Wcohen/efficiency (#2063)
* Reduce instrumentation overhead with the sys_enter and sys_exit tracepoints
The ucalls script initially used kprobes and kretprobes on each of the
hundreds of syscalls functions in the system. This approach causes a
large number of probes to be set up at the start and removed at the
conclusion of the script's execution resulting in slow start up.
Like the syscount.py script the ucall syscall instrumentation has been
modified to use the sys_enter and sys_exit tracepoints. This only
requires the installation and removal of one or two tracepoints to
implement and results in much shorter times to start and stop the
ucalls script.
Another benefit of this change is syscalls on newer kernels will be
monitored with the "-S" option. The regular expression used to find
the locations for the kprobes and kretprobes for all the possible
syscall functions would not would match the syscall function naming
convention in newer kernels.
* Update ucalls_examples.txt to match current "-S" option output
* Add required "import subprocess" and remove unneeded "global syscalls"
* Factor out the syscall_name code into a separate python module syscall.py
Multiple scripts are going to find the syscall_name() function useful
when using the syscall tracepoints. Factoring out this code into a
separate python module avoids having to replicate this code in
multiple scripts.
* Use the syscall_name() function in syscount.py to make it more compact.
* Update the default syscall mappings and the way that they were generated
The default table was missing some newer syscall mapping. Regenerated
the table using the syscallent.h file from Fedora 30
strace-4.25-1.fc30.src.rpm. Also updated the comment with the command
actually used to generate the mappings.
* Add license information and upsdate the syscalls
The default x86_64 syscall dictionary mapping syscalls numbers to
names has been updated. The following syscall x86_64 names have been
updated:
18: b"pwrite64",
60: b"exit",
166: b"umount2",
The following syscall x86_64 have been added:
313: b"finit_module",
314: b"sched_setattr",
315: b"sched_getattr",
316: b"renameat2",
317: b"seccomp",
318: b"getrandom",
319: b"memfd_create",
320: b"kexec_file_load",
321: b"bpf",
322: b"execveat",
323: b"userfaultfd",
324: b"membarrier",
325: b"mlock2",
326: b"copy_file_range",
327: b"preadv2",
328: b"pwritev2",
329: b"pkey_mprotect",
330: b"pkey_alloc",
331: b"pkey_free",
332: b"statx",
333: b"io_pgetevents",
334: b"rseq",
* Eliminate stderr output and use of shell features
Redirect all stderr output so it isn't seen. Also avoid use of the
shell pipe and tail command. Just strip off the first line in the
python code instead.
* Update lib/ucalls.py smoke test to required linux-4.7
The use of tracepoints in the ucalls.py requires linux-4.7. Changed
the test to only run with a suitable kernel. The libs/ucalls.py
script is no longer inserting hundreds of kprobes and is much faster
as a result, so removed the timeout adjustment and the comment about
it being slow.
diff --git a/tools/syscount.py b/tools/syscount.py
index 191511c..58039be 100755
--- a/tools/syscount.py
+++ b/tools/syscount.py
@@ -9,368 +9,21 @@
#
# 15-Feb-2017 Sasha Goldshtein Created this.
-from bcc import BPF
-from bcc.utils import printb
from time import sleep, strftime
import argparse
import errno
import itertools
-import subprocess
import sys
import signal
-import platform
+from bcc import BPF
+from bcc.utils import printb
+from bcc.syscall import syscall_name
if sys.version_info.major < 3:
izip_longest = itertools.izip_longest
else:
izip_longest = itertools.zip_longest
-#
-# Syscall table for Linux x86_64, not very recent.
-# Automatically generated from strace/linux/x86_64/syscallent.h using the
-# following command:
-#
-# cat syscallent.h | awk -F, '{ gsub(/[ \t"}]/, "", $4);
-# gsub(/[ \t/*]/, "", $5);
-# print " "$5": \""$4"\","; }
-# BEGIN { print "syscalls = {" }
-# END { print "}" }'
-#
-syscalls = {
- 0: b"read",
- 1: b"write",
- 2: b"open",
- 3: b"close",
- 4: b"stat",
- 5: b"fstat",
- 6: b"lstat",
- 7: b"poll",
- 8: b"lseek",
- 9: b"mmap",
- 10: b"mprotect",
- 11: b"munmap",
- 12: b"brk",
- 13: b"rt_sigaction",
- 14: b"rt_sigprocmask",
- 15: b"rt_sigreturn",
- 16: b"ioctl",
- 17: b"pread",
- 18: b"pwrite",
- 19: b"readv",
- 20: b"writev",
- 21: b"access",
- 22: b"pipe",
- 23: b"select",
- 24: b"sched_yield",
- 25: b"mremap",
- 26: b"msync",
- 27: b"mincore",
- 28: b"madvise",
- 29: b"shmget",
- 30: b"shmat",
- 31: b"shmctl",
- 32: b"dup",
- 33: b"dup2",
- 34: b"pause",
- 35: b"nanosleep",
- 36: b"getitimer",
- 37: b"alarm",
- 38: b"setitimer",
- 39: b"getpid",
- 40: b"sendfile",
- 41: b"socket",
- 42: b"connect",
- 43: b"accept",
- 44: b"sendto",
- 45: b"recvfrom",
- 46: b"sendmsg",
- 47: b"recvmsg",
- 48: b"shutdown",
- 49: b"bind",
- 50: b"listen",
- 51: b"getsockname",
- 52: b"getpeername",
- 53: b"socketpair",
- 54: b"setsockopt",
- 55: b"getsockopt",
- 56: b"clone",
- 57: b"fork",
- 58: b"vfork",
- 59: b"execve",
- 60: b"_exit",
- 61: b"wait4",
- 62: b"kill",
- 63: b"uname",
- 64: b"semget",
- 65: b"semop",
- 66: b"semctl",
- 67: b"shmdt",
- 68: b"msgget",
- 69: b"msgsnd",
- 70: b"msgrcv",
- 71: b"msgctl",
- 72: b"fcntl",
- 73: b"flock",
- 74: b"fsync",
- 75: b"fdatasync",
- 76: b"truncate",
- 77: b"ftruncate",
- 78: b"getdents",
- 79: b"getcwd",
- 80: b"chdir",
- 81: b"fchdir",
- 82: b"rename",
- 83: b"mkdir",
- 84: b"rmdir",
- 85: b"creat",
- 86: b"link",
- 87: b"unlink",
- 88: b"symlink",
- 89: b"readlink",
- 90: b"chmod",
- 91: b"fchmod",
- 92: b"chown",
- 93: b"fchown",
- 94: b"lchown",
- 95: b"umask",
- 96: b"gettimeofday",
- 97: b"getrlimit",
- 98: b"getrusage",
- 99: b"sysinfo",
- 100: b"times",
- 101: b"ptrace",
- 102: b"getuid",
- 103: b"syslog",
- 104: b"getgid",
- 105: b"setuid",
- 106: b"setgid",
- 107: b"geteuid",
- 108: b"getegid",
- 109: b"setpgid",
- 110: b"getppid",
- 111: b"getpgrp",
- 112: b"setsid",
- 113: b"setreuid",
- 114: b"setregid",
- 115: b"getgroups",
- 116: b"setgroups",
- 117: b"setresuid",
- 118: b"getresuid",
- 119: b"setresgid",
- 120: b"getresgid",
- 121: b"getpgid",
- 122: b"setfsuid",
- 123: b"setfsgid",
- 124: b"getsid",
- 125: b"capget",
- 126: b"capset",
- 127: b"rt_sigpending",
- 128: b"rt_sigtimedwait",
- 129: b"rt_sigqueueinfo",
- 130: b"rt_sigsuspend",
- 131: b"sigaltstack",
- 132: b"utime",
- 133: b"mknod",
- 134: b"uselib",
- 135: b"personality",
- 136: b"ustat",
- 137: b"statfs",
- 138: b"fstatfs",
- 139: b"sysfs",
- 140: b"getpriority",
- 141: b"setpriority",
- 142: b"sched_setparam",
- 143: b"sched_getparam",
- 144: b"sched_setscheduler",
- 145: b"sched_getscheduler",
- 146: b"sched_get_priority_max",
- 147: b"sched_get_priority_min",
- 148: b"sched_rr_get_interval",
- 149: b"mlock",
- 150: b"munlock",
- 151: b"mlockall",
- 152: b"munlockall",
- 153: b"vhangup",
- 154: b"modify_ldt",
- 155: b"pivot_root",
- 156: b"_sysctl",
- 157: b"prctl",
- 158: b"arch_prctl",
- 159: b"adjtimex",
- 160: b"setrlimit",
- 161: b"chroot",
- 162: b"sync",
- 163: b"acct",
- 164: b"settimeofday",
- 165: b"mount",
- 166: b"umount",
- 167: b"swapon",
- 168: b"swapoff",
- 169: b"reboot",
- 170: b"sethostname",
- 171: b"setdomainname",
- 172: b"iopl",
- 173: b"ioperm",
- 174: b"create_module",
- 175: b"init_module",
- 176: b"delete_module",
- 177: b"get_kernel_syms",
- 178: b"query_module",
- 179: b"quotactl",
- 180: b"nfsservctl",
- 181: b"getpmsg",
- 182: b"putpmsg",
- 183: b"afs_syscall",
- 184: b"tuxcall",
- 185: b"security",
- 186: b"gettid",
- 187: b"readahead",
- 188: b"setxattr",
- 189: b"lsetxattr",
- 190: b"fsetxattr",
- 191: b"getxattr",
- 192: b"lgetxattr",
- 193: b"fgetxattr",
- 194: b"listxattr",
- 195: b"llistxattr",
- 196: b"flistxattr",
- 197: b"removexattr",
- 198: b"lremovexattr",
- 199: b"fremovexattr",
- 200: b"tkill",
- 201: b"time",
- 202: b"futex",
- 203: b"sched_setaffinity",
- 204: b"sched_getaffinity",
- 205: b"set_thread_area",
- 206: b"io_setup",
- 207: b"io_destroy",
- 208: b"io_getevents",
- 209: b"io_submit",
- 210: b"io_cancel",
- 211: b"get_thread_area",
- 212: b"lookup_dcookie",
- 213: b"epoll_create",
- 214: b"epoll_ctl_old",
- 215: b"epoll_wait_old",
- 216: b"remap_file_pages",
- 217: b"getdents64",
- 218: b"set_tid_address",
- 219: b"restart_syscall",
- 220: b"semtimedop",
- 221: b"fadvise64",
- 222: b"timer_create",
- 223: b"timer_settime",
- 224: b"timer_gettime",
- 225: b"timer_getoverrun",
- 226: b"timer_delete",
- 227: b"clock_settime",
- 228: b"clock_gettime",
- 229: b"clock_getres",
- 230: b"clock_nanosleep",
- 231: b"exit_group",
- 232: b"epoll_wait",
- 233: b"epoll_ctl",
- 234: b"tgkill",
- 235: b"utimes",
- 236: b"vserver",
- 237: b"mbind",
- 238: b"set_mempolicy",
- 239: b"get_mempolicy",
- 240: b"mq_open",
- 241: b"mq_unlink",
- 242: b"mq_timedsend",
- 243: b"mq_timedreceive",
- 244: b"mq_notify",
- 245: b"mq_getsetattr",
- 246: b"kexec_load",
- 247: b"waitid",
- 248: b"add_key",
- 249: b"request_key",
- 250: b"keyctl",
- 251: b"ioprio_set",
- 252: b"ioprio_get",
- 253: b"inotify_init",
- 254: b"inotify_add_watch",
- 255: b"inotify_rm_watch",
- 256: b"migrate_pages",
- 257: b"openat",
- 258: b"mkdirat",
- 259: b"mknodat",
- 260: b"fchownat",
- 261: b"futimesat",
- 262: b"newfstatat",
- 263: b"unlinkat",
- 264: b"renameat",
- 265: b"linkat",
- 266: b"symlinkat",
- 267: b"readlinkat",
- 268: b"fchmodat",
- 269: b"faccessat",
- 270: b"pselect6",
- 271: b"ppoll",
- 272: b"unshare",
- 273: b"set_robust_list",
- 274: b"get_robust_list",
- 275: b"splice",
- 276: b"tee",
- 277: b"sync_file_range",
- 278: b"vmsplice",
- 279: b"move_pages",
- 280: b"utimensat",
- 281: b"epoll_pwait",
- 282: b"signalfd",
- 283: b"timerfd_create",
- 284: b"eventfd",
- 285: b"fallocate",
- 286: b"timerfd_settime",
- 287: b"timerfd_gettime",
- 288: b"accept4",
- 289: b"signalfd4",
- 290: b"eventfd2",
- 291: b"epoll_create1",
- 292: b"dup3",
- 293: b"pipe2",
- 294: b"inotify_init1",
- 295: b"preadv",
- 296: b"pwritev",
- 297: b"rt_tgsigqueueinfo",
- 298: b"perf_event_open",
- 299: b"recvmmsg",
- 300: b"fanotify_init",
- 301: b"fanotify_mark",
- 302: b"prlimit64",
- 303: b"name_to_handle_at",
- 304: b"open_by_handle_at",
- 305: b"clock_adjtime",
- 306: b"syncfs",
- 307: b"sendmmsg",
- 308: b"setns",
- 309: b"getcpu",
- 310: b"process_vm_readv",
- 311: b"process_vm_writev",
- 312: b"kcmp",
- 313: b"finit_module",
-}
-
-# Try to use ausyscall if it is available, because it can give us an up-to-date
-# list of syscalls for various architectures, rather than the x86-64 hardcoded
-# list above.
-def parse_syscall(line):
- parts = line.split()
- return (int(parts[0]), parts[1].strip())
-
-try:
- # Skip the first line, which is a header. The rest of the lines are simply
- # SYSCALL_NUM\tSYSCALL_NAME pairs.
- out = subprocess.check_output('ausyscall --dump | tail -n +2', shell=True)
- syscalls = dict(map(parse_syscall, out.strip().split(b'\n')))
-except Exception as e:
- if platform.machine() == "x86_64":
- pass
- else:
- raise Exception("ausyscall: command not found")
-
# signal handler
def signal_ignore(signal, frame):
print()
@@ -526,7 +179,7 @@
if args.process:
return b"%-6d %-15s" % (key.value, comm_for_pid(key.value))
else:
- return syscalls.get(key.value, b"[unknown: %d]" % key.value)
+ return syscall_name(key.value)
def print_count_stats():
data = bpf["data"]