1. 28 Dec, 2018 1 commit
    • Daniel Xu's avatar
      Add -c CMD option · a3086a88
      Daniel Xu authored
      This patch adds a command running option to bpftrace. The user can now
      run something like:
      
          ./bpftrace -e '...' -c 'sleep 5'
      
      which is a convenience wrapper around something like:
      
          sleep 5 & ./bpfrace -e '...' -p `pidof sleep`
      
      `-c` is better because it:
      * ensures a tighter tracing range around CMD (ie we trace less of the
      system while it is not running CMD)
      * makes bpftrace exit (which is convenient) when CMD terminates
          * previously, it was not possible to get a full trace of CMDs
          execution and have bpftrace exit upon CMD termination
      
      Test Plan:
      Trivial successful example:
      ```
      $ sudo ./build/src/bpftrace -e 'tracepoint:syscalls:sys_enter_nanosleep
      { printf("%s nanoslept\n", comm); }' -c '/bin/sleep 1'
      [sudo] password for dlxu:
      chdir(/lib/modules/4.19.8-200.fc28.x86_64/build): No such file or
      directory
      Attaching 1 probe...
      sleep nanoslept
      splunkd nanoslept
      webrtc_audio_mo nanoslept
      gnome-terminal- nanoslept
      webrtc_audio_mo nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      gnome-terminal- nanoslept
      
      $
      ```
      
      Ambigous executable:
      ```
      $ sudo ./build/src/bpftrace -e 'tracepoint:syscalls:sys_enter_nanosleep
      { printf("%s nanoslept\n", comm); }' -c 'sleep 1'
      chdir(/lib/modules/4.19.8-200.fc28.x86_64/build): No such file or
      directory
      Attaching 1 probe...
      execve: No such file or directory
      Failed to spawn child=sleep 1
      splunkd nanoslept
      
      $
      ```
      
      This closes #253
      a3086a88
  2. 27 Dec, 2018 3 commits
    • Brendan Gregg's avatar
      Merge pull request #296 from danobi/man_page_grammer · d33e6f03
      Brendan Gregg authored
      Normalize bpftrace(8) man page
      d33e6f03
    • Daniel Xu's avatar
      Normalize bpftrace(8) man page · 5cb72f7d
      Daniel Xu authored
      This patch normalizes parts of the man page to be in line with the rest.
      5cb72f7d
    • Daniel Xu's avatar
      Terminate bpftrace when traced PID terminates · 54909d3e
      Daniel Xu authored
      If the user provides a specific PID to trace, it doesn't really make
      sense to keep running if the tracee terminates. This patch makes
      bpftrace exit cleanly if the tracee terminates.
      
      I spent quite a bit of time thinking about the generic problem of
      figuring out when an arbitrary pid terminates. After some experiments,
      here is what I've learned:
      * wait(2) and waitpid(2) can only wait on child processes (duh)
      * epoll(2) does not support procfs (or other pseudo filesystems)
      * inotify does not support procfs either b/c procfs changes are not made
      through the filesystem (by another userspace entity)
      * ptrace with PTRACE_SEIZE might work but might have extra overhead on
      the tracee
      * the netlink interface for process state changes seems a bit overkill
      * the only sane solution (AFAICT) is to poll /proc/PID/ for changes
      
      Thus, I've made some minor changes to the main event loop to support
      polling procfs.
      
      Test Plan:
      Make sure non-pid-specific tracing still works:
      ```
      $ sudo ./build/src/bpftrace -e 'uretprobe:/bin/bash:readline { printf("read a line\n"); }'
      [sudo] password for dlxu:
      Attaching 1 probe...
      read a line
      read a line
      read a line
      read a line
      read a line
      read a line
      read a line
      read a line
      ^C
      
      ```
      
      Verify pid-specific tracing (ie usdt) exits on tracee termination:
      ```
      // in window 1
      $ ./python -q
      
      // in window 2
      $ sudo ~/dev/bpftrace/build/src/bpftrace -p $(pidof python) -e 'usdt:/home/dlxu/dev/cpython/python:function__entry { printf("%s %s\n", str(arg0), str(arg1)) }'
      [sudo] password for dlxu:
      Attaching 1 probe...
      <stdin> <module>
      
      // in window 1
      >>> print('wow')
      wow
      >>>
      
      // verify bpftrace has exited in window 2
      
      ```
      54909d3e
  3. 26 Dec, 2018 1 commit
  4. 25 Dec, 2018 3 commits
  5. 24 Dec, 2018 2 commits
    • Brendan Gregg's avatar
      Merge pull request #282 from dw/master · e1960e9a
      Brendan Gregg authored
      Extract LINUX_VERSION_CODE from running kernel via vDSO.
      e1960e9a
    • Matheus Marchini's avatar
      [travis] remove Fedora 27 and ignore static build result · c3103d38
      Matheus Marchini authored
      Fedora 27 and LLVM 5 are EOL, which means they won't receive new
      updates (not even security patches). As such, there's no reason to keep
      testing those platforms/dependencies in our CI, and removing them will
      reduce our CI complexity as well as unbreak our CI.
      
      Also, static builds are broken for some time
      (https://github.com/iovisor/bpftrace/issues/266), and keeping them in
      our CI will only prevent collaborators from keeping the CI healthy. We
      should push for Ubuntu/Debian/Fedora static builds instead of relying on
      alpine for it. For now, mark alpine static build as "allow to fail" on
      Travis.
      c3103d38
  6. 22 Dec, 2018 1 commit
  7. 21 Dec, 2018 4 commits
  8. 20 Dec, 2018 2 commits
  9. 17 Dec, 2018 1 commit
  10. 22 Nov, 2018 2 commits
  11. 21 Nov, 2018 2 commits
  12. 18 Nov, 2018 4 commits
  13. 16 Nov, 2018 1 commit
  14. 15 Nov, 2018 1 commit
  15. 13 Nov, 2018 1 commit
  16. 11 Nov, 2018 4 commits
  17. 08 Nov, 2018 2 commits
  18. 06 Nov, 2018 1 commit
  19. 30 Oct, 2018 1 commit
  20. 28 Oct, 2018 1 commit
    • Aleksa Sarai's avatar
      codegen: stack: allow for inter-tid stack aggregation · c4a5de20
      Aleksa Sarai authored
      User-space stacks are quite special in regards to aggregation (and
      comparison) between processes. To a first approximation, each pid has a
      different memory mapping and thus pointers should not be compared or
      aggregated between pids[*]. With ASLR this becomes even more fun, and
      thus it is necessary to do usym()-style packing of the stackid for
      ustack (since bpf_get_stackid will give you a hash of the pointers --
      even in the ustack case).
      
      However, the kernel address space is the same regardless of current->pid
      -- and in many cases you want to aggregate between different processes
      (and if not, you can always do the packing yourself with @[tid,stack]).
      
      So, we only apply the packing when dealing with ustack. sym() already
      does the right thing.
      
      [*] This is more than slightly untrue -- really this depends on
          current->mm and ideally we would aggregate ustack on current->mm.
          Unfortunately this is not a luxury we have at the moment.
      Signed-off-by: default avatarAleksa Sarai <cyphar@cyphar.com>
      c4a5de20
  21. 27 Oct, 2018 2 commits