Adrian Szyndela [Thu, 17 Feb 2022 08:15:42 +0000 (09:15 +0100)]
add BPF syscall number for x86 arch
Change-Id: Ic47df8ca4ab848dbec8a934c105680f43c34fc29
Adrian Szyndela [Wed, 16 Feb 2022 22:02:34 +0000 (23:02 +0100)]
packaging: bump version to 0.21.0
Change-Id: I40efa640a63c6ff91d56ac5f2e6ce42879ae4a55
Adrian Szyndela [Wed, 16 Feb 2022 16:46:52 +0000 (17:46 +0100)]
Merge branch 'upstream' into tizen
Change-Id: Ia7bec8aef691640dd8f586752307e2d4cb908810
Hubert Kowalski [Tue, 18 Jan 2022 12:41:25 +0000 (13:41 +0100)]
Removed erroneous 'if' statement in get_delay()
That 'if' statement will break average val calculation after 1000 hits.
Change-Id: I77689b6dd1e8fb12925eae47c3cee2cfeacdd05c
Adrian Szyndela [Tue, 19 Oct 2021 14:25:56 +0000 (16:25 +0200)]
dbus-latency: make it work
Apparently, dbus-latency was measuring something, but it was definitely
NOT latency.
This commit fixes numerous bugs and misdesigned parts:
- enums are 32-bit also on 64-bit platforms;
- uprobes for gio were set on g_dbus_message_lock, which is called
not only during sending and receiving messages, but also in other cases;
now, there are two uprobes for glib: one for sending, one for receiving;
- uprobes for libdbus were set on _dbus_connection_message_sent_unlocked()
which is called _after_ sending and dbus_connection_dispatch() which
is not called for replies at all;
- intervals were mislabeled as "ms" instead of "us";
- dbus-daemon sends and receives messages with the same set of functions
as libdbus clients; if measuring starts on sending and ends on receiving
it was only a half of the job when we counted dbus-daemon; it is now excluded
- lots of messages were lost, for examples some signals could be never received;
this clogged up the maps up to 10240 elements, and then measuring stopped;
we only count method calls now;
- message about Ctrl-C was issued too soon, even before compiling; now, it is
in the waiting loop.
This part still needs fixing:
- identifying messages by their serial number. It works quite well with
randomized serial numbers in the libraries;
- sd_bus is not supported.
Change-Id: Ibc42375402c0d832e95c9b10742443839092171e
Hubert Kowalski [Thu, 30 Sep 2021 14:55:24 +0000 (16:55 +0200)]
Changed building behavior so that package version is always present.
When git repo is unavailable,
version from source is taken in order to create name.
Change-Id: Ifb4998eaafc7f2f85f488378a919f0734eb15939
Karol Lewandowski [Wed, 29 Sep 2021 11:09:43 +0000 (13:09 +0200)]
Rename libbpf to libbcc_bpf as does upstream
libbpf is reserved for kernel-provided library.
Change-Id: I1d566b8c54b4d7bd9648885e89275754d1deacde
Adrian Szyndela [Thu, 9 Sep 2021 09:38:44 +0000 (11:38 +0200)]
spec: filter Requires dependency for python(abi)
"AutoReq: no" disables all the Requires dependencies generation,
while they might be usable for building in some contexts.
This commit replaces it with the filter, which targets
only "python(abi) = 2.7" dependency. The issue with this dependency
is that there are two packages that provide it ("python" and
"python3-base"). It should be probably fixed in some other way,
but so far this way seems to be a workaround with the smallest
impact.
Change-Id: I163f22bddb8d1b65b91726e9a08439f1afc099c2
Adrian Szyndela [Wed, 8 Sep 2021 10:12:19 +0000 (12:12 +0200)]
Change "AutoReqProv: no" to "AutoReq: no"
This reverts commit
5529304523010614bcca9377fe50b9909bf3b548.
The "AutoReqProv: no" line disables automatic dependency generation
for both 'requires' and 'provides' rpm sections.
This caused errors for packages that used bcc-tools-devel, because
they required 'libbcc.so.0' but no package was providing it.
The line was probably added due to some kind of OBS issues with
dependencies, but the exact reason is unknown. We are going to
keep "AutoReq: no" so as not to bring these issues back. Maybe
a different approach via filtering dependencies could be tried
if this turns out insufficient.
Change-Id: I823f76b8f2cf0b0408d8dbc332c2ec6202698bae
Hyotaek Shim [Wed, 8 Sep 2021 10:55:55 +0000 (10:55 +0000)]
Merge "Add missing dependency for bcc-tools-devel" into tizen
Hyotaek Shim [Tue, 7 Sep 2021 05:20:49 +0000 (14:20 +0900)]
Add a separate rpm for example codes
Change-Id: Ib81b575d2df274599db077e6d291774ea4fb4c54
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyotaek Shim [Tue, 7 Sep 2021 03:39:59 +0000 (12:39 +0900)]
Add missing dependency for bcc-tools-devel
Change-Id: If4e9f0118a085ec79e23bdd76e4bc6aa32fb7aa2
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Mauricio Vásquez [Fri, 3 Sep 2021 14:11:06 +0000 (09:11 -0500)]
docs: Fix minor issues with helpers' documentation
- fix commit link and version required for bpf_get_netns_cookie()
- fix version required for bpf_get_ns_current_pid_tgid()
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Francis Laniel [Sun, 22 Aug 2021 18:23:23 +0000 (20:23 +0200)]
Permits mountsnoop to filter container using cgroup map or mount namespace.
Signed-off-by: Francis Laniel <laniel_francis@privacyrequired.com>
Wenbo Zhang [Wed, 1 Sep 2021 02:06:10 +0000 (02:06 +0000)]
libbpf-tools: add tcprtt
Signed-off-by: Wenbo Zhang <ethercflow@gmail.com>
Alan Maguire [Mon, 6 Sep 2021 04:09:46 +0000 (05:09 +0100)]
libbpf-tools/ksnoop: kernel argument/return value tracing/display using BTF
BPF Type Format (BTF) provides a description of kernel data structures.
libbpf support was recently added - btf_dump__dump_type_data() -
that uses the BTF id of the associated type to create a string
representation of the data provided. For example, to create a string
representation of a "struct sk_buff", the pointer to the skb
data is provided along with the type id of "struct sk_buff".
Here that functionality is utilized to support tracing kernel
function entry and return using k[ret]probes. The "struct pt_regs"
context can be used to derive arguments and return values, and
when the user supplies a function name we
- look it up in /proc/kallsyms to find its address/module
- look it up in the BTF kernel/module data to get types of arguments
and return value
- store a map representation of the trace information, keyed by
function address
On function entry/return we look up info about the arguments (is
it a pointer? what size of data do we copy?) and call bpf_probe_read()
to copy the data into our trace buffers. These are then sent via
perf event to userspace, and since we know the associated BTF id,
we can dump the typed data using btf_dump__dump_type_data().
ksnoop can be used to show function signatures; for example:
$ ksnoop info ip_send_skb
int ip_send_skb(struct net * net, struct sk_buff * skb);
Then we can trace the function, for example:
$ ksnoop trace ip_send_skb
TIME CPU PID FUNCTION/ARGS
78101668506811 1 2813 ip_send_skb(
net = *(0xffffffffb5959840)
(struct net){
.passive = (refcount_t){
.refs = (atomic_t){
.counter = (int)0x2,
},
},
.dev_base_seq = (unsigned int)0x18,
.ifindex = (int)0xf,
.list = (struct list_head){
.next = (struct list_head *)0xffff9895
.prev = (struct list_head *)0xffffffff
},
[output truncated]
78178228354796 1 2813 ip_send_skb(
return =
(int)0x0
);
We see the raw value of pointers along with the typed representation
of the data they point to.
Up to five arguments are supported.
The arguments are referred to via name (e.g. skb, net), and
the return value is referred to as "return" (using the keyword
ensures we can never clash with an argument name).
ksnoop can select specific arguments/return value rather
than tracing everything; for example:
$ ksnoop "ip_send_skb(skb)"
...will only trace the skb argument. A single level of
reference is supported also, for example:
$ ksnoop "ip_send_skb(skb->sk)"
or
Simple predicates (==, !=, <, <=, >, >=) can also be specified;
for example, to show skbs where the length is > 255:
$ ksnoop "ip_rcv(skb->len > 0xff,skb)"
TIME CPU PID FUNCTION/ARGS
32461869484376 1 2955 ip_rcv(
skb->len =
(unsigned int)0x127,
skb = *(0xffff89c99623a000)
(struct sk_buff){
(union){
.sk = (struct sock *)0xffff89c880b37000,
.ip_defrag_offset = (int)0x80b37000,
},
We can also specify a combination of entry/return predicates;
when such a combination is specified, data on entry (assuming
it matches the predicate) is "stashed" for retrieval on return.
This allows us to ask questions like "show entry arguments for
function foo when it returned a non-zero value indicating error";
$ ksnoop "sock_sendmsg(skb, return != 0)"
Multiple functions can be specified also.
In addition, using "stack" (-s) mode, it is possible to specify that
a sequence of functions should be traced, but only if function
A calls function B (either directly or indirectly). For example,
in specifying
$ ksnoop -s tcp_sendmsg __tcp_transmit_skb ip_output
...we are saying we are only interested in tcp_sendmsg() function
calls that in turn issue calls to __tcp_transmit_skb(), and these
in turn eventually call ip_output(), and that we only want to
see their entry and return. This mode is useful for investigating
behaviour with a specific stack signature, allowing us to see
function/argument information for specific call chains only.
Finally, module support is included too, provided module BTF is
present in /sys/kernel/btf :
$ ksnoop iwl_trans_send_cmd
TIME CPU PID FUNCTION/ARGS
80046971419383 3 1038 iwl_trans_send_cmd(
trans = *(0xffff989564d20028)
(struct iwl_trans){
.ops = (struct iwl_trans_ops *)0xffffff
.op_mode = (struct iwl_op_mode *)0xffff
.trans_cfg = (struct iwl_cfg_trans_para
The goal pursued here is not to add another tracer to the world -
there are plenty of those - but rather to demonstrate feature usage
for deep data display in the hope that other tracing technologies
make use of this functionality. In the meantime, having a simple
tracer like this plugs the gap and can be quite helpful for kernel
debugging.
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
Michael Gugino [Wed, 1 Sep 2021 22:07:33 +0000 (18:07 -0400)]
tools/tcpretrans: add optional tcp seq output
This commit adds the ability to print out tcp sequence numbers while
running the tool in normal mode by reading the appropriate fields from
skb. skb is not readily available for TLP, thus the output for that mode
is set to 0.
Signed-off-by: Michael Gugino <mgugino@redhat.com>
Hao Lee [Fri, 27 Aug 2021 08:36:52 +0000 (04:36 -0400)]
doc: Add description for detach_kprobe/detach_kretprobe
Add missing descriptions for detach_kprobe and detach_kretprobe.
Signed-off-by: Hao Lee <haolee@didiglobal.com>
Hao Lee [Fri, 27 Aug 2021 08:23:29 +0000 (04:23 -0400)]
bcc/python: Add the support for detaching a single kprobe/kretprobe handler
_add_kprobe_fd() uses a <ev_name, fd> map to store fd of attached function, but
the current implementation can only store the last fd if we attach multiple
handler functions on the same kprobe event.
This patch uses a <ev_name, <fn_name, fd>> map to build the corresponding
relationship among the kprobe event, handler function names, and fds. Then we
can detach any single handler function, which is pretty helpful if the
developer wants to enable and disable kprobes/kretprobes dynamically.
For example:
We want to measure both the execution count, execution time, and some other
metrics of a kernel function. For flexibility, we want to use separate handlers
for each metric to disable them individually if any of them incur some
performance penalties. Without this interface, we have to disable all handlers
on the kernel function.
The uprobe also has a similar problem. I will fix it in a subsequent patch.
Signed-off-by: Hao Lee <haolee@didiglobal.com>
Edward Wu [Mon, 30 Aug 2021 00:07:17 +0000 (08:07 +0800)]
tools/criticalstat: Include CONFIG_PREEMPT_TRACER dependency in warning msg
CONFIG_PREEMPTIRQ_TRACEPOINTS depends on TRACE_PREEMPT_TOGGLE
or TRACE_IRQFLAGS, TRACE_PREEMPT_TOGGLE will
also turn PREEMPT_TRACER on but NOT TRACE_IRQFLAGS. If you enable
TRACE_IRQFLAGS for PREEMPTIRQ_TRACEPOINTS, you need to enable
PREEMPT_TRACER as well.
Signed-off-by: Edward Wu <edwardwu@realtek.com>
irwanshofwan [Wed, 25 Aug 2021 13:09:49 +0000 (20:09 +0700)]
Update INSTALL.md - fix disutil missing
This fix is used for install python3-distutils which required by bcc
zhenwei pi [Tue, 17 Aug 2021 12:46:54 +0000 (20:46 +0800)]
libbpf-tools: runqslow: add '-P' optional
Sync change
508d9694ba7ea503cce821175ffca5a7740b832b.
During a task hits schedule delay, in the high probability, the
previous task takes a long time to run. It's possible to dump the
previous task comm and TID by '-P' or '--previous' option.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Dave Marchevsky [Thu, 19 Aug 2021 00:06:00 +0000 (17:06 -0700)]
bcc/python: Add x86 and sw test to test_attach_perf_event.py
Since the current test can't run on github actions since there's no HW
perf counter access, add a test using software page faults perf
event, which might work.
Also, rename the current HW test in there to highlight that it'll work
for PowerPC, and add a similar test for x86.
Dave Marchevsky [Sat, 14 Aug 2021 04:02:12 +0000 (21:02 -0700)]
bcc/python: Add test_attach_perf_event.py to CMake tests
Add to CMakeLists.txt of tests so that the test is run as part of github
actions test suite. Shorten the sleep duration so test finishes faster -
since it's just testing attach currently the extra time isn't producing
more signal.
Also add python equivalent of `perf_event_sample_format` enum so
`sample_type` can be more clearly set.
v2: The test doesn't work on ubuntu 16.04 due to old kernel headers. It
doesn't work on the rest of the github actions VMs due to hardware perf
events not being supported, so add necessary check / skip.
Dave Marchevsky [Sat, 14 Aug 2021 08:29:31 +0000 (01:29 -0700)]
bcc/python tests: pull kernel_version_ge into utils
This helper is replicated in a few different places, let's pull it out.
Dave Marchevsky [Sat, 14 Aug 2021 03:17:27 +0000 (20:17 -0700)]
bcc/python: extend perf_event_attr ctype
This commit brings the Perf.perf_event_attr ctype in line with version 6
of struct perf_event_attr (see uapi/linux/perf_event.h kernel header).
Specifically:
* All named fields are added, including field names within anonymous
unions and bitfields
* Perf.perf_event_attr now complains when a field which isn't part of
the ctype struct is set.
* Goal here is to prevent users from setting a
recently-added field - which we haven't updated the ctype _fields_ to
include - and getting confused when it doesn't propagate to the
perf_event_open syscall. This bit me in #3571 and I am pretty
familiar with bcc internals so I'd like to prevent this from
confusing others down the line.
* Perf.perf_event_attr's 'flags' field is removed as it was a standin
for the bitfields. The _old_ profile.py was the only script in bcc
tools that I could find using this.
The last bullet is a breaking change. Although `tools/old/profile.py`
has been migrated to use the bitfield it was flipping using `flags`,
there could be some scripts out in the wild which break. I don't think
this is likely: this stuff hasn't been significantly touched since 2016
and I suspect if users of the python interface were writing lots of
perf_event programs we would've seen more python tools or activity here.
Regardless, there is probably a way to keep `flags` field working while
also exposing named bitfields, but I suspect it'll be ugly and wanted to
see if anyone thought it was necessary.
Dave Marchevsky [Fri, 13 Aug 2021 22:44:33 +0000 (18:44 -0400)]
Merge pull request #3571 from athira-rajeev/attach_perf_event_raw
bcc/python: Add support for API 'bpf_attach_perf_event_raw' in BPF py…
zhenwei pi [Thu, 12 Aug 2021 10:04:17 +0000 (18:04 +0800)]
tools/runqslower: add '-P' optional
During a task hits schedule delay, in the high probability, the
previous task takes a long time to run. It's possible to dump the
previous task comm and TID by '-P' or '--previous' option.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Athira Rajeev [Mon, 26 Jul 2021 16:56:06 +0000 (12:56 -0400)]
bcc/python: Add support for API 'bpf_attach_perf_event_raw' in BPF python interface
Add python interface for attach_perf_event_raw to bcc.
The bpf_attach_perf_event_raw API provide flexibility to use
advanced features of perf events with BPF. Presently, this
API is available to use in BPF programs via C and C++ interface.
Patch enables support to use in python interface.
Patch also adds testcase under 'tests/python' which uses
the newly added python interface 'attach_perf_event_raw'.
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
chendotjs [Fri, 13 Aug 2021 06:11:29 +0000 (14:11 +0800)]
Add support for driver/native mode (#3574)
Add support for driver/native mode in example xdp_drop_count.py.
Hariharan Ananthakrishnan [Thu, 12 Aug 2021 12:55:21 +0000 (05:55 -0700)]
Added IPv4/IPv6 filter support for tcp trace tools (#3565)
* Added IPv4/IPv6 filter support for tcp trace tools
* Fixed a typo
* Added usage for TCP syn backlog
* Fixed a typo
* Fixed a typo
* Added man support for IPv4/IPv6 family filters
Hengqi Chen [Sun, 8 Aug 2021 03:15:56 +0000 (11:15 +0800)]
libbpf-tools: add exitsnoop (#3564)
add exitsnoop libbpf tool.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Dave Marchevsky [Fri, 6 Aug 2021 19:24:32 +0000 (15:24 -0400)]
Merge pull request #3566 from davemarchevsky/davemarchevsky_remapped_refactor
ClangLoader: Pull out common remapped file operations
Dave Marchevsky [Fri, 6 Aug 2021 05:12:17 +0000 (22:12 -0700)]
ClangLoader: Pull out common remapped file operations
I'm making some larger modifications to the loader. While reading
through the `do_compile` code I noticed that the common "remapped file"
operations - telling various CompilerInvocations about 'virtual'
includes and the virtual main c file - could be factored out to enhance
clarity.
This patch doesn't change functionality at all, nor does it try to make
any opinionated refactoring changes.
Rosen [Tue, 3 Aug 2021 18:26:23 +0000 (02:26 +0800)]
tcpstates: incorrect display of dport (#3560)
fix incorrect display of dport for kprobe attachment in tcpstates
Jerome Marchand [Fri, 30 Jul 2021 16:15:05 +0000 (18:15 +0200)]
libbpf-tools: readahead: don't mark struct hist as static
Libbpf readahead tool does not compile with bpftool v5.14. Since
commit
31332ccb756 ("bpftool: Stop emitting static variables in BPF
skeleton"), bpftool gen skeleton does not include static variables
into the skeleton file anymore.
Fixes the following compilation error:
readahead.c: In function 'main':
readahead.c:153:26: error: 'struct readahead_bpf__bss' has no member named 'hist'
153 | histp = &obj->bss->hist;
| ^~
Hengqi Chen [Sun, 30 May 2021 08:36:37 +0000 (16:36 +0800)]
libbpf-tools: add mountsnoop
This commit adds a new libbpf tool mountsnoop.
It has the same functionalities just as its
counterpart in BCC tools. The default output
is the same.
```
$ mountsnoop
COMM PID TID MNT_NS CALL
dockerd 1827 1903
4026531840 mount("overlay", "/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", "overlay", 0x0, "index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/diff,workdir=/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/work") = 0
dockerd 1827 1903
4026531840 umount("/data/docker/overlay2/153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", MS_NOSUID) = 0
```
Also, we provide a detailed mode enabled by -d
option which displays each mount/umount syscall
vertically with more field. In this way, the
output looks more friendly.
```
$ mountsnoop -d -t
PID: 1827
TID: 1864
COMM: dockerd
OP: MOUNT
RET: 0
LAT: 246us
MNT_NS:
4026531840
FS: overlay
SOURCE: overlay
TARGET: /data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA: index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/diff,workdir=/data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/work
FLAGS: 0x0
PID: 1827
TID: 1864
COMM: dockerd
OP: UMOUNT
RET: 0
LAT: 95us
MNT_NS:
4026531840
FS:
SOURCE:
TARGET: /data/docker/overlay2/5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA:
FLAGS: MS_NOSUID
```
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 28 Jul 2021 15:49:11 +0000 (23:49 +0800)]
bcc/tools: use device number and inode number to identify a file
Currently, the filetop tool use (tid, filename, type) tuple to
key a file, which is not enough to uniquely identify a file.
A thread write to multi files with the same name would add up to
same value in the map which can be repro by the following command:
$ cat somefile | tee /foo/bar/xxx /fuz/baz/xxx
Let us add device number and inode number to uniquely identify
a file.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Thu, 15 Jul 2021 16:04:28 +0000 (00:04 +0800)]
libbpf-tools: add filetop
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Wen Yang [Wed, 21 Apr 2021 08:21:56 +0000 (16:21 +0800)]
Tools: add the PPID/PCOMM fields in mountsnoop
It is found that in the production environment, the system() function
or shell command is often used to start the mount process temporarily,
so the PPID/PCOMM field needs to be added to find the corresponding program.
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Markus Dreseler [Tue, 20 Jul 2021 11:49:58 +0000 (13:49 +0200)]
profile.py: Remove unused kernel_ret_ip
With
7157e6ec, `DO_KERNEL_RIP` was removed. That was the only user of the `kernel_ret_ip` field. I believe we can now remove that field.
sum12 [Tue, 20 Jul 2021 14:47:48 +0000 (16:47 +0200)]
bcc/tools: update mountsnoop's based on comment in containers.py
this patch just replicates the fix done in
ef330a393be4b472627b1bfa7fbe50934e519e25
Tsai-Wei Wu [Tue, 20 Jul 2021 07:00:11 +0000 (15:00 +0800)]
tools/criticalstat: Add new kconfig option to warning message
In kernel 4.19 and later, the CONFIG_PREEMPTIRQ_EVENTS option is unused.
Instead, it requires a kernel built with CONFIG_PREEMPTIRQ_TRACEPOINTS.
Yonghong Song [Sun, 18 Jul 2021 23:25:43 +0000 (16:25 -0700)]
update debian changelog for release v0.21.0
* Support for kernel up to 5.13
* support for debug information from libdebuginfod
* finished support for map elements items_*_batch() APIs
* add atomic_increment() API
* support attach_func() and detach_func() in python
* fix displaying PID instead of TID for many tools
* new tools: kvmexit.py
* new libbpf-tools: gethostlatency, statsnoop, fsdist and solisten
* fix tools ttysnoop/readahead for newer kernels
* doc update and bug fixes
Signed-off-by: Yonghong Song <yhs@fb.com>
yonghong-song [Sun, 18 Jul 2021 22:05:34 +0000 (15:05 -0700)]
sync with latest libbpf repo (#3529)
sync with latest libbpf repo which is upto commit
21f90f61b084 sync: latest libbpf changes from kernel
Signed-off-by: Yonghong Song <yhs@fb.com>
Mauricio Vásquez [Fri, 16 Jul 2021 21:55:36 +0000 (16:55 -0500)]
tools: Fix filtering by mount namespace
The filtering by mount namespace implementation relies on the
redefinition of the "struct mnt_namespace" internal kernel structure.
The layout of this structure changed in Linux 5.11 (https://github.com/torvalds/linux/commit/
1a7b8969e664d6af328f00fe6eb7aabd61a71d13),
this commit adds a conditional on the kernel version to adapt to this
change.
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
Hengqi Chen [Thu, 15 Jul 2021 16:18:55 +0000 (00:18 +0800)]
bcc/tools: remove unused signal handlers
Several top tools defined signal handler, but not used.
They work well without signal handler, so just remove it.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sat, 10 Jul 2021 10:25:47 +0000 (18:25 +0800)]
libbpf-tools: gethostlatency allow specify libc path
This commit adds a new option to gethostlatency which
allows user to specify which libc to use for tracing.
This is useful when application is not linked against
default libc.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sun, 27 Jun 2021 15:44:14 +0000 (23:44 +0800)]
libbpf-tools: gethostlatency code cleanup
This commit updates the code to conform the kernel
code style guide.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Oleg Guba [Wed, 14 Jul 2021 04:25:09 +0000 (21:25 -0700)]
[py3:tools/deadlock.py] fix usage of str.replace() method to make it py3 compartible
Dave Marchevsky [Mon, 12 Jul 2021 06:44:04 +0000 (02:44 -0400)]
Merge pull request #3498 from davemarchevsky/davemarchevsky_exe_syms
ProcSyms should treat the executable like any other mapped file when symbolizing
Hengqi Chen [Thu, 1 Jul 2021 13:16:15 +0000 (21:16 +0800)]
libbpf-tools: fix uprobe helper get_elf_func_offset
get_elf_func_offset didn't work properly when use with
statically linked binary. It seems like not subtract the
base load address cause the problem. This commits fixes
that like BCC does. see [0] and [1].
[0]: https://github.com/iovisor/bcc/blob/v0.20.0/src/cc/bcc_syms.cc#L751-L764
[1]: https://github.com/iovisor/bcc/blob/v0.20.0/src/cc/bcc_elf.c#L723-L756
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Fei Li [Mon, 31 Aug 2020 13:35:33 +0000 (21:35 +0800)]
kvmexit.py: introduce a tool to show kvm exit reasons and counts
Considering virtual machines' frequent exits can cause performance
problems, introduce a tool to show kvm exit reasons and counts, so
that the most frequent exited reasons could be located, reduced, or
even avoided.
For better performance, this tool employs a percpu array and percpu
hash in bpf to store exit reason and its counts. Besides, the bcc
python provides aggregation and various custom output. For more
background, realization and examples, please see kvmexit_example.txt
and man/man8/kvmexit.8 for more reference.
Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
Fei Li [Sun, 20 Jun 2021 14:18:32 +0000 (22:18 +0800)]
Check if raw tracepoint in module is supported
Actually there are two stages to fully support raw tracepoint: the
first stage is only for in-kernel functions, and the second stage is
for kernel modules. For the latter stage, the corresponding kernel
commit is
a38d1107, and it is merged since v5.0.
Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
Alban Crequy [Sun, 4 Jul 2021 14:17:15 +0000 (16:17 +0200)]
Fix publish github action on docker registry
masibw [Fri, 2 Jul 2021 11:44:41 +0000 (20:44 +0900)]
Add open parentheses
Hang Yan [Fri, 2 Jul 2021 12:46:59 +0000 (20:46 +0800)]
Update cachestat_example.txt
typo fix
Gad Akuka [Tue, 6 Jul 2021 03:53:07 +0000 (06:53 +0300)]
Update INSTALL.md - Fix broken links (#3524)
Fix broken links for Amazon installation.
Hengqi Chen [Mon, 31 May 2021 12:31:59 +0000 (20:31 +0800)]
libbpf-tools: add solisten
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
zcy [Thu, 1 Jul 2021 16:12:32 +0000 (00:12 +0800)]
tools: replace add with xadd (#3518)
resolve #3481
replace add with xadd for more tools.
Daniel Xu [Wed, 30 Jun 2021 22:43:06 +0000 (15:43 -0700)]
cmake: Make libbcc_bpf.so the BCC runtime
This commit adds more functionality into libbcc_bpf.so such that
libbcc_bpf.so contains all of BCC's runtime components. "Runtime" in
this context means everything except the stuff that depends on
clang/LLVM.
libbcc_bpf.so was originally created in
fa073456 ("make libbpf
standalone-ready") with (I'm guessing) the intent of creating
bcc-libbpf. That has been superceded by libbpf (separate repo) so I
don't think it should be used much anymore.
This updated libbcc_bpf.so will be used by ahead-of-time compiled
bpftrace scripts[0] to drop the dependency on LLVM/clang for the runtime
component.
[0]: https://dxuuu.xyz/aot-bpftrace.html
Daniel Xu [Wed, 30 Jun 2021 22:42:12 +0000 (15:42 -0700)]
cmake: Move bpf-static and bpf-shared targets lower in file
Move the definitions lower in the file so we can reuse some variables in
the next commit.
Hengqi Chen [Thu, 1 Jul 2021 15:43:31 +0000 (23:43 +0800)]
libbpf-tools: display pid instead of tid (#3499)
execsnoop displays tid in its output with header PID,
which is wrong and differs from the original BCC tool.
This commit fixes that with some code cleanup.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
zhaoyao73 [Wed, 30 Jun 2021 17:15:26 +0000 (13:15 -0400)]
add uprobe support in funcinterval (#3512)
add uprobe support in funcinterval
Signed-off-by: Yao Zhao <yao.zhao1@huawei.com>
zcy [Fri, 25 Jun 2021 02:16:53 +0000 (10:16 +0800)]
tools/readahead compatible with kernel version >= 5.10 (#3507)
After kernel version 5.10, __do_page_cache_readahead() was renamed to do_page_cache_ra(),
let us try both in readahead.py.
zhenwei pi [Wed, 23 Jun 2021 08:24:11 +0000 (16:24 +0800)]
tcprtt: fix compatibility for python3
Suggested by Yonghong, tcprtt report error on python3:
TypeError: can't concat str to bytes
Both python2 and python3, inet_ntop returns a string type, there is
no need to encode any more.
Test for python2 and python3, both work fine.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
zhenwei pi [Mon, 21 Jun 2021 07:06:58 +0000 (15:06 +0800)]
tcprtt: support extension summary(average RTT)
Support -e/--extension to show extension summary info, currently
only average RTT is supported.
Also some minor changes to make histogram report easy to read.
Orinally tcprtt does't show lable/header without -b/-B option,
currently it shows like this:
All Addresses = *******
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
chenyuezhou [Tue, 22 Jun 2021 20:57:09 +0000 (16:57 -0400)]
bcc-test: fix test error
masi19bw [Tue, 22 Jun 2021 09:07:49 +0000 (09:07 +0000)]
Add docs about BPF_HASH_OF_MAPS
chenyuezhou [Mon, 21 Jun 2021 14:07:30 +0000 (10:07 -0400)]
tools: funclatency use atomic_increment
masibw [Tue, 22 Jun 2021 06:18:23 +0000 (15:18 +0900)]
Allow the use of custom keys in BPF_HASH_OF_MAPS (#3500)
- Allow the use of custom keys in BPF_HASH_OF_MAPS
- Add both python and C++ tests
Dave Marchevsky [Sat, 19 Jun 2021 05:52:46 +0000 (22:52 -0700)]
libbpf-tools: Don't redefine _GNU_SOURCE to avoid redefinition warning
Similar to past commits like
667988ce9e2a051ff608b727f6c89a5baa01fa67,
my toolchain complains that `_GNU_SOURCE` is redefined. Let's only
define it when it passes `ifndef`
Dave Marchevsky [Sat, 19 Jun 2021 02:34:55 +0000 (19:34 -0700)]
ProcSyms should treat the executable like any other mapped file when
symbolizing
As reported in #3487, when `/proc/PID/exe`'s symlink points to a
mountns-relative path from a different mountns than the tracing process,
we can fail to open it as we don't prepend `/proc/PID/root` .
A few potential solutions were discussed in that issue, we settled on
treating the main exe like any other map in `/proc/PID/maps`. Since it's
always the first map we can reuse existing code and get rid of
exe-specific helpers.
chenyuezhou [Fri, 18 Jun 2021 20:31:52 +0000 (16:31 -0400)]
libbcc: add atomic_increment()
Hengqi Chen [Wed, 16 Jun 2021 16:01:21 +0000 (00:01 +0800)]
bcc/python: fix attach kprobe/kretprobe using regex
Attach kprobe/kretprobe using regular expression should fail
explicitly if no functions are traceable. Currently we catch
all exceptions and if no functions are available, program
continue with no BPF programs attached. In this commit, change
this behavior to explicitly report error to user.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 16 Jun 2021 15:29:36 +0000 (23:29 +0800)]
bcc/python: remove unused imports, remove redundant semicolon
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Dave Marchevsky [Wed, 16 Jun 2021 00:53:03 +0000 (17:53 -0700)]
pull out enums from main BPF class to avoid namespace collisions
In #3479, the `bpf_attach_type` enum was pulled into the `BPF` class so
that its members could be used in `attach_func` and `detach_func`
functions introduced to the Python API.
Unfortunately this caused a redefinition of BPF.XDP, which was similarly
pulled in from `bpf_prog_type` enum, thus breaking program loading
(#3489).
Let's pull these enum- and flag-type class variables out into their own
wrapper classes. For backwards compatibility, keep them all (except for
`bpf_attach_type`, which was merged 2 days ago) defined in the BPF
class, but add a comment to not continue doing this.
Spencer Nelson [Fri, 11 Jun 2021 19:07:02 +0000 (12:07 -0700)]
Decode bytes when formatting them as strings
USDTProbe objects (and USDTProbeArguments and USDTProbeLocations) are
instantiated with data that's sourced from libccc calls. That means
that their attributes are bytes-typed, not string-typed.
When a bytes-typed value is rendered into a string with Python's '%s'
formatting directive, it gets a wrapped in single quotes and prefixed
with b. For example, b'probe-location'. This is visually noisy, but
also breaks some tool behavior which uses string-formatted values for
stuff like filters.
This is only an issue in Python 3. In Python 2, the bytes type is just
an alias for the string type, and so byte sequences from libcc were
implicitly decoded as ASCII text.
Dave Marchevsky [Tue, 15 Jun 2021 17:47:45 +0000 (13:47 -0400)]
Merge pull request #3466 from chenhengqi/add-bindsnoop
libbpf-tools: add bindsnoop
Khem Raj [Mon, 14 Jun 2021 19:49:43 +0000 (12:49 -0700)]
Remove APInt/APSInt toString() std::string variants
clang 13+ has removed this in favour of a pair of llvm::toString
() helpers inside StringExtras.h to improve compile speed by avoiding
hits on <string> header
Signed-off-by: Khem Raj <raj.khem@gmail.com>
zcy [Mon, 14 Jun 2021 05:59:22 +0000 (13:59 +0800)]
bcc-python: support attach_func() and detach_func() (#3479)
- support attach_func() and detach_func().
- add an sockmap issue to demonstrate using these two functions.
Hengqi Chen [Fri, 11 Jun 2021 13:39:08 +0000 (21:39 +0800)]
libbpf-tools: remove ext4dist
In #3441, we introduce a new libbpf tools named fsdist, which is
built on the idea by @anakryiko and previous work by @ethercflow.
fsdist extends ext4dist to support multiple file systems in a flexable
way. Now we can replace ext4dist and treat it as an alias to fsdist.
This commit removes ext4dist and replaces it with a symlink to fsdist.
References:
#3430, #3436
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 12 May 2021 00:43:15 +0000 (08:43 +0800)]
libbpf-tools: add bindsnoop
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Wed, 9 Jun 2021 05:42:54 +0000 (13:42 +0800)]
libbpf-tools: optimize fentry_exists helper
The previous implementation checks fentry support either in vmlinux
or module BTF. So we need two calls to fentry_exists to verify that
whether a symbol exists. This commit updates this behavior to use
the module name provided as a hint, and fallback to vmlinux if module
BTF is not available.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Hengqi Chen [Sat, 5 Jun 2021 02:44:46 +0000 (10:44 +0800)]
libbpf-tools: migrate xfsslower to fsslower
This commit migrates xfsslower to a generic fsslower which supports
tracing multiple file systems. It works the same way as the original
tool except that the users are supposed to specify which file systems
to trace using -t option.
sudo ./fsslower -t ext4 -m 1
Tracing ext4 operations slower than 1 ms... Hit Ctrl-C to end.
TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME
10:36:07 code 6896 F LL_MAX 0 2.40 state.vscdb-journal
10:36:07 code 6896 F LL_MAX 0 1.74 state.vscdb-journal
10:36:07 code 6896 F LL_MAX 0 1.78 state.vscdb
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenyuezhou [Tue, 8 Jun 2021 16:09:31 +0000 (12:09 -0400)]
libbcc: add msg_redirect_hash() and sk_redirect_hash() for sockhash
zcy [Mon, 7 Jun 2021 16:14:14 +0000 (00:14 +0800)]
libbcc: support BPF_SOCKHASH specify the key type (#3473)
support BPF SOCKHASH specify the key type and update documentation
for BPF_SOCKHASH and map.sock_hash_update().
masibw [Sun, 6 Jun 2021 16:12:32 +0000 (01:12 +0900)]
Add attach_xdp to reference_guide.md (#3450)
- Add attach_xdp to reference_guide.md
- Add description about flags
Emilien Gobillot [Sun, 6 Jun 2021 05:44:26 +0000 (07:44 +0200)]
finish to add support of subset in items_*_batch() (#3440)
finish to add support of subset in items_*_batch()
- rewrite items_lookup_batch() and items_lookup_and_delete_batch() to make it more robust.
- add docstring on items_*_batch()
- update the reference_guide.md
edwardwu [Thu, 3 Jun 2021 04:15:27 +0000 (12:15 +0800)]
Add an option to strip leading zeros from linear histograms
Sometimes histogram gives us too much zero info that we don't really care.
For example:
usec : count distribution
0 : 0 | |
1 : 0 | |
2 : 0 | |
3 : 0 | |
4 : 0 | |
5 : 0 | |
6 : 0 | |
7 : 0 | |
8 : 0 | |
9 : 0 | |
10 : 0 | |
11 : 0 | |
12 : 0 | |
13 : 0 | |
14 : 0 | |
15 : 0 | |
16 : 0 | |
17 : 0 | |
18 : 0 | |
19 : 0 | |
20 : 0 | |
21 : 0 | |
22 : 0 | |
23 : 0 | |
24 : 0 | |
25 : 0 | |
26 : 0 | |
27 : 0 | |
28 : 0 | |
29 : 0 | |
30 : 0 | |
31 : 0 | |
32 : 0 | |
33 : 0 | |
34 : 0 | |
35 : 0 | |
36 : 0 | |
37 : 0 | |
38 : 0 | |
39 : 0 | |
40 : 0 | |
41 : 7 |****************************************|
42 : 2 |*********** |
Such much info is hard to analyze by FIRST glance, especially console view
After supporting strip leading zeros
print_linear_hist("usec", "name", name_print, strip_leading_zero=True)
usec : count distribution
41 : 7 |****************************************|
42 : 2 |************* |
This is what we really care, and it's clear.
Signed-off-by: Edward Wu <edwardwu@realtek.com>
Jerome Marchand [Wed, 2 Jun 2021 12:23:20 +0000 (14:23 +0200)]
libbpf-tool: don't ignore LDFLAGS
Packagers need to be able set linker options according to their
distribution guidelines.
chenyuezhou [Wed, 2 Jun 2021 21:50:45 +0000 (17:50 -0400)]
docs: update description of bcc python BPF()
Hengqi Chen [Wed, 19 May 2021 16:00:32 +0000 (00:00 +0800)]
libbpf-tools: add fsdist
fsdist is a multitool which show filesystem latency.
Currently we support btrfs/ext4/nfs/xfs filesystems.
It behaves the same as its counterpart in BCC tools
named btrfsdist.py/ext4dist.py/nfsdist.py/xfsdist.py
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
chenyuezhou [Fri, 28 May 2021 04:27:11 +0000 (00:27 -0400)]
docs: add description of attach_raw_socket
Nick-nizhen [Thu, 27 May 2021 05:21:59 +0000 (13:21 +0800)]
Update cpudist.py
When calculating the ONCPU time, prev has left the CPU already. It is not necessary to judge whether the process state is TASK_RUNNING or not.
zcy [Thu, 27 May 2021 16:50:23 +0000 (00:50 +0800)]
tools/deadlock: support specifies maxnum of threads and edge cases (#3455)
support to specify maxinum of threads and edge cases. The default values make map taking more than 0.5G memory which cause out-of-memory issue on some systems.
also fix an issue with python `open` so the open file is automatically closed upon file reading is done.
Hengqi Chen [Sat, 22 May 2021 08:07:36 +0000 (16:07 +0800)]
hardirqs: Migrate to kernel tracepoint
The hardirqs tool is not working properly in recent kernels.
This commit migrates hardirqs to use kernel tracepoints
instead of kprobes, just as we already made to softirqs.
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Yonghong Song [Wed, 26 May 2021 02:58:00 +0000 (19:58 -0700)]
Fix a llvm compilation error
Current llvm trunk (https://github.com/llvm/llvm-project)
will cause the following compilation errors:
/home/yhs/work/bcc/src/cc/bcc_debug.cc: In member function ‘void ebpf::SourceDebugger::dump()’:
/home/yhs/work/bcc/src/cc/bcc_debug.cc:135:75: error: no matching function for call to
‘llvm::MCContext::MCContext(llvm::Triple&, std::unique_ptr<llvm::MCAsmInfo>::pointer,
std::unique_ptr<llvm::MCRegisterInfo>::pointer, llvm::MCObjectFileInfo*,
std::unique_ptr<llvm::MCSubtargetInfo>::pointer, std::nullptr_t)’
MCContext Ctx(TheTriple, MAI.get(), MRI.get(), &MOFI, STI.get(), nullptr);
^
......
This is because upstream patch https://reviews.llvm.org/D101921
refactored MCObjectFileInfo initialization and changed MCContext
constructor signature.
This patch fixed the issue by following the new code patterns
in https://reviews.llvm.org/D101921.
Jiri Olsa [Fri, 9 Apr 2021 17:24:12 +0000 (19:24 +0200)]
tools/ttysnoop: Add --datasize/--datacount
Adding the possibility to define transmitting data size
(--datasize option) and number of times we ask for this
amount (--datacount option).
This helps to configure ttysnoop behaviour for the expected
data in the terminal session. For example ncurses applications
like mc or huge sized terminals need bigger buffer to snoop
everything from the buffer.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Jiri Olsa [Fri, 9 Apr 2021 15:14:21 +0000 (17:14 +0200)]
tools/ttysnoop: Use array map to store data
So we can use bigger sizes for the data.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>