- 07 Sep, 2018 1 commit
-
-
Teng Qin authored
* Small fix on C++ USDT implementation Fix an logging error, and small optimization on initialization * Add move constructor to C++ USDT instance
-
- 05 Sep, 2018 1 commit
-
-
Brenden Blanco authored
debian changelog for v0.7.0 tag
-
- 04 Sep, 2018 1 commit
-
-
Marko Myllynen authored
Sort language entries while at it.
-
- 02 Sep, 2018 1 commit
-
-
olsajiri authored
* tools: Skip backward time entries in xfsslower While using xfsslower on RHEL7 we occasionally get following screwed up latencies: # xfsslower Tracing XFS operations slower than 1 ms TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME 13:25:03 git 3385 R 62 4704 18446744073708.55 tmp_pack_bDUbwZ 13:25:03 git 3385 S 0 0 3.05 tmp_idx_Kjb2bW ... The reason for this is that on RHEL7 it's possible to get backward timetamp with bpf_ktime_get_ns. This needs to be fixed, but meanwhile this fix makes sure the latencies with backward times are skipped. For the rest of the kernels this is just sanity fix with possibly just single compare instruction overhead. It's temporary workaround for #728. Signed-off-by: Jiri Olsa <jolsa@kernel.org> * tools: Skip backward time entries in ext4dist While using ext4dist on RHEL7 we occasionally get following screwed up latencies: # ext4dist Tracing ext4 operation latency... Hit Ctrl-C to end. ^C operation = write usecs : count distribution 0 -> 1 : 1134529 |******** | 2 -> 3 : 2777582 |********************| 4 -> 7 : 688014 |**** | 8 -> 15 : 36160 | | 16 -> 31 : 698 | | 32 -> 63 : 6 | | 64 -> 127 : 15 | | 128 -> 255 : 7 | | 256 -> 511 : 1 | | 512 -> 1023 : 0 | | 1024 -> 2047 : 0 | | 2048 -> 4095 : 2 | | 4096 -> 8191 : 1 | | 8192 -> 16383 : 5 | | 16384 -> 32767 : 0 | | 32768 -> 65535 : 0 | | 9007199254740992 -> 18014398509481983 : 0 | | 18014398509481984 -> 36028797018963967 : 1 | | The reason for this is that on RHEL7 it's possible to get backward timestamp with bpf_ktime_get_ns. This needs to be fixed, but meanwhile this fix makes sure the latencies with backward times are skipped. For the rest of the kernels this is just sanity fix with possibly just single compare instruction overhead. It's temporary workaround for #728. Signed-off-by: Jiri Olsa <jolsa@kernel.org>
-
- 31 Aug, 2018 1 commit
-
-
Pascal Loth authored
fix a typo
-
- 30 Aug, 2018 1 commit
-
-
Filippos Giannakos authored
Generating sdist for both python2 and python3 at the same time can fail as they both use the same temporary files. Make sure that we generate sdist for each `PYTHON_CMD` sequentially.
-
- 28 Aug, 2018 3 commits
-
-
Allan McAleavy authored
Added in RHEL 7.6 Beta information
-
yonghong-song authored
The poll iteration count 10 sometimes not big enough. Now let us increase to 100 iterations, but will bail out if the expected data have received. Hopefully this will fix flakiness of this test. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Smita Koralahalli Channabasappa authored
* copy oomkill.py to old/oomkill.py * update oomkill * Update test_tools_smoke.py
-
- 21 Aug, 2018 1 commit
-
-
muahao authored
argdist -H 'r::__vfs_read(void *file, void *buf, size_t count):size_t $entry(count):$latency > 1000000' is a wrong example which cann't excute success, because lack of ":" and cann't split field correctly. So, the right command is: argdist -H 'r::__vfs_read(void *file, void *buf, size_t count):size_t: $entry(count):$latency > 1000000' Signed-off-by: Ahao Mu <muahao@linux.alibaba.com>
-
- 17 Aug, 2018 2 commits
-
-
Marko Myllynen authored
Fix unsiggned typo introduced in tp_frontend_action.cc
-
yonghong-song authored
all program types, map types and helpers are added based on latest net-next. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 16 Aug, 2018 2 commits
-
-
Joe Yin authored
make types appropriate for ipaddr/protocol etc.
-
muahao authored
It's useful to know each syscall's total latency in that period, but not the latency of the last time in that period. Signed-off-by: Ahao Mu <muahao@linux.alibaba.com>
-
- 15 Aug, 2018 3 commits
-
-
Mike Day authored
provide a parameter to suppress printing a new line at the end of the bytes. existing behavior is not changed.
-
Teng Qin authored
fix a rewriter bug for array subscript
-
Yonghong Song authored
additional fix for issue #1850 for the below case in test_clang.py; int test(struct pt_regs *ctx, struct mm_struct *mm) { return mm->rss_stat.count[MM_ANONPAGES].counter; } the current rewriter generates: int test(struct pt_regs *ctx) { struct mm_struct *mm = ctx->di; return ({ typeof(atomic_long_t) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)(&mm->rss_stat.count) + (MM_ANONPAGES)); _val; }).counter; } The third argument of bpf_probe_read() is incorrect. The correct third argument should be (u64)((&mm->rss_stat.count) + (MM_ANONPAGES)) This patch fixed the issue by adding extra parenthesis for the outer u64 type casting. int test(struct pt_regs *ctx) { struct mm_struct *mm = ctx->di; return ({ typeof(atomic_long_t) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)((&mm->rss_stat.count) + (MM_ANONPAGES))); _val; }).counter; } Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 13 Aug, 2018 2 commits
-
-
yonghong-song authored
LLVM commit https://reviews.llvm.org/D49741 removed function DEARFContext::getCompileUnitAtIndex() and caused the bcc compilation failure. Change usage of getCompileUnitAtIndex() to the one recommended in the above llvm commit. Signed-off-by: Yonghong Song <yhs@fb.com>
-
yonghong-song authored
fix #1921 For newer kernels, bcc tries to fd based kuprobe attachment. In fd based kprobe attachment, config1: for symbol config2: for symbol offset In python API attach_kretprobe, the offset value is not set in lib.bpf_attach_kprobe and hence it will be a random value and eventually causing kretprobe attachment failure. This is not an issue for old debugfs based attachment as the offset will not be used if it is a retprobe. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 09 Aug, 2018 4 commits
-
-
Teng Qin authored
Add name to program too large error message
-
Teng Qin authored
llcstat: print a nicer error message when hardware events are missing
-
Will Fife authored
* Adding Fedora 28 to the list of fedora versions Looking at the repo location, Fedora 28 appears to be supported as well. Fixing the documentation to include this. * Update INSTALL.md
-
Brenden Blanco authored
* python3: check ksymname calls with _assert_is_bytes Fixes a bytes/string concatenation error when get/fix_syscall_fnname is called from a python3 system. * python3: use env python invocation in tools In order to facilitate testing, but not necessarily as an example of good practice, I am changing the invocation of the test tools to use `/usr/bin/env python`, so that we can control which python (2 vs 3) gets invoked for the test. On the buildbots, I plan to add an optional `ln -s /usr/bin/python3 /usr/local/bin/python` on systems that have python3-bcc package built. This way, we get more test coverage. Having a cmake mechanism to enable both python2 and python3 testing could be a further enhancement. * tools/memleak: add an explicit stdout.flush to print loop The stdout flush behavior seems to have changed in python3, breaking one of the tests. I think it makes sense to flush stdout at the end of each timed interval loop anyway, so adding that to the tool itself. * tests: add b'' strings and fix dangling handles Add b'' strings in a few places in the test tools, and fix one dangling process handle in the memleak test tool runner.
-
- 08 Aug, 2018 1 commit
-
-
jeromemarchand authored
* Fix multiple memory access errors Fixes a buffer overflow in get_pid_exe(), a use-after-free error in bcc_usdt_get_probe_argctype() and a possible NULL pointer dereference in find_debug_via_debuglink(). * Fix multiple ressource leaks Leaked file descriptors in bpf_attach_uprobe() and verify_checksum(). Memory leaks in Parser::func_add() and bcc_procutils_language(). * fixup! Fix multiple ressource leaks
-
- 07 Aug, 2018 2 commits
-
-
Ravi Kiran Eticala authored
* Documentation: Added table for program type and its helper functions * updated the Program type table to follow the same Markdown format as other tables * Fixed typos * fixed typos and added new helper functions
-
Jerome Marchand authored
Hardware events such as CACHE_MISSES and CACHE_REFERENCES are usually not available on virtual machine. Print a more useful message when this happen.
-
- 04 Aug, 2018 1 commit
-
-
jeromemarchand authored
* sslsniff: add NSS support * sslsniff: update documentation
-
- 03 Aug, 2018 1 commit
-
-
yonghong-song authored
Fix issue #1910 Otherwise, we will have a type mismatch like below: [root@aborniakFC tools]# ./ttysnoop 1 Traceback (most recent call last): File "./ttysnoop", line 102, in <module> b = BPF(text=bpf_text) File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 337, in __init__ self._trace_autoload() File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 1030, in _trace_autoload event=self.fix_syscall_fnname(func_name[8:]), File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 569, in fix_syscall_fnname if name.startswith(prefix): TypeError: startswith first arg must be bytes or a tuple of bytes, not str [root@aborniakFC tools]# Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 02 Aug, 2018 1 commit
-
-
Alex Maestretti authored
cmake3 was throwing an error that the package did not exist. cmake exists and the build was successful using it.
-
- 01 Aug, 2018 1 commit
-
-
Javier Honduvilla Coto authored
* Replace boilerplate for increment with a call to `increment` from new tooling. Found cases to replace using `ripgrep`[1]: ``` $ rg '\(\*\w+\)\s*\+\+' -l | grep tools | grep -v old ``` [1]: https://github.com/BurntSushi/ripgrep * Replace boilerplate for bigger than 1 increments with the new `increment` call from new tooling. Found cases to replace using `ripgrep`[1]: ``` $ rg '\(\*\w+\)\s*\+=' -l | grep tools | grep -v old ``` [1]: https://github.com/BurntSushi/ripgrep * Update examples indicating the alternative increment call for hash tables
-
- 30 Jul, 2018 1 commit
-
-
Oliver Mannion authored
Add instructions for installing on Amazon Linux from source
-
- 27 Jul, 2018 2 commits
-
-
Nikita V. Shirokov authored
* [trace.py]: allow to use STRCMP helper with binary values Summary: sometimes in probe you want to compare char* w/ some predefined value which is not a string. e.g. setsockopt syscall has signature like this: sys_setsockopt(int fd, int level, int optname, char* optval, int optlen) and if you want to catch where/who is setting up specific value you are forced to compare optval against some predefined array. it's not possible today w/ trace.py and in this diff i'm adding such ability Test Plan: as example: we want to catch setsockopt when someone is setting up IP_TOS equal to 108 trace.py 'sys_setsockopt(int fd, int level, int optname, char* optval, int optlen)(level==0 && optname == 1 && STRCMP("{0x6C,0x00, 0x00, 0x00}", optval))' -U -M 1 --bin_cmp -v without this new modifier: static inline bool streq_0(char const *ignored, uintptr_t str) { char needle[] = "{0x6C,0x00, 0x00, 0x00}"; char haystack[sizeof(needle)]; bpf_probe_read(&haystack, sizeof(haystack), (void *)str); for (int i = 0; i < sizeof(needle) - 1; ++i) { if (needle[i] != haystack[i]) { return false; } } return true; } // see needle is qouted above with: tatic inline bool streq_0(char const *ignored, uintptr_t str) { char needle[] = {0x6C,0x00, 0x00, 0x00}; char haystack[sizeof(needle)]; bpf_probe_read(&haystack, sizeof(haystack), (void *)str); for (int i = 0; i < sizeof(needle) - 1; ++i) { if (needle[i] != haystack[i]) { return false; } } return true; } ... PID TID COMM FUNC - 1855611 1863183 worker sys_setsockopt found * adding example of --bin_cmp flag usage
-
Javier Honduvilla Coto authored
* Allow arbitrary hashtable increments. Fixes #1742 Right now incrementing some datastructure's values like maps or histograms can be done with some boilerplate[1] or with `increment` which increments a value by 1. This patch allows a second optional parameter to use as the increment. - [1]: ``` u64 zero = 0, *val; val = map.lookup_or_init(&key, &zero); (*val) += inc; ``` Notes: - Some lines in the documentation where changed because of trailing spaces deletion - The test is quite simple right now - Will update the tools to use `increment` in another PR * CR changes
-
- 24 Jul, 2018 1 commit
-
-
Joel authored
BCC currently requires exactly matching headers. Sometimes this is quite inconvenient especially if the kernel version is only very slightly different such as updates in a stable kernel. This patch gives the user the flexibility to override the the LINUX_VERSION_CODE provided in the linux kernel headers, so that the eBPF program may load. We also print a message when this is done, so that the user is warned about the override happening and that results may be unpredictable. Also updated the docs. Signed-off-by: Joel Fernandes <joel@joelfernandes.org>
-
- 23 Jul, 2018 4 commits
-
-
Eyal Birger authored
BPF_MAP_TYPE_LPM_TRIE supports element deletion since kernel commit e454cf595853 ("bpf: Implement map_delete_elem for BPF_MAP_TYPE_LPM_TRIE") which is available in 4.15 kernels onwards. Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
-
Brenden Blanco authored
-
Brenden Blanco authored
* tools: use printb for more python3 compat Switch to printb in killsnoop and wakeuptime * tests: use subproceess sleep to trigger test In some python implementations, time.sleep uses select instead of nanosleep and hence won't trigger the bpf kprobe. * tools: remove explicit python3 shebang Use an ambiguous python invocation in the shebang line. Instead, rely on packaging stage to mangle the line to specify a python version. * cmake: add ENABLE_LLVM_SHARED option This adds an option to specify that only the dynamic libraries should be used to link bcc. This is most likely to be used in systems that don't build/provide the llvm-static and clang-static package options (fedora-based). * rpm: enable llvm_shared and python3 build options Enable rpm packaging with two new features: - shared-only packaging (no static linking) - python3 To enable these build features (off by default), run: RPM_WITH_OPTS="--with llvm_shared --with python3" ./scripts/build-rpm.sh * rpm: protect python3-bcc package declaration Don't define python3-bcc if --with python3 isn't explicitly specified. * specs: only build python3 if requested * man: compress man pages * specs: enable python3 by default in fc28+/rh8+ - Enable llvm_shared and python3 --with options by default in new fedora - Fix string quoting - Update spec changelog
-
Brendan Gregg authored
add usdt calls to libbcc static library
-
- 19 Jul, 2018 2 commits
-
-
ChaosData authored
This fix adds additional accounting logic to the http_filter examples ("simple" and "complete") that make sure to shift the pointer for the IP body/payload to the correct offset before accessing TCP header fields. This is done by taking into account the IP header length field. Previously, the IP header length field was used, but it was done later in processing, after TCP header values were extracted using the size of the BCC `proto.h` `struct ip_t` a static offset. Prior to this, it was possible to evade HTTP detection by injecting IP options data into the IP header that would spoof parts of the TCP header and shift the real one down, as done in the scapy snippet below: ```Python IP( dst=target[0], options=struct.pack(">BBHHHB",130,11,8080,0,0,0), )/TCP( ... ) ```
-
jeromemarchand authored
Prevents the following error when tracing a java program that contains non-ascii method name: Traceback (most recent call last): File "/usr/share/bcc/tools/lib/ucalls", line 305, in <module> data = get_data() # [(function, (num calls, latency in ns))] File "/usr/share/bcc/tools/lib/ucalls", line 266, in get_data bpf["counts"].items())) File "/usr/share/bcc/tools/lib/ucalls", line 264, in <lambda> kv[0].method.decode(), UnicodeDecodeError: 'ascii' codec can't decode byte 0xc4 in position 11: ordinal not in range(128) Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
-