ebpf perf tools 2019
play

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | - PowerPoint PPT Presentation

Mar 22, 2024 •522 likes •933 views

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

  1. # biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@ | [1K, 2K) 426 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [2K, 4K) 230 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [4K, 8K) 9 |@ | [8K, 16K) 128 |@@@@@@@@@@@@@@@ | [16K, 32K) 68 |@@@@@@@@ | [32K, 64K) 0 | | Brendan Gregg [64K, 128K) 0 | | [128K, 256K) 10 |@ | SCaLE Mar 2019

  2. LIVE DEMO eBPF Minecraft Analysis

  3. Enhanced BPF Linux 4.* also known as just "BPF" User-Defjned BPF Programs Kernel SDN Confjguration SDN Confjguration Runtime Event Targets DDoS Mitigation DDoS Mitigation sockets sockets verifjer verifjer Intrusion Detection Intrusion Detection kprobes kprobes Container Security Container Security uprobes uprobes BPF BPF Observability Observability tracepoints tracepoints BPF BPF Firewalls (bpfjlter) Firewalls (bpfjlter) perf_events perf_events actions actions Device Drivers Device Drivers …

  4. eBPF bcc Linux 4.4+ https://github.com/iovisor/bcc

  5. eBPF bpftrace (aka BPFtrace) Linux 4.9+ # Files opened by process bpftrace -e 't:syscalls:sys_enter_open { printf("%s %s\n", comm, str(args->filename)) }' # Read size distribution by process bpftrace -e 't:syscalls:sys_exit_read { @[comm] = hist(args->ret) }' # Count VFS calls bpftrace -e 'kprobe:vfs_* { @[func]++ }' # Show vfs_read latency as a histogram bpftrace -e 'k:vfs_read { @[tid] = nsecs } kr:vfs_read /@[tid]/ { @ns = hist(nsecs - @[tid]); delete(@tid) }’ # Trace user-level function Bpftrace -e 'uretprobe:bash:readline { printf(“%s\n”, str(retval)) }’ … https://github.com/iovisor/bpftrace

  6. eBPF is solving new things: ofg-CPU + wakeup analysis

  7. Raw BPF samples/bpf/sock_example.c 87 lines truncated

  8. C/BPF samples/bpf/tracex1_kern.c 58 lines truncated

  9. bcc/BPF (C & Python) bcc examples/tracing/bitehist.py entire program

  10. bpftrace bpftrace -e 'kr:vfs_read { @ = hist(retval); }' https://github.com/iovisor/bpftrace entire program

  11. The Tracing Landscape, Mar 2019 (my opinion) (less brutal) (0.9) bpftrace ply/BPF sysdig (eBPF) Ease of use stap (many) perf LTTng (hist triggers) recent changes bcc/BPF ftrace (mature) (alpha) C/BPF (brutal) Stage of Raw BPF Development Scope & Capability

  12. e.g., identify multimodal disk I/O latency and outliers with bcc/eBPF biolatency # biolatency -mT 10 Tracing block device I/O... Hit Ctrl-C to end. 19:19:04 msecs : count distribution 0 -> 1 : 238 |********* | 2 -> 3 : 424 |***************** | 4 -> 7 : 834 |********************************* | 8 -> 15 : 506 |******************** | 16 -> 31 : 986 |****************************************| 32 -> 63 : 97 |*** | 64 -> 127 : 7 | | 128 -> 255 : 27 |* | 19:19:14 msecs : count distribution 0 -> 1 : 427 |******************* | 2 -> 3 : 424 |****************** | […]

  13. bcc/eBPF programs can be laborious: biolatency # define BPF program if args.disks: bpf_text = """ bpf_text = bpf_text.replace('STORAGE', #include <uapi/linux/ptrace.h> 'BPF_HISTOGRAM(dist, disk_key_t);') #include <linux/blkdev.h> bpf_text = bpf_text.replace('STORE', 'disk_key_t key = {.slot = bpf_log2l(delta)}; ' + typedef struct disk_key { 'void *__tmp = (void *)req->rq_disk->disk_name; ' + char disk[DISK_NAME_LEN]; 'bpf_probe_read(&key.disk, sizeof(key.disk), __tmp); ' + u64 slot; 'dist.increment(key);') } disk_key_t; else: BPF_HASH(start, struct request *); bpf_text = bpf_text.replace('STORAGE', 'BPF_HISTOGRAM(dist);') STORAGE bpf_text = bpf_text.replace('STORE', 'dist.increment(bpf_log2l(delta));') // time block I/O if debug or args.ebpf: int trace_req_start(struct pt_regs *ctx, struct request *req) print(bpf_text) { if args.ebpf: u64 ts = bpf_ktime_get_ns(); exit() start.update(&req, &ts); return 0; # load BPF program } b = BPF(text=bpf_text) if args.queued: // output b.attach_kprobe(event="blk_account_io_start", fn_name="trace_req_start") int trace_req_completion(struct pt_regs *ctx, struct request *req) else: { b.attach_kprobe(event="blk_start_request", fn_name="trace_req_start") u64 *tsp, delta; b.attach_kprobe(event="blk_mq_start_request", fn_name="trace_req_start") b.attach_kprobe(event="blk_account_io_completion", // fetch timestamp and calculate delta fn_name="trace_req_completion") tsp = start.lookup(&req); if (tsp == 0) { print("Tracing block device I/O... Hit Ctrl-C to end.") return 0; // missed issue } # output delta = bpf_ktime_get_ns() - *tsp; exiting = 0 if args.interval else 1 FACTOR dist = b.get_table("dist") while (1): // store as histogram try: STORE sleep(int(args.interval)) except KeyboardInterrupt: start.delete(&req); exiting = 1 return 0; } print() """ if args.timestamp: print("%-8s\n" % strftime("%H:%M:%S"), end="") # code substitutions if args.milliseconds: dist.print_log2_hist(label, "disk") bpf_text = bpf_text.replace('FACTOR', 'delta /= 1000000;') dist.clear() label = "msecs" else: countdown -= 1 bpf_text = bpf_text.replace('FACTOR', 'delta /= 1000;') if exiting or countdown == 0: label = "usecs" exit()

  14. … rewritten in bpftrace (launched Oct 2018)! #!/usr/local/bin/bpftrace BEGIN { printf("Tracing block device I/O... Hit Ctrl-C to end.\n"); } kprobe:blk_account_io_start { @start[arg0] = nsecs; } kprobe:blk_account_io_completion /@start[arg0]/ { @usecs = hist((nsecs - @start[arg0]) / 1000); delete(@start[arg0]); }

  15. … rewritten in bpftrace # biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@ | [1K, 2K) 426 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [2K, 4K) 230 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [4K, 8K) 9 |@ | [8K, 16K) 128 |@@@@@@@@@@@@@@@ | [16K, 32K) 68 |@@@@@@@@ | [32K, 64K) 0 | | [64K, 128K) 0 | | [128K, 256K) 10 |@ |

  16. bcc canned complex tools, agents bpftrace one-liners, custom scripts

  17. bcc

  18. eBPF bcc Linux 4.4+ https://github.com/iovisor/bcc

  19. bpftrace

  20. eBPF bpftrace Linux 4.9+ https://github.com/iovisor/bcc

  21. bpftrace Development v0.80 Jan-2019 v0.90 v1.0 Dec 2016 Oct 2018 Mar?2019 ?2019 Major Features (v1) Minor Features (v1) ... Stable Docs API Stability Known Bug Fixes More Bug Fixes Packaging

  22. bpftrace Syntax bpftrace -e ‘k:do_nanosleep /pid > 100/ { @[comm]++ }’ Probe Action Filter (optional)

  23. Probes

  24. Probe T ype Shortcuts tracepoint t Kernel static tracepoints usdt U User-level statically defined tracing kprobe k Kernel function tracing kretprobe kr Kernel function returns uprobe u User-level function tracing uretprobe ur User-level function returns profile p Timed sampling across all CPUs interval i Interval output software s Kernel software events hardware h Processor hardware events

  25. Filters ● /pid == 181/ ● /comm != “sshd”/ ● /@ts[tid]/

  26. Actions ● Per-event output – printf() – system() – join() – time() ● Map Summaries – @ = count() or @++ – @ = hist() – … The following is in the https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools

Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools

Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools 2013-11-13 Wed 1 / 34 Outline Introduction 1 Other technologies 2 Kernel-level tracing with perf tools 3 User-level tracing with perf tools 4

580 views • 34 slides
Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique Martinet CEA January 9, 2020 CEA | January 9, 2020 | PAGE 1/75 Introduction 1 Foreword Hands on setup Crash 2 3 Perf SystemTap 4 eBPF:

1.43k views • 85 slides
Linux Perf Tools Overview and Current Developments Arnaldo Carvalho de Melo, Jiri Olsa Red Hat

Linux Perf Tools Overview and Current Developments Arnaldo Carvalho de Melo, Jiri Olsa Red Hat

Linux Perf Tools Overview and Current Developments Arnaldo Carvalho de Melo, Jiri Olsa Red Hat Inc. April 11, 2013 Arnaldo Carvalho de Melo, Jiri Olsa Linux Perf Tools Overview Multiple events view Annotate GTK UI New perf mem tool

385 views • 26 slides
Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole eBPF Programming e xtended B

Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole eBPF Programming e xtended B

FOSDEM20 Brussels, 2020-02-02 Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole eBPF Programming e xtended B erkeley P acket F ilter : with clang/LLVM, to assembly-like bytecode Q. Monnet Tools and Mechanisms to

900 views • 42 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -&gt; NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post

perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post

perf scripts jiri olsa 1 PERF SCRIPTS | JIRI OLSA HI basics perf in python post process scripts 2 PERF SCRIPTS | JIRI OLSA COUNTING perf stat CPU 0 CPU 1 CPU 2 start $ perf stat -e ' cycles,instructions ' WORKLOAD

1.2k views • 59 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Performance Analysis Superpowers with Linux eBPF Brendan Gregg Senior Performance Architect Jun

Performance Analysis Superpowers with Linux eBPF Brendan Gregg Senior Performance Architect Jun

Performance Analysis Superpowers with Linux eBPF Brendan Gregg Senior Performance Architect Jun 2017 Efficiently trace TCP sessions with PID, bytes, and dura:on using tcplife # /usr/share/bcc/tools/tcplife PID COMM LADDR LPORT

655 views • 54 slides
Thinking about performance Search: a case study Perf: speed/power/etc. Perf: why do we care?

Thinking about performance Search: a case study Perf: speed/power/etc. Perf: why do we care?

Thinking about performance Search: a case study Perf: speed/power/etc. Perf: why do we care? Premature optimization is the root of all evil We should forget about small efficiencies, say about 97% of the time Different designs:

1.83k views • 166 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31

Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31

Fosdem 2015 perf status on ARM and ARM64 jean.pihet@newoldbits.com NewOldBits.com Sat, Jan 31 2015 1 Contents Introduction Scope of the presentation Supported tools Call stack unwinding General Methods Corner cases

205 views • 19 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides
Phase dynamics 2 1 Spike trains, firing rates, and synchrony 1. Decorrelated firing 2.

Phase dynamics 2 1 Spike trains, firing rates, and synchrony 1. Decorrelated firing 2.

Reduction of neurons to phases start with biophysical neuron model V t m V fire V ALERT: Interesting methods here! 0 2 Winfree 74, Guckenheimer 75 1 Phase dynamics 2 1 Spike trains, firing rates, and synchrony

566 views • 32 slides
COVID-19 AND THE HCH COMMUNITY: Status Updates, Available Guidance, Local Preparations, and

COVID-19 AND THE HCH COMMUNITY: Status Updates, Available Guidance, Local Preparations, and

COVID-19 AND THE HCH COMMUNITY: Status Updates, Available Guidance, Local Preparations, and Outstanding Issues March 20, 2020 THE CURRENT TIME Sudden, nationwide focus on one issue Epidemic landing squarely at the intersection of

642 views • 45 slides
Sleep - How it supports our health and strategies for sleeping well Gerard A. Kennedy Ph.D.

Sleep - How it supports our health and strategies for sleeping well Gerard A. Kennedy Ph.D.

Faculty, school or centre title here Sleep - How it supports our health and strategies for sleeping well Gerard A. Kennedy Ph.D. Professor of Psychology School of Science, Psychology &amp; Sport Federation University

612 views • 37 slides
10/2/20 Fibromyalgia Syndrome: Taking Another Look Theresa Mallick-Searle, NP 1 Title and

10/2/20 Fibromyalgia Syndrome: Taking Another Look Theresa Mallick-Searle, NP 1 Title and

10/2/20 Fibromyalgia Syndrome: Taking Another Look Theresa Mallick-Searle, NP 1 Title and Affiliation Theresa Mallick-Searle, MS, RN-BC, ANP-BC Adult Nurse Practitioner Stanford Health Care, Division Pain Medicine Redwood City, California 2

571 views • 17 slides
ECE590 Computer and Information Security Fall 2018 Shell Proficiency and Data Manipulation

ECE590 Computer and Information Security Fall 2018 Shell Proficiency and Data Manipulation

ECE590 Computer and Information Security Fall 2018 Shell Proficiency and Data Manipulation Tyler Bletsch Duke University Motivation Everyone needs to manipulate data! Attackers need to: Scan target environment for assets

1.08k views • 92 slides
Optimizing the Management of Acute Myeloid Leukemia: Individualized Therapy Optimizing the

Optimizing the Management of Acute Myeloid Leukemia: Individualized Therapy Optimizing the

Optimizing the Management of Acute Myeloid Leukemia: Individualized Therapy Optimizing the Management of Acute Myeloid Leukemia: Individualized Therapy 1 Learning Objectives Describe diagnostic testing for risk stratification in AML and

1.38k views • 112 slides
B RAIN -C OMPUTER I NTERFACE Ilya Kuzovkin 7 June 2014 Now I know how your brain signal looks

B RAIN -C OMPUTER I NTERFACE Ilya Kuzovkin 7 June 2014 Now I know how your brain signal looks

B RAIN -C OMPUTER I NTERFACE Ilya Kuzovkin 7 June 2014 Now I know how your brain signal looks like when you think LEFT and RIGHT Now I know how your brain signal looks like when you think LEFT and RIGHT Try

1.02k views • 80 slides
EEG / ECoG Ontology Droplet Signal source Signal source !&quot;#$%&amp;'()*%+,-,*%./0012,%

EEG / ECoG Ontology Droplet Signal source Signal source !&quot;#$%&amp;'()*%+,-,*%./0012,%

EEG / ECoG Ontology Droplet Signal source Signal source !&quot;#$%&amp;'()*%+,-,*%./0012,% !&quot;#$&quot;%&amp;'()*%+'&quot;#%'#%,-#./-&quot;%01-23%-(#4'%-&quot;%+32#5-*,&quot;+6)-7 34$5&quot;6789*% :;&lt;%:=&gt;%?&quot;9@@ Signal source

318 views • 29 slides

More recommend