Commit 29dbddaa authored by mcaleavya's avatar mcaleavya

migrated to use bpf_perf_events

parent cfc31503
...@@ -11,6 +11,10 @@ be useful to know if they are happening and how frequently. ...@@ -11,6 +11,10 @@ be useful to know if they are happening and how frequently.
This works by tracing the kernel sys_sync() function using dynamic tracing, and This works by tracing the kernel sys_sync() function using dynamic tracing, and
will need updating to match any changes to this function. will need updating to match any changes to this function.
This makes use of a Linux 4.5 feature (bpf_perf_event_output());
for kernels older than 4.5, see the version under tools/old,
which uses an older mechanism.
This program is also a basic example of eBPF/bcc. This program is also a basic example of eBPF/bcc.
Since this uses BPF, only the root user can use this tool. Since this uses BPF, only the root user can use this tool.
......
#!/usr/bin/python
# @lint-avoid-python-3-compatibility-imports
#
# syncsnoop Trace sync() syscall.
# For Linux, uses BCC, eBPF. Embedded C.
#
# Written as a basic example of BCC trace & reformat. See
# examples/hello_world.py for a BCC trace with default output example.
#
# Copyright (c) 2015 Brendan Gregg.
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 13-Aug-2015 Brendan Gregg Created this.
from __future__ import print_function
from bcc import BPF
# load BPF program
b = BPF(text="""
void kprobe__sys_sync(void *ctx) {
bpf_trace_printk("sync()\\n");
};
""")
# header
print("%-18s %s" % ("TIME(s)", "CALL"))
# format output
while 1:
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
print("%-18.9f %s" % (ts, msg))
...@@ -11,21 +11,47 @@ ...@@ -11,21 +11,47 @@
# Licensed under the Apache License, Version 2.0 (the "License") # Licensed under the Apache License, Version 2.0 (the "License")
# #
# 13-Aug-2015 Brendan Gregg Created this. # 13-Aug-2015 Brendan Gregg Created this.
# 19-Feb-2016 Allan McAleavy migrated to BPF_PERF_OUTPUT
from __future__ import print_function from __future__ import print_function
from bcc import BPF from bcc import BPF
import ctypes as ct
# load BPF program # load BPF program
b = BPF(text=""" b = BPF(text="""
#include <linux/string.h>
struct data_t {
u64 ts;
char msg[6];
};
BPF_PERF_OUTPUT(events);
void kprobe__sys_sync(void *ctx) { void kprobe__sys_sync(void *ctx) {
bpf_trace_printk("sync()\\n"); struct data_t data = {};
data.ts = bpf_ktime_get_ns();
data.ts = data.ts / 1000;
strcpy(data.msg,"Sync()");
events.perf_submit(ctx, &data, sizeof(data));
}; };
""") """)
class Data(ct.Structure):
_fields_ = [
("ts", ct.c_ulonglong),
("msg", ct.c_char * 6)
]
# header # header
print("%-18s %s" % ("TIME(s)", "CALL")) print("%-18s %s" % ("TIME(s)", "CALL"))
# format output # process event
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
print("%-18.9f %s" % (float(event.ts) / 1000000, event.msg))
# loop with callback to print_event
b["events"].open_perf_buffer(print_event)
while 1: while 1:
(task, pid, cpu, flags, ts, msg) = b.trace_fields() b.kprobe_poll()
print("%-18.9f %s" % (ts, msg))
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment