Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / bcc / 1af99d4eb7bf288f2ffadd82b4ceed6e8ad4007c / . / tools / statsnoop.py
blob: f68acdcbf5efa3ecc8f12677a4c60b3146c932f4 [file] [log] [blame]
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]1#!/usr/bin/python
2# @lint-avoid-python-3-compatibility-imports
3#
4# statsnoop Trace stat() syscalls.
5# For Linux, uses BCC, eBPF. Embedded C.
6#
7# USAGE: statsnoop [-h] [-t] [-x] [-p PID]
8#
9# Copyright 2016 Netflix, Inc.
10# Licensed under the Apache License, Version 2.0 (the "License")
11#
12# 08-Feb-2016 Brendan Gregg Created this.
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]13# 17-Feb-2016 Allan McAleavy updated for BPF_PERF_OUTPUT
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]14
15from __future__ import print_function
16from bcc import BPF
17import argparse
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]18import ctypes as ct
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]19
20# arguments
21examples = """examples:
22 ./statsnoop # trace all stat() syscalls
23 ./statsnoop -t # include timestamps
24 ./statsnoop -x # only show failed stats
25 ./statsnoop -p 181 # only trace PID 181
26"""
27parser = argparse.ArgumentParser(
28 description="Trace stat() syscalls",
29 formatter_class=argparse.RawDescriptionHelpFormatter,
30 epilog=examples)
31parser.add_argument("-t", "--timestamp", action="store_true",
32 help="include timestamp on output")
33parser.add_argument("-x", "--failed", action="store_true",
34 help="only show failed stats")
35parser.add_argument("-p", "--pid",
36 help="trace this PID only")
37args = parser.parse_args()
38debug = 0
39
40# define BPF program
41bpf_text = """
42#include <uapi/linux/ptrace.h>
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]43#include <uapi/linux/limits.h>
44#include <linux/sched.h>
45
46struct val_t {
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]47 const char *fname;
48};
49
50struct data_t {
51 u32 pid;
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]52 u64 ts_ns;
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]53 int ret;
54 char comm[TASK_COMM_LEN];
55 char fname[NAME_MAX];
56};
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]57
58BPF_HASH(args_filename, u32, const char *);
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]59BPF_HASH(infotmp, u32, struct val_t);
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]60BPF_PERF_OUTPUT(events);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]61
62int trace_entry(struct pt_regs *ctx, const char __user *filename)
63{
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]64 struct val_t val = {};
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]65 u32 pid = bpf_get_current_pid_tgid();
66
67 FILTER
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]68 val.fname = filename;
69 infotmp.update(&pid, &val);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]70
71 return 0;
72};
73
74int trace_return(struct pt_regs *ctx)
75{
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]76 u32 pid = bpf_get_current_pid_tgid();
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]77 struct val_t *valp;
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]78
79 valp = infotmp.lookup(&pid);
80 if (valp == 0) {
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]81 // missed entry
82 return 0;
83 }
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]84
85 struct data_t data = {.pid = pid};
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]86 bpf_probe_read(&data.fname, sizeof(data.fname), (void *)valp->fname);
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]87 bpf_get_current_comm(&data.comm, sizeof(data.comm));
88 data.ts_ns = bpf_ktime_get_ns();
Naveen N. Rao4afa96a2016-05-03 14:54:21 +0530[diff] [blame]89 data.ret = PT_REGS_RC(ctx);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]90
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]91 events.perf_submit(ctx, &data, sizeof(data));
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]92 infotmp.delete(&pid);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]93 args_filename.delete(&pid);
94
95 return 0;
96}
97"""
98if args.pid:
99 bpf_text = bpf_text.replace('FILTER',
100 'if (pid != %s) { return 0; }' % args.pid)
101else:
102 bpf_text = bpf_text.replace('FILTER', '')
103if debug:
104 print(bpf_text)
105
106# initialize BPF
107b = BPF(text=bpf_text)
Sandipan Das16523a32017-10-05 12:13:12 +0530[diff] [blame]108
109# for POSIX compliance, all architectures implement these
110# system calls but the name of the actual entry point may
111# be different for which we must check if the entry points
112# actually exist before attaching the probes
113if BPF.ksymname("sys_stat") != -1:
114 b.attach_kprobe(event="sys_stat", fn_name="trace_entry")
115 b.attach_kretprobe(event="sys_stat", fn_name="trace_return")
116
117if BPF.ksymname("sys_statfs") != -1:
118 b.attach_kprobe(event="sys_statfs", fn_name="trace_entry")
119 b.attach_kretprobe(event="sys_statfs", fn_name="trace_return")
120
121if BPF.ksymname("sys_newstat") != -1:
122 b.attach_kprobe(event="sys_newstat", fn_name="trace_entry")
123 b.attach_kretprobe(event="sys_newstat", fn_name="trace_return")
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]124
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]125TASK_COMM_LEN = 16 # linux/sched.h
126NAME_MAX = 255 # linux/limits.h
127
128class Data(ct.Structure):
129 _fields_ = [
130 ("pid", ct.c_ulonglong),
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]131 ("ts_ns", ct.c_ulonglong),
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]132 ("ret", ct.c_int),
133 ("comm", ct.c_char * TASK_COMM_LEN),
134 ("fname", ct.c_char * NAME_MAX)
135 ]
136
137start_ts = 0
138prev_ts = 0
139delta = 0
140
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]141# header
142if args.timestamp:
143 print("%-14s" % ("TIME(s)"), end="")
144print("%-6s %-16s %4s %3s %s" % ("PID", "COMM", "FD", "ERR", "PATH"))
145
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]146# process event
147def print_event(cpu, data, size):
148 event = ct.cast(data, ct.POINTER(Data)).contents
149 global start_ts
150 global prev_ts
151 global delta
152 global cont
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]153
154 # split return value into FD and errno columns
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]155 if event.ret >= 0:
156 fd_s = event.ret
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]157 err = 0
158 else:
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]159 fd_s = -1
160 err = - event.ret
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]161
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]162 if start_ts == 0:
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]163 start_ts = event.ts_ns
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]164
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]165 if args.timestamp:
Brendan Greggf4ce31a2017-01-10 22:31:30 -0800[diff] [blame]166 print("%-14.9f" % (float(event.ts_ns - start_ts) / 1000000000), end="")
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]167
Rafael F78948e42017-03-26 14:54:25 +0200[diff] [blame]168 print("%-6d %-16s %4d %3d %s" % (event.pid, event.comm.decode(),
169 fd_s, err, event.fname.decode()))
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]170
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]171# loop with callback to print_event
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]172b["events"].open_perf_buffer(print_event, page_cnt=64)
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]173while 1:
174 b.kprobe_poll()