lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzYwO59x0kJWNk1sfwKz=Lw+Sb_ouyRpx8-v1x8XFoqMOw@mail.gmail.com>
Date:   Wed, 27 May 2020 23:36:29 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     王贇 <yun.wang@...ux.alibaba.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:BPF (Safe dynamic programs and tools)" 
        <netdev@...r.kernel.org>,
        "open list:BPF (Safe dynamic programs and tools)" 
        <bpf@...r.kernel.org>
Subject: Re: [RFC PATCH] samples:bpf: introduce task detector

On Wed, May 27, 2020 at 7:53 PM 王贇 <yun.wang@...ux.alibaba.com> wrote:
>
> This is a tool to trace the related schedule events of a
> specified task, eg the migration, sched in/out, wakeup and
> sleep/block.
>
> The event was translated into sentence to be more readable,
> by execute command 'task_detector -p 49870' we continually
> tracing the schedule events related to 'top' like:
>
> ----------------------------
> 923455517688  CPU=23  PID=49870  COMM=top          ENQUEUE
> 923455519633  CPU=23  PID=0      COMM=IDLE         PREEMPTED                1945ns
> 923455519868  CPU=23  PID=49870  COMM=top          EXECUTE AFTER WAITED     2180ns
> 923468279019  CPU=23  PID=49870  COMM=top          WAIT AFTER EXECUTED      12ms
> 923468279220  CPU=23  PID=128    COMM=ksoftirqd/23 PREEMPT
> 923468283051  CPU=23  PID=128    COMM=ksoftirqd/23 DEQUEUE AFTER PREEMPTED  3831ns
> 923468283216  CPU=23  PID=49870  COMM=top          EXECUTE AFTER WAITED     4197ns
> 923476280180  CPU=23  PID=49870  COMM=top          WAIT AFTER EXECUTED      7996us
> 923476280350  CPU=23  PID=128    COMM=ksoftirqd/23 PREEMPT
> 923476322029  CPU=23  PID=128    COMM=ksoftirqd/23 DEQUEUE AFTER PREEMPTED  41us
> 923476322150  CPU=23  PID=49870  COMM=top          EXECUTE AFTER WAITED     41us
> 923479726879  CPU=23  PID=49870  COMM=top          DEQUEUE AFTER EXECUTED   3404us
> ----------------------------
>
> This could be helpful on debugging the competition on CPU
> resource, to find out who has stolen the CPU and how much
> it stolen.
>
> It can also tracing the syscall by append option -s.
>
> Signed-off-by: Michael Wang <yun.wang@...ux.alibaba.com>
> ---

I haven't looked through implementation thoroughly yet. But I have few
general remarks.

This looks like a useful and generic tool. I think it will get most
attention and be most useful if it will be part of BCC tools. There is
already a set of generic tools that use libbpf and CO-RE, see [0]. It
feels like this belongs there.

Some of the annoying parts (e.g., syscall name translation) is already
generalized as part of syscount tool PR (to be hopefully merged soon),
so you'll be able to save quite a lot of code with this. There is also
a common build infra that takes care of things like vmlinux.h, which
would provide definitions for all those xxx_args structs that you had
to manually define.

With CO-RE, it also will allow to compile this tool once and run it on
many different kernels without recompilation. Please do take a look
and submit a PR there, it will be a good addition to the toolkit (and
will force you write a bit of README explaining use of this tool as
well ;).

As for the code itself, I haven't gone through it much, but please
convert map definition syntax to BTF-defined one. The one you are
using is a legacy one. Thanks!

  [0] https://github.com/iovisor/bcc/tree/master/libbpf-tools

>  samples/bpf/Makefile             |   3 +
>  samples/bpf/task_detector.h      | 382 +++++++++++++++++++++++++++++++++++++++
>  samples/bpf/task_detector_kern.c | 329 +++++++++++++++++++++++++++++++++
>  samples/bpf/task_detector_user.c | 314 ++++++++++++++++++++++++++++++++
>  4 files changed, 1028 insertions(+)
>  create mode 100644 samples/bpf/task_detector.h
>  create mode 100644 samples/bpf/task_detector_kern.c
>  create mode 100644 samples/bpf/task_detector_user.c
>

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ