new and exciting developments in linux tracing
play

New (and Exciting!) Developments in Linux Tracing Elena Zannoni - PowerPoint PPT Presentation

Mar 03, 2024 •170 likes •601 views

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

  1. <Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015

  2. Overview • BPF • eBPF • eBPF main concepts and elements • eBPF usage workflow • eBPF and tracing example • eBPF and Perf integration • Other newsworthy activities in tracing LinuxCon Japan 2015 2

  3. BPF and eBPF • Infrastructure that is not just for tracing • Introduced as Berkeley Packet Filters in kernel 2.1.75, in 1997 • Augmented to eBPF (extended BPF) • Initial proposal for eBPF was in 2013, by Alexei Starovoitov https://lkml.org/lkml/2013/12/2/1066 • eBPF is officially part of the kernel since 3.15 • BPF is now referred to as Classic BPF or cBPF LinuxCon Japan 2015 3

  4. Classic BPF (Berkeley Packet Filters) • Originally created as a way to analyze and filter network packets for network monitoring purposes • Goal: accept packets you are interested in or discard them • How: Userspace attaches a filter to a socket. Example: tcpdump • Assembly-like instruction set used to test for conditions to accept or discard a packet • Result is Boolean • Execution of BPF programs is done by the kernel BPF virtual machine • Idea comes from BSD, 1993. Original article, a good read: http://www.tcpdump.org/papers/bpf-usenix93.pdf LinuxCon Japan 2015 4

  5. BPF Usage Case • BPF programs are associated to a socket through the setsockopt() systemcall • Example: ret_status = setsockopt (socket, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf)); • bpf is a “struct sock_fprog” defined in <linux/filter.h> • Options: SO_ATTACH_FILTER, SO_DETACH_FILTER, SO_LOCK_FILTER LinuxCon Japan 2015 5

  6. BPF Bytecode • Simple instruction set and registers • 2 32-bit registers • ~30 instructions (store, load, arithmetic, branch, return, transfer) • ~10 addressing modes • 16 32-bit registers (as scratch memory) • Programs essentially evaluate to a boolean value (such as keep or discard the packet) LinuxCon Japan 2015 6

  7. BPF in the Linux Kernel • Added in 1997, augmented along the way • An interpreter is built into the kernel to run the BPF programs bytecode and perform the filtering • A few areas of the kernel use BPF: • Seccomp filters of syscalls (kernel/seccomp.c) • Packet classifier for traffic contol (net/sched/tc_bpf.c) • Actions for traffic control (net/sched/act_bpf.c) • Xtables packet filtering (netfilter/xt_bpf.c) LinuxCon Japan 2015 7

  8. BPF JIT Compiler • Added to kernel to speed up the execution of BPF programs • In 2011, by Eric Dumazet • Initially only for x86_64 architecture • Enabled with: • echo 1>/proc/sys/net/core/bpf_jit_enable • Invoked automatically • Simple, with almost direct mapping to x86_64 registers and instructions • See article: https://lwn.net/Articles/437981/ LinuxCon Japan 2015 8

  9. Extended BPF • Idea: improve and extend existing BPF infrastructure • Programs can be written in C and translated into eBPF instructions using Clang/LLVM, loaded in kernel and executed • LLVM backend available to compile eBPF programs (llvm 3.7) • gcc backend is stalled https://github.com/iovisor/bpf_gcc • Safety checks performed by kernel • Added arm64, arm, mips, powerpc, s390, sparc JITs • ABI subsumed from common 64-bit arches and Risc • ISA is close to x86-64 and arm64 • http://events.linuxfoundation.org/sites/events/files/slides/bpf_coll absummit_2015feb20.pdf • See articles • https://lwn.net/Articles/599755/ • https://lwn.net/Articles/575531/ LinuxCon Japan 2015 9

  10. How eBPF is Different from Classic BPF • 10 64-bit registers • New call function: bpf_call for calling helper kernel functions from eBPF programs • ABI: calling convention: • R0: return value (also exit value of eBPF program) • R1-R5: arguments • R6-R9: callee saved registers • R10: read-only frame pointer • ~90 instructions implemented • Instructions operate on 64-bit operands • BPF programs are transparently translated into eBPF • Execution on 32-bit architectures cannot use JIT LinuxCon Japan 2015 10

  11. eBPF Concepts LinuxCon Japan 2015 11

  12. eBPF Programs • BPF_PROGRAM_RUN(): kernel function that executes the program instructions • 2 arguments: pointer to context, array of instructions • Different types of programs. Type determines how to interpret the context argument (mainly). Correspond to areas of BPF use in kernel • BPF_PROG_TYPE_SOCKET_FILTER • BPF_PROG_TYPE_KPROBE • BPF_PROG_TYPE_SCHED_CLS • BPF_PROG_TYPE_SCHED_ACT LinuxCon Japan 2015 12

  13. Context • Each eBPF program is run within a context (ctx argument) • Context is stored at start of program into R6 (callee saved) • Context may be used when calling helper functions, as their first argument in R1 (convention) • Context provides data on which the BPF program operate: • Tracing: it is the register set • Networking filters: it is the socket buffer LinuxCon Japan 2015 13

  14. eBPF Helper Functions • Functions that can be called by an eBPF program by selecting on a field of the call instruction • Function must be known: enum bpf_func_id values in include/uapi/linux/bpf.h • Verifier uses info about each function to check safety of eBPF calls • Signature: • u64 bpf_helper_function (u64 r1, u64 r2, u64 r3, u64 r4, u64 r5) LinuxCon Japan 2015 14

  15. ePBF Defined Helper Functions • bpf_map_lookup_elem • bpf_map_update_elem • bpf_map_delete_elem • bpf_get_prandom_u32 • bpf_get_smp_processor_id • Plus additional ones defined by subsystems using eBPF • Tracing • bpf_probe_read • bpf_trace_printk • bpf_ktime_get_ns • Networking • bpf_skb_store_bytes • bpf_l3_csum_replace • bpf_l4_csum_replace LinuxCon Japan 2015 15

  16. eBPF Safety • Max 4096 instructions per program • Stage 1 reject program if: • Loops and cyclic flow structure • Unreachable instructions • Bad jumps • Stage 2 Static code analyzer: • Evaluate each path/instruction while keeping track of regs and stack states • Arguments validity in calls LinuxCon Japan 2015 16

  17. Examples of Safety Checks/Errors • BPF program is too complex • Rn is invalid :invalid reg number • Rn !read_ok :cannot read source op from register • frame pointer is read only : cannot write into reg • invalid access to map value, value_size=%d off=%d size=%d • invalid bpf_context access off=%d size=%d • invalid stack off=%d size=%d • BPF_XADD uses reserved fields • unsupported arg_type %d • bpf verifier is misconfigured • jump out of range from insn %d to %d • back-edge from insn %d to %d • unreachable insn %d • BPF program is too large. Processed %d insn • [….] LinuxCon Japan 2015 17

  18. eBPF Maps • Generic memory allocated • Transfer data from userspace to kernel and vice versa • Share data among many eBPF programs • A map is identified by a file descriptor returned by a bpf() system call that creates the map • Attributes: max elements, size of key, size of value • Types of maps: BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_HASH • User level programs create maps via bpf() system call • Maps operations (only specific ones allowed): • by user level programs (via bpf() syscall) or • by kernel eBPF programs via helper functions (which match the bpf() semantic) • To close a map, call close() on the descriptor LinuxCon Japan 2015 18

  19. bpf() System Call • Single system call to operate both on maps and BPF programs • Different types of arguments and behavior depending on the type of call determined by flag argument: • BPF_PROG_LOAD: verify and load a BPF program • BPF_MAP_CREATE: creates a new map • BPF_MAP_LOOKUP_ELEM: find element by key, return value • BPF_MAP_UPDATE_ELEM: find element by key, change value • BPF_MAP_DELETE_ELEM: find element by key, delete it • BPF_MAP_GET_NEXT_KEY: find element by key, return key of next element • Man page being written: https://lwn.net/Articles/646058/ LinuxCon Japan 2015 19

  20. Connecting the Dots.... ...Usage Flows Examples LinuxCon Japan 2015 20

  21. Generic Usage Flow (to date....) • Goal: from userspace program, load and run the bpf program, via the bpf() syscall • NOTE: Only example code exists to base this on....might change in the future • BPF program can be specified in two ways: • Method 1: Write it directly using the eBPF language as an array of instructions, and pass that to the bpf() syscall (all done in userspace program) • Method 2: • Write it using C, in a .c file. Use compiler directive in .c file to emit a section (will contain the program) with a specific name. Compile (with LLVM) into a .o file • The .o (Elf) file is then parsed by userspace program to find the section, the BPF instructions in it are passed to the bpf() syscall • Cleanup/end: userspace program closes the fd corresponding to the bpf program LinuxCon Japan 2015 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg Senior Performance Architect

Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg Senior Performance Architect

Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg Senior Performance Architect Mar 2017 Linux tracing in the last 3 years How do we use these superpowers? Take aways 1. Understanding the value of Linux tracing superpowers

864 views • 70 slides
Code developments developments for for ray ray- -tracing tracing simulations simulations

Code developments developments for for ray ray- -tracing tracing simulations simulations

Code developments developments for for ray ray- -tracing tracing simulations simulations Code in Spiral FFAG lattices RACCAM Project. RACCAM Project. in Spiral FFAG lattices I. Spiral FFAG median plane magnetic field modeling

347 views • 24 slides
Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December

Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December

Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December 49, 2016 | Boston, MA www.usenix.org/lisa16 #lisa16 Demo Gme GIVE ME 15 MINUTES AND I'LL CHANGE YOUR VIEW OF LINUX TRACING

814 views • 68 slides
Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the

Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the

Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the Common Trace Format (CTF) E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers August 30th, 2012 1 &gt; Presenter Mathieu Desnoyers

421 views • 24 slides
Ganeti, the New and Arcane ganeti's best kept secrets, and exciting new developments Ganeti Eng

Ganeti, the New and Arcane ganeti's best kept secrets, and exciting new developments Ganeti Eng

Ganeti, the New and Arcane ganeti's best kept secrets, and exciting new developments Ganeti Eng Team - Google LinuxCon Japan 2014 - 2 Feb 2014 Introduction to Ganeti A cluster virtualization manager, in one slide What is Ganeti? Manage

997 views • 52 slides
LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux distribution. E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers October 26th, 2011 1 &gt; Buzzword compliant ! LTT: Linux Trace Toolkit

438 views • 32 slides
HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers Conference, September, 2017 cole Polytechnique de Montral Laboratoire DORSAL What is hypertracing? Hy Hypertra racing cing = Offloading traces from

450 views • 8 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace, perf and dynamic probes Valerii Kravchuk, Principal Support Engineer, MariaDB vkravchuk@gmail.com 1 Who am I? Valerii (aka Valeriy ) Kravchuk :

549 views • 27 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your

Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your

Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux distribution. E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers September 9th, 2011 1 &gt; Presenter Mathieu Desnoyers

421 views • 23 slides
Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix

Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix

Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix GmbH 1 Overview . Linutronix GmbH Jan Altenberg 9 Tracecompass . . 8 Kernelshark . . 7 trace-cmd . . 6 uprobes . 5 kprobes . . . 4

944 views • 52 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org http://people.redhat.com/srostedt/ trace-tokyo-2010.odp Who am I? What is Ftrace? What is Ftrace? Traces the internal operations of the kernel What is

542 views • 50 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Process Address Spaces and Binary Formats Don Porter CSE 306 Background Weve

Process Address Spaces and Binary Formats Don Porter CSE 306 Background Weve

Process Address Spaces and Binary Formats Don Porter CSE 306 Background Weve talked some about processes This lecture: discuss overall virtual memory organization Key abstraction: Address space We will learn about

641 views • 34 slides
Cyberinfrastructure Framework for 21st Century Science &amp; Engineering (CF21) NSF-wide

Cyberinfrastructure Framework for 21st Century Science &amp; Engineering (CF21) NSF-wide

Cyberinfrastructure Framework for 21st Century Science &amp; Engineering (CF21) NSF-wide Cyberinfrastructure Vision People, Sustainability, Innovation, Integration Edward Seidel/Alan Blatecky Acting Assistant Director, Mathematical and

191 views • 16 slides
Authors: John Noll, Sarah Beecham , and I ta Richardson Pr e se nte r : Kasahun Abdisa IT

Authors: John Noll, Sarah Beecham , and I ta Richardson Pr e se nte r : Kasahun Abdisa IT

Global software Development and Collaboration: Barriers and Solutions Authors: John Noll, Sarah Beecham , and I ta Richardson Pr e se nte r : Kasahun Abdisa IT Doc tor al pr ogr am Addis Ababa University e-mail:

603 views • 29 slides
Gal Youinou CGG gyouinou@cgg.com Overview of the BE Expanding Geosciences On Demand

Gal Youinou CGG gyouinou@cgg.com Overview of the BE Expanding Geosciences On Demand

BE18 Seismic Processing and Reservoir Simulation Gal Youinou CGG gyouinou@cgg.com Overview of the BE Expanding Geosciences On Demand EGEODE is a virtual Organization opened to Research Centers in geophysics and other geosciences

330 views • 5 slides
The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal

The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal

The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal Western Norway University of Applied Sciences Cecilia Hammar Wijkmark The Swedish Civil Contingencies Agency #ITEC2019 15 May 2019 My background

520 views • 22 slides
Trusting Large Specifications: The Virtuous Cycle Alastair Reid alastair.reid@arm.com

Trusting Large Specifications: The Virtuous Cycle Alastair Reid alastair.reid@arm.com

Trusting Large Specifications: The Virtuous Cycle Alastair Reid alastair.reid@arm.com @alastair_d_reid ARM Research Applica'on Library OS Compiler Processor ARM Research 2 Qualities of a Specification Applicability Scope

518 views • 26 slides
The Virtuous Cycle of Data Mining Data is at the heart of most companies core business

The Virtuous Cycle of Data Mining Data is at the heart of most companies core business

The Virtuous Cycle of Data Mining Data is at the heart of most companies core business processes Data is generated by transactions regardless of industry (retail, insurance) In addition to this internal data, there are lots of

419 views • 4 slides
Web 2.0 features Sharing 7 r e t p a h C Design for Sharing To reach a Tipping Point

Web 2.0 features Sharing 7 r e t p a h C Design for Sharing To reach a Tipping Point

Edit Web 2.0 features Sharing 7 r e t p a h C Design for Sharing To reach a Tipping Point Law of the few: Connectors, Mavens (experts), Salespeople Connectors: act like hubs, share information with their friends Design for sharers

427 views • 21 slides

More recommend