Introduce Bpf Program Snapshot (bps) #1405
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iamkafai
requested review from
4ast,
brendangregg,
drzaeus77,
goldshtn and
yonghong-song
as code owners
|
[buildbot, ok to test] |
|
@drzaeus77 could you help check buildbot? Seems not working now? |
| @@ -0,0 +1,12 @@ | |||
| # Copyright (c) Facebook, Inc. | |||
introspection/CMakeLists.txt
Outdated
| include_directories(${CMAKE_SOURCE_DIR}/src/cc) | ||
| include_directories(${CMAKE_SOURCE_DIR}/src/cc/api) | ||
|
|
||
| option(INSTALL_INTROSPECTION "Install BPF introspection tools. Those binaries are statically linked and can take plenty of disk space" ON) |
There was a problem hiding this comment.
It is static linking. However, all llvm related functions are not called and hence not included in binary. So currently, the size is actually fair small.
-bash-4.3$ ls -l /usr/share/bcc/introspection/bps
-rwxr-xr-x. 1 root root 37872 Oct 21 03:44 /usr/share/bcc/introspection/bps
-bash-4.3$
So I suggest to remove the sentence "Those binaries are statically linked and can take plenty of space."
|
[buildbot, ok to test] |
|
Do you think we should add |
|
@palmtenor , how about I remove bpf_prog_load_name and bpf_create_map_name? and just add a 'const char *name' argument to the existing bpf_prog_name() and bpf_create_map()? That we can force people to change. |
This patch adds support for prog_name and map_name.
For libbpf.{h,c}, the new functions, bpf_prog_load_name()
and bpf_create_map_name() is created to avoid breaking the
existing libbpf.{a,so} user.
libbcc.py is also modified accordingly to reflect the
availability of the new functions in libbpf.
clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are
modified to take advantage of the prog and map name also.
Run the following tests in new and old kernel (old kernel
in the sense that it does not support the prog/map name):
1) tools/trace.py -K sys_clone
2) examples/cpp/HelloWorld
Here is the output of the bpf (BPF Snapshot) that
will be introduced in the later patch:
[root@arch-fb-vm1 bcc]# ./tools/biosnoop.py
[root@arch-fb-vm1 bcc]# ./build/introspection/bps
BID TYPE UID #MAPS LoadTime NAME
113 kprobe 0 1 Oct20/13:11 trace_pid_start
114 kprobe 0 1 Oct20/13:11 trace_req_start
115 kprobe 0 3 Oct20/13:11 trace_req_compl
[root@arch-fb-vm1 bcc]# ./build/introspection/bps 113
BID TYPE UID #MAPS LoadTime NAME
113 kprobe 0 1 Oct20/13:11 trace_pid_start
MID TYPE FLAGS KeySz ValueSz MaxEnts NAME
186 hash 0x0 8 20 10240 infobyreq
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
This patch adds the following helpers to libbpf: int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id); int bpf_prog_get_fd_by_id(uint32_t id); int bpf_map_get_fd_by_id(uint32_t id); It also changes the info_len arg of the existing bpf_obj_get_info() from int to uint32_t. Signed-off-by: Martin KaFai Lau <kafai@fb.com>
|
Last set of changes:
|
iamkafai
force-pushed
the
kafai_dev
branch
2 times, most recently
from
466440a to
8218806
Compare
|
[buildbot, ok to test] |
A simple program to list all bpf programs of a system.
[root@arch-fb-vm1 bcc]# ./build/introspection/bps -h
BPF Program Snapshot (bps):
List of all BPF programs loaded into the system.
Usage: bps [bpf-prog-id]
[bpf-prog-id] If specified, it shows the details info of the bpf-prog
* List all bpf programs *
[root@arch-fb-vm1 bcc]# ./build/introspection/bps
BID TYPE UID #MAPS LoadTime NAME
82 kprobe 0 1 Oct19/23:52 map_perf_test
83 kprobe 0 1 Oct19/23:52 map_perf_test
84 kprobe 0 1 Oct19/23:52 map_perf_test
85 kprobe 0 1 Oct19/23:52 map_perf_test
86 kprobe 0 4 Oct19/23:52 map_perf_test
87 kprobe 0 1 Oct19/23:52 map_perf_test
88 kprobe 0 1 Oct19/23:52 map_perf_test
89 kprobe 0 1 Oct19/23:52 map_perf_test
* List a particular bpf program *
[root@arch-fb-vm1 bcc]# ./build/introspection/bps 86
BID TYPE UID #MAPS LoadTime NAME
86 kprobe 0 4 Oct19/23:52 map_perf_test
MID TYPE FLAGS KeySz ValueSz MaxEnts NAME
120 lru hash 0x0 4 8 10000 lru_hash_map
129 lru hash 0x0 4 8 43 lru_hash_lookup
123 array of maps 0x0 4 4 1024 array_of_lru_ha
121 lru hash 0x2 4 8 10000 nocommon_lru_ha
* JIT disabled *
[root@arch-fb-vm1 bpf]# sysctl -w net.core.bpf_jit_enable=0
[root@arch-fb-vm1 bpf]# ./test_progs
[root@arch-fb-vm1 bcc]# ./build/introspection/bps
BID TYPE UID #MAPS LoadTime NAME
94- socket filter 0 1 Oct19/23:55 test_obj_id
95- socket filter 0 1 Oct19/23:55 test_obj_id
* Run without CAP_SYS_ADMIN *
[kafai@arch-fb-vm1 ~]$ ./bps 1
Require CAP_SYS_ADMIN capability. Please retry as root
* Older kernel *
[root@arch-fb-vm2 build]# uname -r
4.12.14
[root@arch-fb-vm2 build]# ./introspection/bps 1
Kernel does not support BPF introspection
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch set introduces a new binary command/tool to list all loaded BPF programs of a system. The first two patches are prep work. The last patch introduces the 'bps' binary and its commit message has some sample output.