash in bpf to store exit reason and its counts. Besides, the bcc
python provides aggregation and various custom output. For more
background, realization and examples, please see kvmexit_example.txt
and man/man8/kvmexit.8 for more reference.
Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
Fei Li [Sun, 20 Jun 2021 14:18:32 +0000 (22:18 +0800)]
Check if raw tracepoint in module is supported
Actually there are two stages to fully support raw tracepoint: the
first stage is only for in-kernel functions, and the second stage is
for kernel modules. For the latter stage, the corresponding kernel
commit is
a38d1107, and it is merged since v5.0.
Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
Alban Crequy [Sun, 4 Jul 2021 14:17:15 +0000 (16:17 +0200)]
Fix publish github action on docker registry
masibw [Fri, 2 Jul 2021 11:44:41 +0000 (20:44 +0900)]
Add open parentheses
Hang Yan [Fri, 2 Jul 2021 12:46:59 +0000 (20:46 +0800)]
Update cachestat_example.txt
typo fix
Gad Akuka [Tue, 6 Jul 2021 03:53:07 +0000 (06:53 +0300)]
Update INSTALL.md - Fix broken links (#3524)
Fix broken links for Amazon installation.
Hengqi Chen [Mon, 31 May 2021 12:31:59 +0000 (20:31 +0800)]
libbpf-tools: add solisten
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
zcy [Thu, 1 Jul 2021 16:12:32 +0000 (00:12 +0800)]
tools: replace add with xadd (#3518)
resolve #3481
replace add with xadd for more tools.
Daniel Xu [Wed, 30 Jun 2021 22:43:06 +0000 (15:43 -0700)]
cmake: Make libbcc_bpf.so the BCC runtime
This commit adds more functionality into libbcc_bpf.so such that
libbcc_bpf.so contains all of BCC's runtime components. "Runtime" in
this context means everything except the stuff that depends on
clang/LLVM.
libbcc_bpf.so was originally created in
fa073456 ("make libbpf
standalone-ready") with (I'm guessing) the intent of creating
bcc-libbpf. That has been superceded by libbpf (separate repo) so I
don't think it should be used much anymore.
This updated libbcc_bpf.so will be used by ahead-of-time compiled
bpftrace scripts[0] to drop the dependency on LLVM/clang for the runtime
component.
[0]: https://dxuuu.xyz/aot-bpftrace.html
Daniel Xu [Wed, 30 Jun 2021 22:42:12 +0000 (15:42 -0700)]
cmake: Move bpf-static and bpf-shared targets lower in file
Move the definitions lower in the file so we can reuse some variables in
the next commit.
Hengqi Chen [Thu, 1 Jul 2021 15:43:31 +0000 (23:43 +0800)]
libbpf-tools: display pid instead of tid (#3499)
execsnoop displays tid in its output with header PID,
which is wrong and differs from the original BCC tool.
This commit fixes that with some code cleanup.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
zhaoyao73 [Wed, 30 Jun 2021 17:15:26 +0000 (13:15 -0400)]
add uprobe support in funcinterval (#3512)
add uprobe support in funcinterval
Signed-off-by: Yao Zhao <yao.zhao1@huawei.com>
zcy [Fri, 25 Jun 2021 02:16:53 +0000 (10:16 +0800)]
tools/readahead compatible with kernel version >= 5.10 (#3507)
After kernel version 5.10, __do_page_cache_readahead() was renamed to do_page_cache_ra(),
let us try both in readahead.py.
zhenwei pi [Wed, 23 Jun 2021 08:24:11 +0000 (16:24 +0800)]
tcprtt: fix compatibility for python3
Suggested by Yonghong, tcprtt report error on python3:
TypeError: can't concat str to bytes
Both python2 and python3, inet_ntop returns a string type, there is
no need to encode any more.
Test for python2 and python3, both work fine.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
zhenwei pi [Mon, 21 Jun 2021 07:06:58 +0000 (15:06 +0800)]
tcprtt: support extension summary(average RTT)
Support -e/--extension to show extension summary info, currently
only average RTT is supported.
Also some minor changes to make histogram report easy to read.
Orinally tcprtt does't show lable/header without -b/-B option,
currently it shows like this:
All Addresses = *******
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
chenyuezhou [Tue, 22 Jun 2021 20:57:09 +0000 (16:57 -0400)]
bcc-test: fix test error
masi19bw [Tue, 22 Jun 2021 09:07:49 +0000 (09:07 +0000)]
Add docs about BPF_HASH_OF_MAPS
chenyuezhou [Mon, 21 Jun 2021 14:07:30 +0000 (10:07 -0400)]
tools: funclatency use atomic_increment
masibw [Tue, 22 Jun 2021 06:18:23 +0000 (15:18 +0900)]
Allow the use of custom keys in BPF_HASH_OF_MAPS (#3500)
- Allow the use of custom keys in BPF_HASH_OF_MAPS
- Add both python and C++ tests
Dave Marchevsky [Sat, 19 Jun 2021 05:52:46 +0000 (22:52 -0700)]
libbpf-tools: Don't redefine _GNU_SOURCE to avoid redefinition warning
Similar to past commits like
667988ce9e2a051ff608b727f6c89a5baa01fa67,
my toolchain complains that `_GNU_SOURCE` is redefined. Let's only
define it when it passes `ifndef`
Dave Marchevsky [Sat, 19 Jun 2021 02:34:55 +0000 (19:34 -0700)]
ProcSyms should treat the executable like any other mapped file when
symbolizing
As reported in #3487, when `/proc/PID/exe`'s symlink points to a
mountns-relative path from a different mountns than the tracing process,
we can fail to open it as we don't prepend `/proc/PID/root` .
A few potential solutions were discussed in that issue, we settled on
treating the main exe like any other map in `/proc/PID/maps`. Since it's
always the first map we can reuse existing code and get rid of
exe-specific helpers.
chenyuezhou [Fri, 18 Jun 2021 20:31:52 +0000 (16:31 -0400)]
libbcc: add atomic_increment()
Hengqi Chen [Wed, 16 Jun 2021 16:01:21 +0000 (00:01 +0800)]
bcc/python: fix attach kprobe/kretprobe using regex
Attach kprobe/kretprobe using regular expression should fail
explicitly if no functions are traceable. Currently we catch
all exceptions and if no functions are available, program
continue with no BPF programs attached. In this commit, change
this behavior to explicitly report error to user.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 16 Jun 2021 15:29:36 +0000 (23:29 +0800)]
bcc/python: remove unused imports, remove redundant semicolon
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Dave Marchevsky [Wed, 16 Jun 2021 00:53:03 +0000 (17:53 -0700)]
pull out enums from main BPF class to avoid namespace collisions
In #3479, the `bpf_attach_type` enum was pulled into the `BPF` class so
that its members could be used in `attach_func` and `detach_func`
functions introduced to the Python API.
Unfortunately this caused a redefinition of BPF.XDP, which was similarly
pulled in from `bpf_prog_type` enum, thus breaking program loading
(#3489).
Let's pull these enum- and flag-type class variables out into their own
wrapper classes. For backwards compatibility, keep them all (except for
`bpf_attach_type`, which was merged 2 days ago) defined in the BPF
class, but add a comment to not continue doing this.
Spencer Nelson [Fri, 11 Jun 2021 19:07:02 +0000 (12:07 -0700)]
Decode bytes when formatting them as strings
USDTProbe objects (and USDTProbeArguments and USDTProbeLocations) are
instantiated with data that's sourced from libccc calls. That means
that their attributes are bytes-typed, not string-typed.
When a bytes-typed value is rendered into a string with Python's '%s'
formatting directive, it gets a wrapped in single quotes and prefixed
with b. For example, b'probe-location'. This is visually noisy, but
also breaks some tool behavior which uses string-formatted values for
stuff like filters.
This is only an issue in Python 3. In Python 2, the bytes type is just
an alias for the string type, and so byte sequences from libcc were
implicitly decoded as ASCII text.
Dave Marchevsky [Tue, 15 Jun 2021 17:47:45 +0000 (13:47 -0400)]
Merge pull request #3466 from chenhengqi/add-bindsnoop
libbpf-tools: add bindsnoop
Khem Raj [Mon, 14 Jun 2021 19:49:43 +0000 (12:49 -0700)]
Remove APInt/APSInt toString() std::string variants
clang 13+ has removed this in favour of a pair of llvm::toString
() helpers inside StringExtras.h to improve compile speed by avoiding
hits on <string> header
Signed-off-by: Khem Raj <raj.khem@gmail.com>
zcy [Mon, 14 Jun 2021 05:59:22 +0000 (13:59 +0800)]
bcc-python: support attach_func() and detach_func() (#3479)
- support attach_func() and detach_func().
- add an sockmap issue to demonstrate using these two functions.
Hengqi Chen [Fri, 11 Jun 2021 13:39:08 +0000 (21:39 +0800)]
libbpf-tools: remove ext4dist
In #3441, we introduce a new libbpf tools named fsdist, which is
built on the idea by @anakryiko and previous work by @ethercflow.
fsdist extends ext4dist to support multiple file systems in a flexable
way. Now we can replace ext4dist and treat it as an alias to fsdist.
This commit removes ext4dist and replaces it with a symlink to fsdist.
References:
#3430, #3436
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 12 May 2021 00:43:15 +0000 (08:43 +0800)]
libbpf-tools: add bindsnoop
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 9 Jun 2021 05:42:54 +0000 (13:42 +0800)]
libbpf-tools: optimize fentry_exists helper
The previous implementation checks fentry support either in vmlinux
or module BTF. So we need two calls to fentry_exists to verify that
whether a symbol exists. This commit updates this behavior to use
the module name provided as a hint, and fallback to vmlinux if module
BTF is not available.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sat, 5 Jun 2021 02:44:46 +0000 (10:44 +0800)]
libbpf-tools: migrate xfsslower to fsslower
This commit migrates xfsslower to a generic fsslower which supports
tracing multiple file systems. It works the same way as the original
tool except that the users are supposed to specify which file systems
to trace using -t option.
sudo ./fsslower -t ext4 -m 1
Tracing ext4 operations slower than 1 ms... Hit Ctrl-C to end.
TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME
10:36:07 code 6896 F LL_MAX 0 2.40 state.vscdb-journal
10:36:07 code 6896 F LL_MAX 0 1.74 state.vscdb-journal
10:36:07 code 6896 F LL_MAX 0 1.78 state.vscdb
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenyuezhou [Tue, 8 Jun 2021 16:09:31 +0000 (12:09 -0400)]
libbcc: add msg_redirect_hash() and sk_redirect_hash() for sockhash
zcy [Mon, 7 Jun 2021 16:14:14 +0000 (00:14 +0800)]
libbcc: support BPF_SOCKHASH specify the key type (#3473)
support BPF SOCKHASH specify the key type and update documentation
for BPF_SOCKHASH and map.sock_hash_update().
masibw [Sun, 6 Jun 2021 16:12:32 +0000 (01:12 +0900)]
Add attach_xdp to reference_guide.md (#3450)
- Add attach_xdp to reference_guide.md
- Add description about flags
Emilien Gobillot [Sun, 6 Jun 2021 05:44:26 +0000 (07:44 +0200)]
finish to add support of subset in items_*_batch() (#3440)
finish to add support of subset in items_*_batch()
- rewrite items_lookup_batch() and items_lookup_and_delete_batch() to make it more robust.
- add docstring on items_*_batch()
- update the reference_guide.md
edwardwu [Thu, 3 Jun 2021 04:15:27 +0000 (12:15 +0800)]
Add an option to strip leading zeros from linear histograms
Sometimes histogram gives us too much zero info that we don't really care.
For example:
usec : count distribution
0 : 0 | |
1 : 0 | |
2 : 0 | |
3 : 0 | |
4 : 0 | |
5 : 0 | |
6 : 0 | |
7 : 0 | |
8 : 0 | |
9 : 0 | |
10 : 0 | |
11 : 0 | |
12 : 0 | |
13 : 0 | |
14 : 0 | |
15 : 0 | |
16 : 0 | |
17 : 0 | |
18 : 0 | |
19 : 0 | |
20 : 0 | |
21 : 0 | |
22 : 0 | |
23 : 0 | |
24 : 0 | |
25 : 0 | |
26 : 0 | |
27 : 0 | |
28 : 0 | |
29 : 0 | |
30 : 0 | |
31 : 0 | |
32 : 0 | |
33 : 0 | |
34 : 0 | |
35 : 0 | |
36 : 0 | |
37 : 0 | |
38 : 0 | |
39 : 0 | |
40 : 0 | |
41 : 7 |****************************************|
42 : 2 |*********** |
Such much info is hard to analyze by FIRST glance, especially console view
After supporting strip leading zeros
print_linear_hist("usec", "name", name_print, strip_leading_zero=True)
usec : count distribution
41 : 7 |****************************************|
42 : 2 |************* |
This is what we really care, and it's clear.
Signed-off-by: Edward Wu <edwardwu@realtek.com>
Jerome Marchand [Wed, 2 Jun 2021 12:23:20 +0000 (14:23 +0200)]
libbpf-tool: don't ignore LDFLAGS
Packagers need to be able set linker options according to their
distribution guidelines.
chenyuezhou [Wed, 2 Jun 2021 21:50:45 +0000 (17:50 -0400)]
docs: update description of bcc python BPF()
Hengqi Chen [Wed, 19 May 2021 16:00:32 +0000 (00:00 +0800)]
libbpf-tools: add fsdist
fsdist is a multitool which show filesystem latency.
Currently we support btrfs/ext4/nfs/xfs filesystems.
It behaves the same as its counterpart in BCC tools
named btrfsdist.py/ext4dist.py/nfsdist.py/xfsdist.py
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenyuezhou [Fri, 28 May 2021 04:27:11 +0000 (00:27 -0400)]
docs: add description of attach_raw_socket
Nick-nizhen [Thu, 27 May 2021 05:21:59 +0000 (13:21 +0800)]
Update cpudist.py
When calculating the ONCPU time, prev has left the CPU already. It is not necessary to judge whether the process state is TASK_RUNNING or not.
zcy [Thu, 27 May 2021 16:50:23 +0000 (00:50 +0800)]
tools/deadlock: support specifies maxnum of threads and edge cases (#3455)
support to specify maxinum of threads and edge cases. The default values make map taking more than 0.5G memory which cause out-of-memory issue on some systems.
also fix an issue with python `open` so the open file is automatically closed upon file reading is done.
Hengqi Chen [Sat, 22 May 2021 08:07:36 +0000 (16:07 +0800)]
hardirqs: Migrate to kernel tracepoint
The hardirqs tool is not working properly in recent kernels.
This commit migrates hardirqs to use kernel tracepoints
instead of kprobes, just as we already made to softirqs.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Yonghong Song [Wed, 26 May 2021 02:58:00 +0000 (19:58 -0700)]
Fix a llvm compilation error
Current llvm trunk (https://github.com/llvm/llvm-project)
will cause the following compilation errors:
/home/yhs/work/bcc/src/cc/bcc_debug.cc: In member function ‘void ebpf::SourceDebugger::dump()’:
/home/yhs/work/bcc/src/cc/bcc_debug.cc:135:75: error: no matching function for call to
‘llvm::MCContext::MCContext(llvm::Triple&, std::unique_ptr<llvm::MCAsmInfo>::pointer,
std::unique_ptr<llvm::MCRegisterInfo>::pointer, llvm::MCObjectFileInfo*,
std::unique_ptr<llvm::MCSubtargetInfo>::pointer, std::nullptr_t)’
MCContext Ctx(TheTriple, MAI.get(), MRI.get(), &MOFI, STI.get(), nullptr);
^
......
This is because upstream patch https://reviews.llvm.org/D101921
refactored MCObjectFileInfo initialization and changed MCContext
constructor signature.
This patch fixed the issue by following the new code patterns
in https://reviews.llvm.org/D101921.
Jiri Olsa [Fri, 9 Apr 2021 17:24:12 +0000 (19:24 +0200)]
tools/ttysnoop: Add --datasize/--datacount
Adding the possibility to define transmitting data size
(--datasize option) and number of times we ask for this
amount (--datacount option).
This helps to configure ttysnoop behaviour for the expected
data in the terminal session. For example ncurses applications
like mc or huge sized terminals need bigger buffer to snoop
everything from the buffer.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Jiri Olsa [Fri, 9 Apr 2021 15:14:21 +0000 (17:14 +0200)]
tools/ttysnoop: Use array map to store data
So we can use bigger sizes for the data.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Jiri Olsa [Sun, 9 May 2021 15:36:36 +0000 (17:36 +0200)]
tools/ttysnoop: Fix tty_write probe to use new arguments
Kernel commit [1] changed arguments of tty_write function,
changing the probe function to new prototypes.
Also switching to trampolines.
[1]
9bb48c82aced tty: implement write_iter
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
chenyuezhou [Mon, 24 May 2021 21:33:27 +0000 (17:33 -0400)]
adjust: bpf_attach_xdp report nicer error
Hengqi Chen [Fri, 21 May 2021 01:17:14 +0000 (09:17 +0800)]
libbpf-tools: fix misuse of bpf_get_current_pid_tgid
bpf_get_current_pid_tgid() returns process ID in the upper 32bits,
and thread ID in lower 32 bits (both from userspace's perspective).
biosnoop and gethostlatency misuse this function.
biosnoop takes the thread ID as process ID which is not expected.
gethostlatency uses the process ID as a unique key for BPF map,
which may result in event loss or data corruption.
This commit fixes these problems.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
zcy [Mon, 24 May 2021 03:31:48 +0000 (11:31 +0800)]
feature: add `XDP_FLAGS*` in python lib (#3447)
add XDP_FLAG macros in python lib so macro names instead of numeric numbers can be used by tools.
Hengqi Chen [Thu, 20 May 2021 14:49:25 +0000 (22:49 +0800)]
tools: filter/display using PID instead of TID
As mentioned in #3407, several BCC tools misuse bpf_get_current_pid_tgid(),
bpf_get_current_pid_tgid() returns process ID in the upper 32bits, and
thread ID in lower 32 bits (both from userspace's perspective).
In this commit, we return process ID to userspace for display, and use
thread ID as BPF map key so that we can avoid event loss or data corruption.
The following tools are fixed in the commit:
* bashreadline
* cachetop
* dcsnoop
* killsnoop
* llcstat
* mdflush
* mysqld_qslower
* wakeuptime
See also #3411, #3427, #3433 .
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
marselester [Fri, 21 May 2021 00:36:49 +0000 (20:36 -0400)]
Update tcpconnect to use "__u32 af" instead of "int af"
It helps to decode an address family in Go frontend
generated by bpf2go tool, here is an example
https://github.com/marselester/libbpf-tools/blob/master/cmd/tcpconnect/main.go
Hengqi Chen [Sat, 15 May 2021 15:15:03 +0000 (23:15 +0800)]
libbpf-tools: parse -h option
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Mon, 10 May 2021 14:28:33 +0000 (22:28 +0800)]
libbpf-tools: add statsnoop
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenyuezhou [Mon, 17 May 2021 09:07:20 +0000 (05:07 -0400)]
libbpf-tools: add check BPF_F_MMAPABLE is supported
Hengqi Chen [Sun, 16 May 2021 09:18:27 +0000 (17:18 +0800)]
tools: filter/display using PID intead of TID
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Thu, 13 May 2021 13:46:16 +0000 (21:46 +0800)]
tools: filter using PID intead of TID
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Vitaly Chikunov [Thu, 13 May 2021 08:46:42 +0000 (11:46 +0300)]
libbpf-tools: Fix build dependence for parallel builds
Add LIBBPF_OBJ dependence to `%.o'.
When libbpf-tools built in parallel (with `make -j`) sometimes
`map_helpers.o' is built before `libbpf.a' causing build error:
$ make -j8 -C libbpf-tools BPFTOOL=/usr/sbin/bpftool
...
make: Entering directory '/usr/src/RPM/BUILD/bcc-0.19.0/libbpf-tools'
CC map_helpers.o
In file included from map_helpers.c:7:
./map_helpers.h:6:10: fatal error: 'bpf/bpf.h' file not found
^~~~~~~~~~~
1 error generated.
...
make: Leaving directory '/usr/src/RPM/BUILD/bcc-0.19.0/libbpf-tools'
INSTALL bpf.h libbpf.h btf.h xsk.h libbpf_util.h bpf_helpers.h bpf_helper_defs.h bpf_tracing.h bpf_endian.h bpf_core_read.h libbpf_common.h
...
INSTALL libbpf.a
error: Bad exit status from /usr/src/tmp/rpm-tmp.63536 (%build)
Fixes: #3412
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Dominique Martinet [Mon, 5 Apr 2021 23:14:06 +0000 (08:14 +0900)]
libbpf-tools/opensnoop: disable open on aarch64
aarch64 has no open syscall, do not attempt to trace it.
Fixes #3344.
Russ Kubik [Wed, 12 May 2021 19:10:48 +0000 (13:10 -0600)]
Update bcc_exception.h
Hengqi Chen [Sat, 8 May 2021 01:15:25 +0000 (09:15 +0800)]
tools: display PID intead of TID in statsnoop.py
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenhengqi [Tue, 11 May 2021 05:22:10 +0000 (13:22 +0800)]
tools: fix typo in help message
Signed-off-by: chenhengqi <chenhengqi@outlook.com>
AnyISalIn [Sat, 8 May 2021 05:02:44 +0000 (13:02 +0800)]
Fix rpmbuild error
Signed-off-by: AnyISalIn <anyisalin@gmail.com>
Andreas Ziegler [Thu, 6 May 2021 07:02:28 +0000 (09:02 +0200)]
SPECS/bcc.spec: add dependencies to libdebuginfod
On Fedora builds we can check the version number and add
build and runtime dependencies to debuginfod for all
currently supported releases (>= 32). Note that the buildbot
only has Fedora 25-28 so it will not try to build libbcc
with debuginfod support as the required packages are not
available on these releases.
For .deb packages there is no easy way to add dependencies
dynamically, so we do not add dependencies to libdebuginfod
there for now. For documentation purposes, however, let's
add a comment indicating which changes are required for
libdebuginfod support for downstream maintainers.
Signed-off-by: Andreas Ziegler <andreas.ziegler@fau.de>
Andreas Ziegler [Thu, 29 Apr 2021 10:18:40 +0000 (12:18 +0200)]
bcc_elf: add support for debug information from libdebuginfod
This change adds debuginfod as a new source for debug
information. By using libdebuginfod we can query a server
for a file containing debug information for a given ELF
binary. The environment variable DEBUGINFOD_URLS has to
be defined to an URL for a debuginfod server providing
debug information files for your distribution or the
federating server provided by the elfutils project:
For example, to use the Fedora server, you would need:
$ export DEBUGINFOD_URLS="https://debuginfod.fedoraproject.org/"
Or for the elfutils server which federates to servers for
openSUSE, Void Linux, Debian and Fedora, among others:
$ export DEBUGINFOD_URLS="https://debuginfod.elfutils.org/"
Calls to the debuginfod_find_debuginfo function from
libdebuginfod will fail if the environment variable is not
set, otherwise the library will attempt to download debug
information for a build ID extracted from the binary in
question and store it in a local cache directory.
Fixes iovisor/bpftrace#1774
Signed-off-by: Andreas Ziegler <andreas.ziegler@fau.de>
Hengqi Chen [Sat, 3 Apr 2021 07:35:16 +0000 (15:35 +0800)]
libbpf-tools: add gethostlatency
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Luigi Baldoni [Thu, 6 May 2021 07:37:32 +0000 (09:37 +0200)]
Use arch-specific libdir with pkgconfig