Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | # |
| 3 | # trace Trace a function and print a trace message based on its |
| 4 | # parameters, with an optional filter. |
| 5 | # |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 6 | # usage: trace [-h] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S] |
| 7 | # [-M MAX_EVENTS] [-T] [-t] [-K] [-U] [-I header] |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 8 | # probe [probe ...] |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 9 | # |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 10 | # Licensed under the Apache License, Version 2.0 (the "License") |
| 11 | # Copyright (C) 2016 Sasha Goldshtein. |
| 12 | |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 13 | from bcc import BPF, USDT |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 14 | from functools import partial |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 15 | from time import sleep, strftime |
| 16 | import argparse |
| 17 | import re |
| 18 | import ctypes as ct |
| 19 | import os |
| 20 | import traceback |
| 21 | import sys |
| 22 | |
| 23 | class Time(object): |
| 24 | # BPF timestamps come from the monotonic clock. To be able to filter |
| 25 | # and compare them from Python, we need to invoke clock_gettime. |
| 26 | # Adapted from http://stackoverflow.com/a/1205762 |
| 27 | CLOCK_MONOTONIC_RAW = 4 # see <linux/time.h> |
| 28 | |
| 29 | class timespec(ct.Structure): |
| 30 | _fields_ = [ |
| 31 | ('tv_sec', ct.c_long), |
| 32 | ('tv_nsec', ct.c_long) |
| 33 | ] |
| 34 | |
| 35 | librt = ct.CDLL('librt.so.1', use_errno=True) |
| 36 | clock_gettime = librt.clock_gettime |
| 37 | clock_gettime.argtypes = [ct.c_int, ct.POINTER(timespec)] |
| 38 | |
| 39 | @staticmethod |
| 40 | def monotonic_time(): |
| 41 | t = Time.timespec() |
| 42 | if Time.clock_gettime( |
| 43 | Time.CLOCK_MONOTONIC_RAW, ct.pointer(t)) != 0: |
| 44 | errno_ = ct.get_errno() |
| 45 | raise OSError(errno_, os.strerror(errno_)) |
| 46 | return t.tv_sec * 1e9 + t.tv_nsec |
| 47 | |
| 48 | class Probe(object): |
| 49 | probe_count = 0 |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 50 | streq_index = 0 |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 51 | max_events = None |
| 52 | event_count = 0 |
| 53 | first_ts = 0 |
| 54 | use_localtime = True |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 55 | tgid = -1 |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 56 | pid = -1 |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 57 | |
| 58 | @classmethod |
| 59 | def configure(cls, args): |
| 60 | cls.max_events = args.max_events |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 61 | cls.print_time = args.timestamp or args.time |
| 62 | cls.use_localtime = not args.timestamp |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 63 | cls.first_ts = Time.monotonic_time() |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 64 | cls.tgid = args.tgid or -1 |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 65 | cls.pid = args.pid or -1 |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 66 | |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 67 | def __init__(self, probe, string_size, kernel_stack, user_stack): |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 68 | self.usdt = None |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 69 | self.streq_functions = "" |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 70 | self.raw_probe = probe |
| 71 | self.string_size = string_size |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 72 | self.kernel_stack = kernel_stack |
| 73 | self.user_stack = user_stack |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 74 | Probe.probe_count += 1 |
| 75 | self._parse_probe() |
| 76 | self.probe_num = Probe.probe_count |
| 77 | self.probe_name = "probe_%s_%d" % \ |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 78 | (self._display_function(), self.probe_num) |
Sasha Goldshtein | 3fa7ba1 | 2017-01-14 11:17:40 +0000 | [diff] [blame] | 79 | self.probe_name = re.sub(r'[^A-Za-z0-9_]', '_', self.probe_name) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 80 | |
| 81 | def __str__(self): |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 82 | return "%s:%s:%s FLT=%s ACT=%s/%s" % (self.probe_type, |
| 83 | self.library, self._display_function(), self.filter, |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 84 | self.types, self.values) |
| 85 | |
| 86 | def is_default_action(self): |
| 87 | return self.python_format == "" |
| 88 | |
| 89 | def _bail(self, error): |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 90 | raise ValueError("error in probe '%s': %s" % |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 91 | (self.raw_probe, error)) |
| 92 | |
| 93 | def _parse_probe(self): |
| 94 | text = self.raw_probe |
| 95 | |
| 96 | # Everything until the first space is the probe specifier |
| 97 | first_space = text.find(' ') |
| 98 | spec = text[:first_space] if first_space >= 0 else text |
| 99 | self._parse_spec(spec) |
| 100 | if first_space >= 0: |
| 101 | text = text[first_space:].lstrip() |
| 102 | else: |
| 103 | text = "" |
| 104 | |
| 105 | # If we now have a (, wait for the balanced closing ) and that |
| 106 | # will be the predicate |
| 107 | self.filter = None |
| 108 | if len(text) > 0 and text[0] == "(": |
| 109 | balance = 1 |
| 110 | for i in range(1, len(text)): |
| 111 | if text[i] == "(": |
| 112 | balance += 1 |
| 113 | if text[i] == ")": |
| 114 | balance -= 1 |
| 115 | if balance == 0: |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 116 | self._parse_filter(text[:i + 1]) |
| 117 | text = text[i + 1:] |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 118 | break |
| 119 | if self.filter is None: |
| 120 | self._bail("unmatched end of predicate") |
| 121 | |
| 122 | if self.filter is None: |
| 123 | self.filter = "1" |
| 124 | |
| 125 | # The remainder of the text is the printf action |
| 126 | self._parse_action(text.lstrip()) |
| 127 | |
| 128 | def _parse_spec(self, spec): |
| 129 | parts = spec.split(":") |
| 130 | # Two special cases: 'func' means 'p::func', 'lib:func' means |
| 131 | # 'p:lib:func'. Other combinations need to provide an empty |
| 132 | # value between delimiters, e.g. 'r::func' for a kretprobe on |
| 133 | # the function func. |
| 134 | if len(parts) == 1: |
| 135 | parts = ["p", "", parts[0]] |
| 136 | elif len(parts) == 2: |
| 137 | parts = ["p", parts[0], parts[1]] |
| 138 | if len(parts[0]) == 0: |
| 139 | self.probe_type = "p" |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 140 | elif parts[0] in ["p", "r", "t", "u"]: |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 141 | self.probe_type = parts[0] |
| 142 | else: |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 143 | self._bail("probe type must be '', 'p', 't', 'r', " + |
| 144 | "or 'u', but got '%s'" % parts[0]) |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 145 | if self.probe_type == "t": |
| 146 | self.tp_category = parts[1] |
| 147 | self.tp_event = parts[2] |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 148 | self.library = "" # kernel |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 149 | self.function = "" # from TRACEPOINT_PROBE |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 150 | elif self.probe_type == "u": |
| 151 | self.library = parts[1] |
| 152 | self.usdt_name = parts[2] |
| 153 | self.function = "" # no function, just address |
| 154 | # We will discover the USDT provider by matching on |
| 155 | # the USDT name in the specified library |
| 156 | self._find_usdt_probe() |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 157 | else: |
| 158 | self.library = parts[1] |
| 159 | self.function = parts[2] |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 160 | |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 161 | def _find_usdt_probe(self): |
Sasha Goldshtein | dd04536 | 2016-11-13 05:07:38 -0800 | [diff] [blame] | 162 | target = Probe.pid if Probe.pid and Probe.pid != -1 \ |
| 163 | else Probe.tgid |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 164 | self.usdt = USDT(path=self.library, pid=target) |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 165 | for probe in self.usdt.enumerate_probes(): |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 166 | if probe.name == self.usdt_name: |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 167 | return # Found it, will enable later |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 168 | self._bail("unrecognized USDT probe %s" % self.usdt_name) |
| 169 | |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 170 | def _parse_filter(self, filt): |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 171 | self.filter = self._rewrite_expr(filt) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 172 | |
| 173 | def _parse_types(self, fmt): |
| 174 | for match in re.finditer( |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 175 | r'[^%]%(s|u|d|llu|lld|hu|hd|x|llx|c|K|U)', fmt): |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 176 | self.types.append(match.group(1)) |
| 177 | fmt = re.sub(r'([^%]%)(u|d|llu|lld|hu|hd)', r'\1d', fmt) |
| 178 | fmt = re.sub(r'([^%]%)(x|llx)', r'\1x', fmt) |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 179 | fmt = re.sub('%K|%U', '%s', fmt) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 180 | self.python_format = fmt.strip('"') |
| 181 | |
| 182 | def _parse_action(self, action): |
| 183 | self.values = [] |
| 184 | self.types = [] |
| 185 | self.python_format = "" |
| 186 | if len(action) == 0: |
| 187 | return |
| 188 | |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 189 | action = action.strip() |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 190 | match = re.search(r'(\".*?\"),?(.*)', action) |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 191 | if match is None: |
| 192 | self._bail("expected format string in \"s") |
| 193 | |
| 194 | self.raw_format = match.group(1) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 195 | self._parse_types(self.raw_format) |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 196 | for part in re.split('(?<!"),', match.group(2)): |
| 197 | part = self._rewrite_expr(part) |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 198 | if len(part) > 0: |
| 199 | self.values.append(part) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 200 | |
| 201 | aliases = { |
Naveen N. Rao | 4afa96a | 2016-05-03 14:54:21 +0530 | [diff] [blame] | 202 | "retval": "PT_REGS_RC(ctx)", |
| 203 | "arg1": "PT_REGS_PARM1(ctx)", |
| 204 | "arg2": "PT_REGS_PARM2(ctx)", |
| 205 | "arg3": "PT_REGS_PARM3(ctx)", |
| 206 | "arg4": "PT_REGS_PARM4(ctx)", |
| 207 | "arg5": "PT_REGS_PARM5(ctx)", |
| 208 | "arg6": "PT_REGS_PARM6(ctx)", |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 209 | "$uid": "(unsigned)(bpf_get_current_uid_gid() & 0xffffffff)", |
| 210 | "$gid": "(unsigned)(bpf_get_current_uid_gid() >> 32)", |
| 211 | "$pid": "(unsigned)(bpf_get_current_pid_tgid() & 0xffffffff)", |
| 212 | "$tgid": "(unsigned)(bpf_get_current_pid_tgid() >> 32)", |
| 213 | "$cpu": "bpf_get_smp_processor_id()" |
| 214 | } |
| 215 | |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 216 | def _generate_streq_function(self, string): |
| 217 | fname = "streq_%d" % Probe.streq_index |
| 218 | Probe.streq_index += 1 |
| 219 | self.streq_functions += """ |
| 220 | static inline bool %s(char const *ignored, unsigned long str) { |
| 221 | char needle[] = %s; |
| 222 | char haystack[sizeof(needle)]; |
| 223 | bpf_probe_read(&haystack, sizeof(haystack), (void *)str); |
| 224 | for (int i = 0; i < sizeof(needle); ++i) { |
| 225 | if (needle[i] != haystack[i]) { |
| 226 | return false; |
| 227 | } |
| 228 | } |
| 229 | return true; |
| 230 | } |
| 231 | """ % (fname, string) |
| 232 | return fname |
| 233 | |
| 234 | def _rewrite_expr(self, expr): |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 235 | for alias, replacement in Probe.aliases.items(): |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 236 | # For USDT probes, we replace argN values with the |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 237 | # actual arguments for that probe obtained using |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 238 | # bpf_readarg_N macros emitted at BPF construction. |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 239 | if alias.startswith("arg") and self.probe_type == "u": |
| 240 | continue |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 241 | expr = expr.replace(alias, replacement) |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 242 | matches = re.finditer('STRCMP\\(("[^"]+\\")', expr) |
| 243 | for match in matches: |
| 244 | string = match.group(1) |
| 245 | fname = self._generate_streq_function(string) |
| 246 | expr = expr.replace("STRCMP", fname, 1) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 247 | return expr |
| 248 | |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 249 | p_type = {"u": ct.c_uint, "d": ct.c_int, |
| 250 | "llu": ct.c_ulonglong, "lld": ct.c_longlong, |
| 251 | "hu": ct.c_ushort, "hd": ct.c_short, |
| 252 | "x": ct.c_uint, "llx": ct.c_ulonglong, "c": ct.c_ubyte, |
| 253 | "K": ct.c_ulonglong, "U": ct.c_ulonglong} |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 254 | |
| 255 | def _generate_python_field_decl(self, idx, fields): |
| 256 | field_type = self.types[idx] |
| 257 | if field_type == "s": |
| 258 | ptype = ct.c_char * self.string_size |
| 259 | else: |
| 260 | ptype = Probe.p_type[field_type] |
| 261 | fields.append(("v%d" % idx, ptype)) |
| 262 | |
| 263 | def _generate_python_data_decl(self): |
| 264 | self.python_struct_name = "%s_%d_Data" % \ |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 265 | (self._display_function(), self.probe_num) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 266 | fields = [ |
| 267 | ("timestamp_ns", ct.c_ulonglong), |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 268 | ("tgid", ct.c_uint), |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 269 | ("pid", ct.c_uint), |
| 270 | ("comm", ct.c_char * 16) # TASK_COMM_LEN |
| 271 | ] |
| 272 | for i in range(0, len(self.types)): |
| 273 | self._generate_python_field_decl(i, fields) |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 274 | if self.kernel_stack: |
| 275 | fields.append(("kernel_stack_id", ct.c_int)) |
| 276 | if self.user_stack: |
| 277 | fields.append(("user_stack_id", ct.c_int)) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 278 | return type(self.python_struct_name, (ct.Structure,), |
| 279 | dict(_fields_=fields)) |
| 280 | |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 281 | c_type = {"u": "unsigned int", "d": "int", |
| 282 | "llu": "unsigned long long", "lld": "long long", |
| 283 | "hu": "unsigned short", "hd": "short", |
| 284 | "x": "unsigned int", "llx": "unsigned long long", |
| 285 | "c": "char", "K": "unsigned long long", |
| 286 | "U": "unsigned long long"} |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 287 | fmt_types = c_type.keys() |
| 288 | |
| 289 | def _generate_field_decl(self, idx): |
| 290 | field_type = self.types[idx] |
| 291 | if field_type == "s": |
| 292 | return "char v%d[%d];\n" % (idx, self.string_size) |
| 293 | if field_type in Probe.fmt_types: |
| 294 | return "%s v%d;\n" % (Probe.c_type[field_type], idx) |
| 295 | self._bail("unrecognized format specifier %s" % field_type) |
| 296 | |
| 297 | def _generate_data_decl(self): |
| 298 | # The BPF program will populate values into the struct |
| 299 | # according to the format string, and the Python program will |
| 300 | # construct the final display string. |
| 301 | self.events_name = "%s_events" % self.probe_name |
| 302 | self.struct_name = "%s_data_t" % self.probe_name |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 303 | self.stacks_name = "%s_stacks" % self.probe_name |
| 304 | stack_table = "BPF_STACK_TRACE(%s, 1024);" % self.stacks_name \ |
| 305 | if (self.kernel_stack or self.user_stack) else "" |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 306 | data_fields = "" |
| 307 | for i, field_type in enumerate(self.types): |
| 308 | data_fields += " " + \ |
| 309 | self._generate_field_decl(i) |
| 310 | |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 311 | kernel_stack_str = " int kernel_stack_id;" \ |
| 312 | if self.kernel_stack else "" |
| 313 | user_stack_str = " int user_stack_id;" \ |
| 314 | if self.user_stack else "" |
| 315 | |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 316 | text = """ |
| 317 | struct %s |
| 318 | { |
| 319 | u64 timestamp_ns; |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 320 | u32 tgid; |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 321 | u32 pid; |
| 322 | char comm[TASK_COMM_LEN]; |
| 323 | %s |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 324 | %s |
| 325 | %s |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 326 | }; |
| 327 | |
| 328 | BPF_PERF_OUTPUT(%s); |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 329 | %s |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 330 | """ |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 331 | return text % (self.struct_name, data_fields, |
| 332 | kernel_stack_str, user_stack_str, |
| 333 | self.events_name, stack_table) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 334 | |
| 335 | def _generate_field_assign(self, idx): |
| 336 | field_type = self.types[idx] |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 337 | expr = self.values[idx].strip() |
| 338 | text = "" |
| 339 | if self.probe_type == "u" and expr[0:3] == "arg": |
Sasha Goldshtein | b6db17f | 2016-10-04 19:50:50 +0300 | [diff] [blame] | 340 | text = (" u64 %s = 0;\n" + |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 341 | " bpf_usdt_readarg(%s, ctx, &%s);\n") \ |
| 342 | % (expr, expr[3], expr) |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 343 | |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 344 | if field_type == "s": |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 345 | return text + """ |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 346 | if (%s != 0) { |
| 347 | bpf_probe_read(&__data.v%d, sizeof(__data.v%d), (void *)%s); |
| 348 | } |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 349 | """ % (expr, idx, idx, expr) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 350 | if field_type in Probe.fmt_types: |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 351 | return text + " __data.v%d = (%s)%s;\n" % \ |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 352 | (idx, Probe.c_type[field_type], expr) |
| 353 | self._bail("unrecognized field type %s" % field_type) |
| 354 | |
Teng Qin | 0615bff | 2016-09-28 08:19:40 -0700 | [diff] [blame] | 355 | def _generate_usdt_filter_read(self): |
| 356 | text = "" |
| 357 | if self.probe_type == "u": |
| 358 | for arg, _ in Probe.aliases.items(): |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 359 | if not (arg.startswith("arg") and |
| 360 | (arg in self.filter)): |
Teng Qin | 0615bff | 2016-09-28 08:19:40 -0700 | [diff] [blame] | 361 | continue |
| 362 | arg_index = int(arg.replace("arg", "")) |
| 363 | arg_ctype = self.usdt.get_probe_arg_ctype( |
| 364 | self.usdt_name, arg_index) |
| 365 | if not arg_ctype: |
| 366 | self._bail("Unable to determine type of {} " |
| 367 | "in the filter".format(arg)) |
| 368 | text += """ |
| 369 | {} {}_filter; |
| 370 | bpf_usdt_readarg({}, ctx, &{}_filter); |
| 371 | """.format(arg_ctype, arg, arg_index, arg) |
| 372 | self.filter = self.filter.replace( |
| 373 | arg, "{}_filter".format(arg)) |
| 374 | return text |
| 375 | |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 376 | def generate_program(self, include_self): |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 377 | data_decl = self._generate_data_decl() |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 378 | # kprobes don't have built-in pid filters, so we have to add |
| 379 | # it to the function body: |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 380 | if len(self.library) == 0 and Probe.pid != -1: |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 381 | pid_filter = """ |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 382 | if (__pid != %d) { return 0; } |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 383 | """ % Probe.pid |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 384 | elif len(self.library) == 0 and Probe.tgid != -1: |
| 385 | pid_filter = """ |
| 386 | if (__tgid != %d) { return 0; } |
| 387 | """ % Probe.tgid |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 388 | elif not include_self: |
| 389 | pid_filter = """ |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 390 | if (__tgid == %d) { return 0; } |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 391 | """ % os.getpid() |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 392 | else: |
| 393 | pid_filter = "" |
| 394 | |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 395 | prefix = "" |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 396 | signature = "struct pt_regs *ctx" |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 397 | |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 398 | data_fields = "" |
| 399 | for i, expr in enumerate(self.values): |
| 400 | data_fields += self._generate_field_assign(i) |
| 401 | |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 402 | if self.probe_type == "t": |
| 403 | heading = "TRACEPOINT_PROBE(%s, %s)" % \ |
| 404 | (self.tp_category, self.tp_event) |
| 405 | ctx_name = "args" |
| 406 | else: |
| 407 | heading = "int %s(%s)" % (self.probe_name, signature) |
| 408 | ctx_name = "ctx" |
Sasha Goldshtein | 4725a72 | 2016-10-18 20:54:47 +0300 | [diff] [blame] | 409 | |
| 410 | stack_trace = "" |
| 411 | if self.user_stack: |
| 412 | stack_trace += """ |
| 413 | __data.user_stack_id = %s.get_stackid( |
| 414 | %s, BPF_F_REUSE_STACKID | BPF_F_USER_STACK |
| 415 | );""" % (self.stacks_name, ctx_name) |
| 416 | if self.kernel_stack: |
| 417 | stack_trace += """ |
| 418 | __data.kernel_stack_id = %s.get_stackid( |
| 419 | %s, BPF_F_REUSE_STACKID |
| 420 | );""" % (self.stacks_name, ctx_name) |
| 421 | |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 422 | text = heading + """ |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 423 | { |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 424 | u64 __pid_tgid = bpf_get_current_pid_tgid(); |
| 425 | u32 __tgid = __pid_tgid >> 32; |
| 426 | u32 __pid = __pid_tgid; // implicit cast to u32 for bottom half |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 427 | %s |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 428 | %s |
Teng Qin | 0615bff | 2016-09-28 08:19:40 -0700 | [diff] [blame] | 429 | %s |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 430 | if (!(%s)) return 0; |
| 431 | |
| 432 | struct %s __data = {0}; |
| 433 | __data.timestamp_ns = bpf_ktime_get_ns(); |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 434 | __data.tgid = __tgid; |
| 435 | __data.pid = __pid; |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 436 | bpf_get_current_comm(&__data.comm, sizeof(__data.comm)); |
| 437 | %s |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 438 | %s |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 439 | %s.perf_submit(%s, &__data, sizeof(__data)); |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 440 | return 0; |
| 441 | } |
| 442 | """ |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 443 | text = text % (pid_filter, prefix, |
Teng Qin | 0615bff | 2016-09-28 08:19:40 -0700 | [diff] [blame] | 444 | self._generate_usdt_filter_read(), self.filter, |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 445 | self.struct_name, data_fields, |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 446 | stack_trace, self.events_name, ctx_name) |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 447 | |
Sasha Goldshtein | f4797b0 | 2016-10-17 01:44:56 -0700 | [diff] [blame] | 448 | return self.streq_functions + data_decl + "\n" + text |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 449 | |
| 450 | @classmethod |
| 451 | def _time_off_str(cls, timestamp_ns): |
| 452 | return "%.6f" % (1e-9 * (timestamp_ns - cls.first_ts)) |
| 453 | |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 454 | def _display_function(self): |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 455 | if self.probe_type == 'p' or self.probe_type == 'r': |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 456 | return self.function |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 457 | elif self.probe_type == 'u': |
| 458 | return self.usdt_name |
| 459 | else: # self.probe_type == 't' |
| 460 | return self.tp_event |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 461 | |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 462 | def print_stack(self, bpf, stack_id, tgid): |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 463 | if stack_id < 0: |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 464 | print(" %d" % stack_id) |
| 465 | return |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 466 | |
| 467 | stack = list(bpf.get_table(self.stacks_name).walk(stack_id)) |
| 468 | for addr in stack: |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 469 | print(" %016x %s" % (addr, bpf.sym(addr, tgid))) |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 470 | |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 471 | def _format_message(self, bpf, tgid, values): |
| 472 | # Replace each %K with kernel sym and %U with user sym in tgid |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 473 | kernel_placeholders = [i for i in xrange(0, len(self.types)) |
| 474 | if self.types[i] == 'K'] |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 475 | user_placeholders = [i for i in xrange(0, len(self.types)) |
| 476 | if self.types[i] == 'U'] |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 477 | for kp in kernel_placeholders: |
| 478 | values[kp] = bpf.ksymaddr(values[kp]) |
| 479 | for up in user_placeholders: |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 480 | values[up] = bpf.symaddr(values[up], tgid) |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 481 | return self.python_format % tuple(values) |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 482 | |
| 483 | def print_event(self, bpf, cpu, data, size): |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 484 | # Cast as the generated structure type and display |
| 485 | # according to the format string in the probe. |
| 486 | event = ct.cast(data, ct.POINTER(self.python_struct)).contents |
| 487 | values = map(lambda i: getattr(event, "v%d" % i), |
| 488 | range(0, len(self.values))) |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 489 | msg = self._format_message(bpf, event.tgid, values) |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 490 | if not Probe.print_time: |
| 491 | print("%-6d %-6d %-12s %-16s %s" % |
| 492 | (event.tgid, event.pid, event.comm, |
| 493 | self._display_function(), msg)) |
| 494 | else: |
| 495 | time = strftime("%H:%M:%S") if Probe.use_localtime else \ |
| 496 | Probe._time_off_str(event.timestamp_ns) |
| 497 | print("%-8s %-6d %-6d %-12s %-16s %s" % |
| 498 | (time[:8], event.tgid, event.pid, event.comm, |
| 499 | self._display_function(), msg)) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 500 | |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 501 | if self.kernel_stack: |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 502 | self.print_stack(bpf, event.kernel_stack_id, -1) |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 503 | if self.user_stack: |
| 504 | self.print_stack(bpf, event.user_stack_id, event.tgid) |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 505 | if self.user_stack or self.kernel_stack: |
Sasha Goldshtein | accd4cf | 2016-10-11 07:56:13 -0700 | [diff] [blame] | 506 | print("") |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 507 | |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 508 | Probe.event_count += 1 |
| 509 | if Probe.max_events is not None and \ |
| 510 | Probe.event_count >= Probe.max_events: |
| 511 | exit() |
| 512 | |
| 513 | def attach(self, bpf, verbose): |
| 514 | if len(self.library) == 0: |
| 515 | self._attach_k(bpf) |
| 516 | else: |
| 517 | self._attach_u(bpf) |
| 518 | self.python_struct = self._generate_python_data_decl() |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 519 | callback = partial(self.print_event, bpf) |
| 520 | bpf[self.events_name].open_perf_buffer(callback) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 521 | |
| 522 | def _attach_k(self, bpf): |
| 523 | if self.probe_type == "r": |
| 524 | bpf.attach_kretprobe(event=self.function, |
| 525 | fn_name=self.probe_name) |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 526 | elif self.probe_type == "p": |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 527 | bpf.attach_kprobe(event=self.function, |
| 528 | fn_name=self.probe_name) |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 529 | # Note that tracepoints don't need an explicit attach |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 530 | |
| 531 | def _attach_u(self, bpf): |
| 532 | libpath = BPF.find_library(self.library) |
| 533 | if libpath is None: |
| 534 | # This might be an executable (e.g. 'bash') |
Sasha Goldshtein | ec67971 | 2016-10-04 18:33:36 +0300 | [diff] [blame] | 535 | libpath = BPF.find_exe(self.library) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 536 | if libpath is None or len(libpath) == 0: |
| 537 | self._bail("unable to find library %s" % self.library) |
| 538 | |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 539 | if self.probe_type == "u": |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 540 | pass # Was already enabled by the BPF constructor |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 541 | elif self.probe_type == "r": |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 542 | bpf.attach_uretprobe(name=libpath, |
| 543 | sym=self.function, |
| 544 | fn_name=self.probe_name, |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 545 | pid=Probe.pid) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 546 | else: |
| 547 | bpf.attach_uprobe(name=libpath, |
| 548 | sym=self.function, |
| 549 | fn_name=self.probe_name, |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 550 | pid=Probe.pid) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 551 | |
| 552 | class Tool(object): |
| 553 | examples = """ |
| 554 | EXAMPLES: |
| 555 | |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 556 | trace do_sys_open |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 557 | Trace the open syscall and print a default trace message when entered |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 558 | trace 'do_sys_open "%s", arg2' |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 559 | Trace the open syscall and print the filename being opened |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 560 | trace 'sys_read (arg3 > 20000) "read %d bytes", arg3' |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 561 | Trace the read syscall and print a message for reads >20000 bytes |
| 562 | trace 'r::do_sys_return "%llx", retval' |
| 563 | Trace the return from the open syscall and print the return value |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 564 | trace 'c:open (arg2 == 42) "%s %d", arg1, arg2' |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 565 | Trace the open() call from libc only if the flags (arg2) argument is 42 |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 566 | trace 'c:malloc "size = %d", arg1' |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 567 | Trace malloc calls and print the size being allocated |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 568 | trace 'p:c:write (arg1 == 1) "writing %d bytes to STDOUT", arg3' |
| 569 | Trace the write() call from libc to monitor writes to STDOUT |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 570 | trace 'r::__kmalloc (retval == 0) "kmalloc failed!"' |
Sasha Goldshtein | 8acd015 | 2016-02-22 02:25:03 -0800 | [diff] [blame] | 571 | Trace returns from __kmalloc which returned a null pointer |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 572 | trace 'r:c:malloc (retval) "allocated = %x", retval' |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 573 | Trace returns from malloc and print non-NULL allocated buffers |
Sasha Goldshtein | 376ae5c | 2016-10-04 19:49:57 +0300 | [diff] [blame] | 574 | trace 't:block:block_rq_complete "sectors=%d", args->nr_sector' |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 575 | Trace the block_rq_complete kernel tracepoint and print # of tx sectors |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 576 | trace 'u:pthread:pthread_create (arg4 != 0)' |
| 577 | Trace the USDT probe pthread_create when its 4th argument is non-zero |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 578 | """ |
| 579 | |
| 580 | def __init__(self): |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 581 | parser = argparse.ArgumentParser(description="Attach to " + |
| 582 | "functions and print trace messages.", |
| 583 | formatter_class=argparse.RawDescriptionHelpFormatter, |
| 584 | epilog=Tool.examples) |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 585 | # we'll refer to the userspace concepts of "pid" and "tid" by |
| 586 | # their kernel names -- tgid and pid -- inside the script |
| 587 | parser.add_argument("-p", "--pid", type=int, metavar="PID", |
| 588 | dest="tgid", help="id of the process to trace (optional)") |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 589 | parser.add_argument("-L", "--tid", type=int, metavar="TID", |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 590 | dest="pid", help="id of the thread to trace (optional)") |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 591 | parser.add_argument("-v", "--verbose", action="store_true", |
| 592 | help="print resulting BPF program code before executing") |
| 593 | parser.add_argument("-Z", "--string-size", type=int, |
| 594 | default=80, help="maximum size to read from strings") |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 595 | parser.add_argument("-S", "--include-self", |
| 596 | action="store_true", |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 597 | help="do not filter trace's own pid from the trace") |
| 598 | parser.add_argument("-M", "--max-events", type=int, |
| 599 | help="number of events to print before quitting") |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 600 | parser.add_argument("-t", "--timestamp", action="store_true", |
| 601 | help="print timestamp column (offset from trace start)") |
| 602 | parser.add_argument("-T", "--time", action="store_true", |
| 603 | help="print time column") |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 604 | parser.add_argument("-K", "--kernel-stack", |
| 605 | action="store_true", help="output kernel stack trace") |
| 606 | parser.add_argument("-U", "--user-stack", |
| 607 | action="store_true", help="output user stack trace") |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 608 | parser.add_argument(metavar="probe", dest="probes", nargs="+", |
| 609 | help="probe specifier (see examples)") |
Sasha Goldshtein | 4725a72 | 2016-10-18 20:54:47 +0300 | [diff] [blame] | 610 | parser.add_argument("-I", "--include", action="append", |
| 611 | metavar="header", |
| 612 | help="additional header files to include in the BPF program") |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 613 | self.args = parser.parse_args() |
Mark Drayton | aa6c916 | 2016-11-03 15:36:29 +0000 | [diff] [blame] | 614 | if self.args.tgid and self.args.pid: |
| 615 | parser.error("only one of -p and -t may be specified") |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 616 | |
| 617 | def _create_probes(self): |
| 618 | Probe.configure(self.args) |
| 619 | self.probes = [] |
| 620 | for probe_spec in self.args.probes: |
| 621 | self.probes.append(Probe( |
Teng Qin | 6b0ed37 | 2016-09-29 21:30:13 -0700 | [diff] [blame] | 622 | probe_spec, self.args.string_size, |
| 623 | self.args.kernel_stack, self.args.user_stack)) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 624 | |
| 625 | def _generate_program(self): |
| 626 | self.program = """ |
| 627 | #include <linux/ptrace.h> |
| 628 | #include <linux/sched.h> /* For TASK_COMM_LEN */ |
| 629 | |
| 630 | """ |
Sasha Goldshtein | 4725a72 | 2016-10-18 20:54:47 +0300 | [diff] [blame] | 631 | for include in (self.args.include or []): |
| 632 | self.program += "#include <%s>\n" % include |
Sasha Goldshtein | b950d6f | 2016-03-21 04:06:15 -0700 | [diff] [blame] | 633 | self.program += BPF.generate_auto_includes( |
Sasha Goldshtein | fd60d55 | 2016-03-01 12:15:34 -0800 | [diff] [blame] | 634 | map(lambda p: p.raw_probe, self.probes)) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 635 | for probe in self.probes: |
| 636 | self.program += probe.generate_program( |
Sasha Goldshtein | 3e39a08 | 2016-03-24 08:39:47 -0700 | [diff] [blame] | 637 | self.args.include_self) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 638 | |
| 639 | if self.args.verbose: |
| 640 | print(self.program) |
| 641 | |
| 642 | def _attach_probes(self): |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 643 | usdt_contexts = [] |
| 644 | for probe in self.probes: |
| 645 | if probe.usdt: |
| 646 | # USDT probes must be enabled before the BPF object |
| 647 | # is initialized, because that's where the actual |
| 648 | # uprobe is being attached. |
| 649 | probe.usdt.enable_probe( |
| 650 | probe.usdt_name, probe.probe_name) |
Sasha Goldshtein | f733cac | 2016-10-04 18:39:01 +0300 | [diff] [blame] | 651 | if self.args.verbose: |
| 652 | print(probe.usdt.get_text()) |
Sasha Goldshtein | 69e361a | 2016-09-27 19:40:00 +0300 | [diff] [blame] | 653 | usdt_contexts.append(probe.usdt) |
| 654 | self.bpf = BPF(text=self.program, usdt_contexts=usdt_contexts) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 655 | for probe in self.probes: |
| 656 | if self.args.verbose: |
| 657 | print(probe) |
| 658 | probe.attach(self.bpf, self.args.verbose) |
| 659 | |
| 660 | def _main_loop(self): |
| 661 | all_probes_trivial = all(map(Probe.is_default_action, |
| 662 | self.probes)) |
| 663 | |
| 664 | # Print header |
Sasha Goldshtein | 49d50ba | 2016-12-19 10:17:38 +0000 | [diff] [blame] | 665 | if self.args.timestamp or self.args.time: |
| 666 | print("%-8s %-6s %-6s %-12s %-16s %s" % |
| 667 | ("TIME", "PID", "TID", "COMM", "FUNC", |
| 668 | "-" if not all_probes_trivial else "")) |
| 669 | else: |
| 670 | print("%-6s %-6s %-12s %-16s %s" % |
| 671 | ("PID", "TID", "COMM", "FUNC", |
| 672 | "-" if not all_probes_trivial else "")) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 673 | |
| 674 | while True: |
| 675 | self.bpf.kprobe_poll() |
| 676 | |
| 677 | def run(self): |
| 678 | try: |
| 679 | self._create_probes() |
| 680 | self._generate_program() |
| 681 | self._attach_probes() |
| 682 | self._main_loop() |
| 683 | except: |
| 684 | if self.args.verbose: |
| 685 | traceback.print_exc() |
Brenden Blanco | de14f4f | 2016-04-08 15:52:55 -0700 | [diff] [blame] | 686 | elif sys.exc_info()[0] is not SystemExit: |
| 687 | print(sys.exc_info()[1]) |
Sasha Goldshtein | 38847f0 | 2016-02-22 02:19:24 -0800 | [diff] [blame] | 688 | |
| 689 | if __name__ == "__main__": |
Sasha Goldshtein | f41ae86 | 2016-10-19 01:14:30 +0300 | [diff] [blame] | 690 | Tool().run() |