what is the kernel upto powerful tracing techniques
play

What is the kernel upto? Powerful tracing techniques Joel Fernandes - PowerPoint PPT Presentation

Jan 06, 2024 •50 likes •380 views

What is the kernel upto? Powerful tracing techniques Joel Fernandes <joel@linuxinternals.org> Concepts: Tracing: Static vs Dynamic tracepoints Static: Tracepoint events Dynamic: kprobes Static tracepoints: Methodology Define

  1. What is the kernel upto? Powerful tracing techniques Joel Fernandes <joel@linuxinternals.org>

  2. Concepts: Tracing: Static vs Dynamic tracepoints ● Static: Tracepoint events ● Dynamic: kprobes

  3. Static tracepoints: Methodology Define what your trace point looks like (what name, args etc) ● Define a trace function that accepts arguments from tracepoint users ● Find where to insert the tracepoinin your code ● Call the tracepoint function you just defined to broadcast the event ●

  4. Static tracepoints Other points: Code location is fixed at compiled time, can’t change it ● Better than printk: ● Dynamically enabled ○ Lower overhead than printk, stored in fast ring-buffer ○ No overhead when disabled (defaults to a NOP) ●

  5. Static tracepoints: Real example - block layer What sectors did I just write to? (block-sectors-demo) Use the block:* static tracepoints First record: # trace-cmd record -e “block:block_rq_insert” -F dd if=/dev/zero of=tmp Demo.. trace-blk.sh demo script

  6. Static tracepoints: Real example - block layer What sectors did I just write to? Use the block:* static tracepoints Then report: “trace-cmd report” dd-2791 [001] 1663.322775: block_rq_insert: 8,16 W 0 () 495704 + 24 [dd] dd-2791 [001] 1663.322780: block_rq_issue: 8,16 W 0 () 495704 + 24 [dd] dd-2791 [001] 1663.323027: block_rq_complete: 8,16 W () 495704 + 24 [0] 495704 is the sector number 24 is the number of sectors (we wrote 12k, that’s 24 sectors)

  7. Static tracepoints: Real example - scheduler You can even write kernel modules to install your own probes on static ● tracepoints !!

  8. Static tracepoints: Real example - scheduler Scheduler has a static TP called sched_switch , gives you information about ● what was switched in and was switched out. Imagine writing code that monitors a context-switch, the world is in your hands. ● Code and Demo (repo/cpuhists demo) ●

  9. Static tracepoints: Real example - scheduler ● Very powerful feature ● Use it to write your own tools to understand kernel internals ● Very low-overhead technique (as its in-kernel)

  10. Dynamic tracepoints: Methodology ● Find instruction address to instrument ● Save the instruction and install a jump in place ● Execute some code ● Then execute the instruction ● Then execute some more code and jump back

  11. Dynamic tracepoints: Mechanism ● All Linux kernel based, even user-level probes ● Under the hood, uses kprobes (for kernel dyn. probes) and uprobes (for user) ● ‘perf’ tool provides easy access to create and record these probes instead of having to poke debugfs entries.

  12. Dive into a example! - kprobes Find out where you want to insert your probe (perf probe -L) A. ## perf probe -k <path-to-vmlinux> -s <path-kernel-sources> -L tcp_sendmsg B. <tcp_sendmsg@.//net/ipv4/tcp.c:0> C. 0 int tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) D. 1 { E. struct tcp_sock *tp = tcp_sk(sk); F. struct sk_buff *skb; G. int flags, err, copied = 0; H. 5 int mss_now = 0, size_goal, copied_syn = 0; I. bool sg; J. long timeo; K. L. 9 lock_sock(sk); M. ….

  13. Dive into a example! - kprobes Find which variables are available in the function A. ## perf probe -k <path-to-vmlinux> -s <path-kernel-sources> -V tcp_sendmsg Available variables at tcp_sendmsg @<tcp_sendmsg+0> size_t size struct msghdr* msg struct sock* sk

  14. Dive into examples! - kprobes Lets insert probe on Line 9 of tcp_sendmsg and have the probe fetch variable size. This will help record sizes of all TCP messages being sent! A. ## perf probe -a ‘tcp_sendmsg:9 size` -s <...> -k <...> Added new event: probe:tcp_sendmsg (on tcp_sendmsg with size) A. ## perf record -e probe:tcp_sendmsg -a -- sleep 5 B. root@ubuntu:/mnt/sdb/linux-4.4.2# perf script C. Socket Thread 127991 [002] 486500.563947: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x50 D. Socket Thread 127991 [002] 486502.535738: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 E. Socket Thread 127991 [002] 486502.538618: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 F. Socket Thread 127991 [002] 486502.540033: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 G. Socket Thread 127991 [002] 486502.540369: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 H. Socket Thread 127991 [002] 486502.543893: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 I. Socket Thread 127991 [002] 486502.545757: probe:tcp_sendmsg: (ffffffff81739ad5) size=0x205 PID 127991 is Firefox browser’s Socket Thread

  15. Dive into examples! - uprobes Find out how ‘malloc’ C library function is being called globally ## perf probe -x /lib/x86_64-linux-gnu/libc.so.6 -a 'malloc bytes' Added new events: probe_libc:malloc (on malloc in /lib/x86_64-linux-gnu/libc-2.21.so with bytes) probe_libc:malloc_1 (on malloc in /lib/x86_64-linux-gnu/libc-2.21.so with bytes) probe_libc:malloc_2 (on malloc in /lib/x86_64-linux-gnu/libc-2.21.so with bytes) Multiple probe points are because malloc gets inlined at a couple of places

  16. Dive into examples! - uprobes ## perf record -e "probe_libc:malloc*" -a -- sleep 1 ## perf script ... vmtoolsd 1977 [000] 487072.439953: probe_libc:malloc_1: (7f8a18a324a0) bytes=0x64 vmtoolsd 1977 [000] 487072.439956: probe_libc:malloc_1: (7f8a18a324a0) bytes=0x27 vmtoolsd 1977 [000] 487072.439960: probe_libc:malloc_1: (7f8a18a324a0) bytes=0x64 gnome-terminal- 2253 [001] 487072.570703: probe_libc:malloc_1: (7f27c71504a0) bytes=0x22 gnome-terminal- 2253 [001] 487072.570710: probe_libc:malloc_1: (7f27c71504a0) bytes=0x20

  17. Pros/Cons Advantages: Dynamic, no need of recompiling any code ● When probe point is hit, stack traces can also be collected ● Very quickly able to understand system/code behavior ● Disadvantages: Requires symbol information present in executables (compiled with -g) ● Insert probes anywhere but the beginning of the function requires DWARF information ● present in executable (which comes with -g but for kprobes, vmlinux can be 100s of MB)

  18. Timing functions Methodology: Take a time stamp at start ● Take a time stamp at end ● Take the difference ● Report difference (if you want) ●

  19. Timing functions: Using Ftrace Use trace-cmd and function_graph plugin to get function times. Set max_depth to 1 or 2 # trace-cmd record -p function_graph -g sys_write # echo 2 > /sys/kernel/debug/tracing/max_graph_depth gdbus-2341 [001] 8364.697427: funcgraph_entry: | sys_write() { gdbus-2341 [001] 8364.697431: funcgraph_entry: 0.137 us | __fdget_pos(); gdbus-2341 [001] 8364.697431: funcgraph_entry: 0.371 us | vfs_write(); gdbus-2341 [001] 8364.697432: funcgraph_entry: 0.036 us | fput(); gdbus-2341 [001] 8364.697432: funcgraph_exit: 1.458 us | } gdbus-2341 [001] 8364.697434: funcgraph_entry: | sys_write() { gdbus-2341 [001] 8364.697434: funcgraph_entry: 0.111 us | __fdget_pos(); gdbus-2341 [001] 8364.697435: funcgraph_entry: 0.243 us | vfs_write(); gdbus-2341 [001] 8364.697435: funcgraph_entry: 0.035 us | fput(); gdbus-2341 [001] 8364.697436: funcgraph_exit: 1.241 us | }

  20. Timing functions: Using kretprobes Install a kretprobe for a function ● 2 handlers involved, one at beginning and one at end ● Take time stamps and find difference ● Much more powerful than function graph tracer ● Dump function arguments (shown in thardirq example) ○ Execute kernel code in handlers, store and aggregate data ○ Use custom criteria to report timing (shown in tirqthread example) ○ Much less clunkier than instrumenting code ● Demo: thardirq (code + run)

  21. Timing functions: Advanced usage Install a kprobe at function entry and kretprobe at end of function ● Determine time at function beginning and function end ● Take the difference ● More powerful, use criteria to determine if the time difference should be ● reported (such as context switching) Example tsoftirq (just showing code..)

  22. What kernel code is executed for graphics? Demo: ps ax|grep X Find pid trace-cmd record -p function -P <pid> Found an interesting function what args are passed to: vmw_validate_single_buffer

  23. perf+kprobe example: vmwgfx driver (repo/perf-probe-vmwgfx demo) Find out what the lines of code are in the vmw_validate_single_buffer function # perf probe -L vmw_validate_single_buffer -k ./vmlinux -m vmwgfx <vmw_validate_single_buffer@/mnt/sdb/linux-4.5.2/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c:0> 0 int vmw_validate_single_buffer(struct vmw_private *dev_priv, struct ttm_buffer_object *bo, bool interruptible, bool validate_as_mob) 4 { struct vmw_dma_buffer *vbo = container_of(bo, struct vmw_dma_buffer, base); int ret; 9 if (vbo->pin_count > 0) 10 return 0; 12 if (validate_as_mob) 13 return ttm_bo_validate(bo, &vmw_mob_placement, interruptible, false);

  24. perf+kprobe example: vmwgfx driver Create probe point: # perf probe -k ./vmlinux -m vmwgfx --add ‘vmw_validate_single_buffer:10 interruptible’ probe:vmw_validate_single_buffer (on vmw_validate_single_buffer:10 in vmwgfx with interruptible) You can now use it in all perf tools, such as: perf record -e probe:vmw_validate_single_buffer -aR sleep 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
D e b c o n f 1 6 LTTng: Kernel and userspace tracing in Debian mjeanson@effjcios.com

D e b c o n f 1 6 LTTng: Kernel and userspace tracing in Debian mjeanson@effjcios.com

D e b c o n f 1 6 LTTng: Kernel and userspace tracing in Debian mjeanson@effjcios.com w h o a mi Michael Jeanson, Software developer @ EffjciOS Debian Maintainer Ubuntu Member Fedora Packager Offjcial and

894 views • 20 slides
CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking techniques (Linux) Why do we need locking in the kernel? o Which problems are we trying to solve? What implementation choices do we have? o Is

407 views • 30 slides
Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org http://people.redhat.com/srostedt/ trace-tokyo-2010.odp Who am I? What is Ftrace? What is Ftrace? Traces the internal operations of the kernel What is

542 views • 50 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel

LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel

Progress report meeting December 2015 LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel tracing Tracepoints System calls k[ret]probes User-space tracing C/C++ (tracef/tracelog)

527 views • 14 slides
Module 4: Powerful Interviewing Techniques Lesson 4: Advanced Communication Tips In this training

Module 4: Powerful Interviewing Techniques Lesson 4: Advanced Communication Tips In this training

Module 4: Powerful Interviewing Techniques Lesson 4: Advanced Communication Tips In this training you will learn: Why is this important Techniques and How you can leverage them: Tonality (Tone); Avoid sounding Monotone; Rhythm

309 views • 11 slides
Multi-Resolution Method for Ray Tracing Sung-Eui Yoon ( ) Course URL:

Multi-Resolution Method for Ray Tracing Sung-Eui Yoon ( ) Course URL:

Multi-Resolution Method for Ray Tracing Sung-Eui Yoon ( ) Course URL: http://jupiter.kaist.ac.kr/~sungeui/SGA/ At the Previous Class Studied LOD techniques for rasterization 2 Goal Perform an interactive ray tracing of

550 views • 43 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools

Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools

Tracing with Perf tools Namhyung Kim 2013-11-13 Wed Namhyung Kim Tracing with Perf tools 2013-11-13 Wed 1 / 34 Outline Introduction 1 Other technologies 2 Kernel-level tracing with perf tools 3 User-level tracing with perf tools 4

580 views • 34 slides
Flattened Image Trees: A powerful kernel image format Feb 21, 2013 Joel A Fernandes

Flattened Image Trees: A powerful kernel image format Feb 21, 2013 Joel A Fernandes

Flattened Image Trees: A powerful kernel image format Feb 21, 2013 Joel A Fernandes &lt;joelagnel@ti.com&gt; 1 Goals of this talk To understand existing challenges in multicomponent Images How these have been solved How these can

931 views • 38 slides
LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux distribution. E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers October 26th, 2011 1 &gt; Buzzword compliant ! LTT: Linux Trace Toolkit

438 views • 32 slides
Culling Techniques Sung-Eui Yoon ( ) Course URL:

Culling Techniques Sung-Eui Yoon ( ) Course URL:

Culling Techniques Sung-Eui Yoon ( ) Course URL: http://jupiter.kaist.ac.kr/~sungeui/SGA/ At the Previous Class The overview of the course Two main rendering techniques: rasterization and ray tracing Their issues with

461 views • 28 slides
Tracing the fate of nutrients in agricultural catchments by stable isotope techniques Part I: The

Tracing the fate of nutrients in agricultural catchments by stable isotope techniques Part I: The

Tracing the fate of nutrients in agricultural catchments by stable isotope techniques Part I: The Hessian Ried Story Christoph Kludt, Alexandra Giber, Christine Khbeck, Frank-Andreas Weber, Christoph Schth, Kay Knller Outline Background

687 views • 44 slides
Exploitation techniques for NT kernel Introduction General concepts Internals Adrien

Exploitation techniques for NT kernel Introduction General concepts Internals Adrien

Exploitation techniques for NT kernel Adrien Adr1 Garin Exploitation techniques for NT kernel Introduction General concepts Internals Adrien Adr1 Garin Exploitation Stack overflow Integer overflow Write What Where EPITA

623 views • 47 slides
Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer April 9th, 2009 Mathieu Desnoyers, cole Polytechnique de Montral 1 &gt; Plan Presenter Tracing

539 views • 25 slides
Eligibility Traces Chapter 12 Eligibility traces are Another way of interpolating between MC and

Eligibility Traces Chapter 12 Eligibility traces are Another way of interpolating between MC and

Eligibility Traces Chapter 12 Eligibility traces are Another way of interpolating between MC and TD methods A way of implementing compound -return targets A basic mechanistic idea a short-term, fading memory A new style of algorithm

881 views • 31 slides
Spark RDD Operations Transformations and Actions 1 RDD Processing Model RDD can be modeled

Spark RDD Operations Transformations and Actions 1 RDD Processing Model RDD can be modeled

Spark RDD Operations Transformations and Actions 1 RDD Processing Model RDD can be modeled using the Bulk Synchronous Parallel (BSP) model Communication Independent Local Independent Local Processor 1 Processing Processing Independent

561 views • 31 slides
Math 211 Math 211 Lecture #19 Nullspaces and Subspaces October 9, 2002 2 Homogeneous Systems

Math 211 Math 211 Lecture #19 Nullspaces and Subspaces October 9, 2002 2 Homogeneous Systems

1 Math 211 Math 211 Lecture #19 Nullspaces and Subspaces October 9, 2002 2 Homogeneous Systems Homogeneous Systems A homogeneous system has the form A x = 0 . The augmented matrix M = [ A, 0 ] has all zeros in the last column.

270 views • 8 slides
Week 4 -Wednesday What did we talk about last time? Functions Unix never says

Week 4 -Wednesday What did we talk about last time? Functions Unix never says

Week 4 -Wednesday What did we talk about last time? Functions Unix never says &quot;please.&quot; Rob Pike It also never says: &quot;Thank you&quot; &quot;You're welcome&quot; &quot;I'm sorry&quot; &quot;Are you sure

448 views • 28 slides
Trace Abstraction Monday, December 14, 2011 Example Our Model of a Verification Problem 0

Trace Abstraction Monday, December 14, 2011 Example Our Model of a Verification Problem 0

Trace Abstraction Monday, December 14, 2011 Example Our Model of a Verification Problem 0 x:=0 x:=0 0 : y:=0 1 : 1 while(nondet) { x++ } 2 : y:=0 assert x!= -1 2 x++ assert y!= -1 Example program P y==-1 x==-1

634 views • 28 slides
Outline DMP204 SCHEDULING, TIMETABLING AND ROUTING 1. Job Shop Lecture 15 Modelling Flow

Outline DMP204 SCHEDULING, TIMETABLING AND ROUTING 1. Job Shop Lecture 15 Modelling Flow

Job Shop Outline DMP204 SCHEDULING, TIMETABLING AND ROUTING 1. Job Shop Lecture 15 Modelling Flow Shop and Job Shop Models Exact Methods Local Search Methods Shifting Bottleneck Heuristic Marco Chiarandini 2 Modelling Modelling Exact

304 views • 6 slides
Bidirectional Flow Export using IPFIX draft-ietf-ipfix-biflow-00

Bidirectional Flow Export using IPFIX draft-ietf-ipfix-biflow-00

Bidirectional Flow Export using IPFIX draft-ietf-ipfix-biflow-00 http://www.ietf.org/internet-drafts/draft-ietf-ipfix-biflow-00.txt Brian Trammell &lt;bht@cert.org&gt; Elisa Boschi &lt;elisa.boschi@hitachi-eu.com&gt; Thursday, November 9, 2006

140 views • 12 slides
1 2 http://www.webperformancetoday.com/2011/11/23/case-study-slow-page-load-

1 2 http://www.webperformancetoday.com/2011/11/23/case-study-slow-page-load-

1 2 http://www.webperformancetoday.com/2011/11/23/case-study-slow-page-load- mobile-business-metrics/ 4 http://www.webperformancetoday.com/2012/02/28/4-awesome-slides-showing- how-page-speed-correlates-to-business-metrics-at-walmart-com/ 5 6

981 views • 41 slides

More recommend