systemtap
play

Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux - PowerPoint PPT Presentation

Apr 04, 2024 •129 likes •705 views

Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux Consultant & Trainer B1 Systems GmbH seife@b1-systems.de Systemtap B1 Systems GmbH Systemtap 2 / 46 What is Systemtap? systemtap is a scriptable monitoring and analysis

  1. Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux Consultant & Trainer B1 Systems GmbH seife@b1-systems.de

  2. Systemtap B1 Systems GmbH Systemtap 2 / 46

  3. What is Systemtap? systemtap is a scriptable monitoring and analysis environment used for kernel monitoring profiling tracing comparable to userspace tools like top and strace B1 Systems GmbH Systemtap 3 / 46

  4. How Does Systemtap Work? uses existing kernel facilities, which must be enabled: CONFIG_RELAY logging/transfer interface from kernel to userspace CONFIG_KPROBES enables setting of breakpoints at arbitrary places in the kernel and execute own code Kprobes provides different "probes": Kprobes can set breakpoints at arbitrary places in the kernel Jprobes can be placed in kernel function head (access to the argument list) Return Probes (aka. kretprobes) will be called at the end of functions and has access to the return values B1 Systems GmbH Systemtap 4 / 46

  5. How Does Systemtap Work? systemtap provides a simple scripting language systemtap’s scripting language makes use of kprobes and other kernel facilities probe kernel.function("sys_open") { printf ("%s(%d) called sys_open\n", execname(), pid()) } B1 Systems GmbH Systemtap 5 / 46

  6. Interaction of kprobes, relay and systemtap 1 a systemtap script is started by systemtap 2 systemtap parsers translate the script into C → autogenerated sourcecode of a kernel module 3 the module uses kprobes’ functionality to set needed probes 4 uses relay functions to transfer output from kernel to the systemtap process 5 a C compiler compiles the kernel module sourcecode B1 Systems GmbH Systemtap 6 / 46

  7. Interaction of kprobes, relay and systemtap 1 a systemtap script is started by systemtap 2 systemtap parsers translate the script into C → autogenerated sourcecode of a kernel module 3 the module uses kprobes’ functionality to set needed probes 4 uses relay functions to transfer output from kernel to the systemtap process 5 a C compiler compiles the kernel module sourcecode B1 Systems GmbH Systemtap 6 / 46

  8. Interaction of kprobes, relay and systemtap 1 a systemtap script is started by systemtap 2 systemtap parsers translate the script into C → autogenerated sourcecode of a kernel module 3 the module uses kprobes’ functionality to set needed probes 4 uses relay functions to transfer output from kernel to the systemtap process 5 a C compiler compiles the kernel module sourcecode B1 Systems GmbH Systemtap 6 / 46

  9. Interaction of kprobes, relay and systemtap 1 a systemtap script is started by systemtap 2 systemtap parsers translate the script into C → autogenerated sourcecode of a kernel module 3 the module uses kprobes’ functionality to set needed probes 4 uses relay functions to transfer output from kernel to the systemtap process 5 a C compiler compiles the kernel module sourcecode B1 Systems GmbH Systemtap 6 / 46

  10. Interaction of kprobes, relay and systemtap 1 a systemtap script is started by systemtap 2 systemtap parsers translate the script into C → autogenerated sourcecode of a kernel module 3 the module uses kprobes’ functionality to set needed probes 4 uses relay functions to transfer output from kernel to the systemtap process 5 a C compiler compiles the kernel module sourcecode B1 Systems GmbH Systemtap 6 / 46

  11. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  12. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  13. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  14. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  15. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  16. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  17. Interaction of kprobes, relay and systemtap 1 module is loaded by systemtap 2 kprobes calls register the probes at the selected functions 3 kprobes handlers call the compiled function stub 4 the function stub tranfers information to systemtap via the relay interface 5 systemtap receives the information via so called relay channels 6 systemtap processes the received information and prints them (depending on the script) to stdio 7 module is unloaded if systemtap is interrupted or the script/kernel module has reached a controlled end point B1 Systems GmbH Systemtap 7 / 46

  18. Influence on the System – Support by using self compiled kernel modules, problems with Enterprise support might occur value of /proc/sys/kernel/tainted is no longer "0" B1 Systems GmbH Systemtap 8 / 46

  19. Influence on the System – Performance only little overhead (microseconds) (depending on function’s complexity) long time use is not problematic as memory is limited too "slow" probes which are called very often are skipped if a probe is skipped 100 times, the complete systemtap script is stopped and unloaded B1 Systems GmbH Systemtap 9 / 46

  20. Influence on the System – Stability possible system crashes when script is loaded test scripts thoroughly on dedicated test machines if a crash occurs, it mostly occurs instantly when loading the script upstream developers work on avoiding such crashes which strongly depend on the kernel version used B1 Systems GmbH Systemtap 10 / 46

  21. Installation B1 Systems GmbH Systemtap 11 / 46

  22. Installation systemtap is packaged for all distributions the kernel-development and debuginfo/debugsource packages are also needed if the debuginfo -package is missing, running a script which uses kernel functions leads to errors: # stap open.stp semantic error: no match while resolving probe point syscall.open Pass 2: analysis failed. Try again with another ’--vp 01’ option. B1 Systems GmbH Systemtap 12 / 46

  23. Compiling Your Own Kernel when using a self compiled kernel, certain options need to be set: CONFIG_DEBUG_INFO=y CONFIG_KPROBES=y CONFIG_RELAY=y CONFIG_DEBUG_FS=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y B1 Systems GmbH Systemtap 13 / 46

  24. Scripting B1 Systems GmbH Systemtap 14 / 46

  25. Hello World the complex part: scripting language allows complicated procedures simplest example: # cat hw.stp probe begin { print ("hello world\n") exit () } # stap hw.stp hello world B1 Systems GmbH Systemtap 15 / 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Systemtap times April 2009 Frank Ch. Eigler <fche@redhat.com> systemtap lead why

Systemtap times April 2009 Frank Ch. Eigler <fche@redhat.com> systemtap lead why

Systemtap times April 2009 Frank Ch. Eigler <fche@redhat.com> systemtap lead why trace/probe to monitor future background monitoring, flight recording programmed response to debug present symbolic, source-level

518 views • 20 slides
Introduction SystemTap: a tool for system-wide instrumentation Inspired by Sun DTrace, IBM

Introduction SystemTap: a tool for system-wide instrumentation Inspired by Sun DTrace, IBM

SystemTap update & overview Josh Stone <jistone@redhat.com> Software Engineer, Red Hat Introduction SystemTap: a tool for system-wide instrumentation Inspired by Sun DTrace, IBM dprobes, etc. GPL license, open project since

373 views • 33 slides
put systemtap band-aids on security wounds Frank Ch. Eigler Red Hat fche@redhat.com FOSDEM

put systemtap band-aids on security wounds Frank Ch. Eigler Red Hat fche@redhat.com FOSDEM

put systemtap band-aids on security wounds Frank Ch. Eigler Red Hat fche@redhat.com FOSDEM 2016-01-30 abstract Some security bugs can be patched with systemtap. Instead of changing code, change data on the fly. Whats the matter? New CVE

659 views • 38 slides
DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1

DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1

DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1 Userspace DTrace Background Specify triggers on events (function calls) No special support needed Complex functionality builtin threading

310 views • 14 slides
stapdyn: Porting SystemTap onto Dyninst Josh Stone & David Smith Performance Tools @ Red Hat

stapdyn: Porting SystemTap onto Dyninst Josh Stone & David Smith Performance Tools @ Red Hat

stapdyn: Porting SystemTap onto Dyninst Josh Stone & David Smith Performance Tools @ Red Hat April 29, 2013 1 PARADYN WEEK 2013 | JOSH STONE & DAVID SMITH 2 PARADYN WEEK 2013 | JOSH STONE & DAVID SMITH stapdyn: Porting SystemTap

217 views • 19 slides
Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique Martinet CEA January 9, 2020 CEA | January 9, 2020 | PAGE 1/75 Introduction 1 Foreword Hands on setup Crash 2 3 Perf SystemTap 4 eBPF:

1.43k views • 85 slides
DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J.

DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J.

DWARF 5 and GNU extensions New ways go from binary to source Mark J. Wielaard Who am I Mark J. Wielaard Red Hat perftools valgrind, elfutils, systemtap, What is DWARF From binary to source But if that was all: .debug_line mapping

407 views • 26 slides
MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer,

MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer,

MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer, Monty Program Ab monty@askmonty.org Year in Review Recession Fuelled MySQL adoption Acquisition Pressure to cut costs will always

481 views • 24 slides
The Challenge of The Challenge of Multilevel Security Multilevel Security Rick Smith, Ph.D.,

The Challenge of The Challenge of Multilevel Security Multilevel Security Rick Smith, Ph.D.,

The Challenge of The Challenge of Multilevel Security Multilevel Security Rick Smith, Ph.D., CISSP Rick Smith, Ph.D., CISSP Rick@cryptosmith cryptosmith.com .com Rick@ http://www.cryptosmith cryptosmith.com/ .com/ http://www. October

448 views • 23 slides
Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching

Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching

Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching Dynamic Ascendancy http://youtu.be/I9FboVzmrBw Current Focus Dynamic Descendancy Descendancy Charts... Help find missing descendants.

384 views • 17 slides
Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting

Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting

Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting will convene at 3:05. 2017 Annual Membership Meeting Agenda Call to Order ___________________________________ 3:05 Minutes

1.09k views • 91 slides
Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful

Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful

Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful Interests September 10, 2016 False Choices Education Pensions Fiscal Investing in Responsibility Stronger KY Healthy Healthy Budget Communities

633 views • 25 slides
Grieg Seafood ASA

Grieg Seafood ASA

Grieg Seafood ASA griegseafood.com 1 Agenda

848 views • 35 slides
CVPR 17 Paper presentation 2018. 11. 01. Taeun Hwang ( ) CS688: Web-Scale image

CVPR 17 Paper presentation 2018. 11. 01. Taeun Hwang ( ) CS688: Web-Scale image

Deep Sketch Hashing: Fast Free-hand Sketch-Based Image Retrieval CVPR 17 Paper presentation 2018. 11. 01. Taeun Hwang ( ) CS688: Web-Scale image Retrieval Review SuBiC: A supervised, structured binary code for image

547 views • 31 slides
Who am I? Co founder and CTO of FNF 10 years of systems/storage/network/security

Who am I? Co founder and CTO of FNF 10 years of systems/storage/network/security

Who am I? Co founder and CTO of FNF 10 years of systems/storage/network/security enginering History of the FNF Founded in 2011 Built towers for OccupyAustin/Occupy Wall ST Awarded 10k innovation award at ContactCON Raised

250 views • 23 slides
BIM and Project Controls: An overview of 5D BIM Ian Levers Agenda An introduction to 5D

BIM and Project Controls: An overview of 5D BIM Ian Levers Agenda An introduction to 5D

BIM and Project Controls: An overview of 5D BIM Ian Levers Agenda An introduction to 5D BIM The 5D BIM Workflow Barriers and enablers to successful 5D BIM What next? The 5D BIM Workflow What is 5D BIM? An introduction to 5D

284 views • 27 slides
3. To strengthen the leadership skills of young people within the Independent Living movement; 4.

3. To strengthen the leadership skills of young people within the Independent Living movement; 4.

ENIL Youth Network Presentation 2013. ENIL North Reagion Meeting 2013 Estoania/Elva 22 November 2013 Hello everybody! My name is Gatis Caunitis, I help to coordinate ENILs Youth Network and will tell you a bit more about it today. I am also

37 views • 3 slides
Why Don t They Understand? Chamber630 Women in Business March 1, 2019 RPC Leadership

Why Don t They Understand? Chamber630 Women in Business March 1, 2019 RPC Leadership

Why Don t They Understand? Chamber630 Women in Business March 1, 2019 RPC Leadership Associates, Inc. - Confidential Agenda Who Are These People? How Does Each Generation Communicate? How Do We Make It Work? Call to Action!

448 views • 17 slides
Strategic developments Flora Giorgio DG Health and Consumer EU Objectives in HTA Article 15

Strategic developments Flora Giorgio DG Health and Consumer EU Objectives in HTA Article 15

EUnetHTA Plenary Assembly Strategic developments Flora Giorgio DG Health and Consumer EU Objectives in HTA Article 15 Directive 2011/24: Support cooperation between national HTA Authorities Support MS in the provision of objective,

311 views • 13 slides
1 I am sure you have seen this represented in many ways before. Of course we are a disruptor to

1 I am sure you have seen this represented in many ways before. Of course we are a disruptor to

Introduce myself role and experience. Describe purpose of presentation supported by report already provided This photo , taken from an Apollo mission is a very good reminder about how the worlds land, oceans and water resources (that

365 views • 19 slides
FUTURE BUSINESS LEADERS OF AMERICA WHAT IS FBLA? The nations largest student run

FUTURE BUSINESS LEADERS OF AMERICA WHAT IS FBLA? The nations largest student run

FUTURE BUSINESS LEADERS OF AMERICA WHAT IS FBLA? The nations largest student run organization. CAREER PREPARATION LEADERSHIP DEVELOPMENT COMPETITIONS MEMBER OPPORTUNITIES Value for the members. COMPETITIONS - PROJECTS - SCHOLARSHIPS -

483 views • 15 slides
WiFi Networks on Drones Ramon Sanchez-Iborra Universidad Politcnica de Cartagena (Spain)

WiFi Networks on Drones Ramon Sanchez-Iborra Universidad Politcnica de Cartagena (Spain)

ITU Kaleidoscope 2016 ICTs for a Sustainable World WiFi Networks on Drones Ramon Sanchez-Iborra Universidad Politcnica de Cartagena (Spain) Universidad Tcnica Federico Santa Mara (Santiago, Chile) Bangkok, Thailand ramon.sanchez@upct.es

250 views • 22 slides
Network Operation Center NOC NOC Eng. Ali Munir Al-Mudhafar I.C.T Center Network Systems

Network Operation Center NOC NOC Eng. Ali Munir Al-Mudhafar I.C.T Center Network Systems

Network Operation Center NOC NOC Eng. Ali Munir Al-Mudhafar I.C.T Center Network Systems Division Introduction A fter Continuous and widespread use of Network system in many organizations, companies, government agencies, educational

343 views • 31 slides
Peer to Peer Networks on Android Paul O'Neil and Steven Presser Agenda Motivation

Peer to Peer Networks on Android Paul O'Neil and Steven Presser Agenda Motivation

Peer to Peer Networks on Android Paul O'Neil and Steven Presser Agenda Motivation Constraints Tools and Barriers Architecture Demonstration Agenda Motivation Constraints Tools and Barriers Architecture

463 views • 27 slides

More recommend