Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / bcc / f4bf27517d1fe59ed915d7f8cb3610d4a58583ae / . / tools / statsnoop.py
blob: 38455d5f357553050cd2ce68424666001d5f7b6d [file] [log] [blame]
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]1#!/usr/bin/python
2# @lint-avoid-python-3-compatibility-imports
3#
4# statsnoop Trace stat() syscalls.
5# For Linux, uses BCC, eBPF. Embedded C.
6#
7# USAGE: statsnoop [-h] [-t] [-x] [-p PID]
8#
9# Copyright 2016 Netflix, Inc.
10# Licensed under the Apache License, Version 2.0 (the "License")
11#
12# 08-Feb-2016 Brendan Gregg Created this.
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]13# 17-Feb-2016 Allan McAleavy updated for BPF_PERF_OUTPUT
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]14
15from __future__ import print_function
16from bcc import BPF
17import argparse
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]18import ctypes as ct
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]19
20# arguments
21examples = """examples:
22 ./statsnoop # trace all stat() syscalls
23 ./statsnoop -t # include timestamps
24 ./statsnoop -x # only show failed stats
25 ./statsnoop -p 181 # only trace PID 181
26"""
27parser = argparse.ArgumentParser(
28 description="Trace stat() syscalls",
29 formatter_class=argparse.RawDescriptionHelpFormatter,
30 epilog=examples)
31parser.add_argument("-t", "--timestamp", action="store_true",
32 help="include timestamp on output")
33parser.add_argument("-x", "--failed", action="store_true",
34 help="only show failed stats")
35parser.add_argument("-p", "--pid",
36 help="trace this PID only")
37args = parser.parse_args()
38debug = 0
39
40# define BPF program
41bpf_text = """
42#include <uapi/linux/ptrace.h>
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]43#include <uapi/linux/limits.h>
44#include <linux/sched.h>
45
46struct val_t {
47 u32 pid;
48 u64 ts;
49 char comm[TASK_COMM_LEN];
50 const char *fname;
51};
52
53struct data_t {
54 u32 pid;
55 u64 ts;
56 u64 delta;
57 int ret;
58 char comm[TASK_COMM_LEN];
59 char fname[NAME_MAX];
60};
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]61
62BPF_HASH(args_filename, u32, const char *);
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]63BPF_HASH(infotmp, u32, struct val_t);
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]64BPF_PERF_OUTPUT(events);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]65
66int trace_entry(struct pt_regs *ctx, const char __user *filename)
67{
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]68 struct val_t val = {};
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]69 u32 pid = bpf_get_current_pid_tgid();
70
71 FILTER
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]72 if (bpf_get_current_comm(&val.comm, sizeof(val.comm)) == 0) {
73 val.pid = bpf_get_current_pid_tgid();
74 val.ts = bpf_ktime_get_ns();
75 val.fname = filename;
76 infotmp.update(&pid, &val);
77 }
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]78
79 return 0;
80};
81
82int trace_return(struct pt_regs *ctx)
83{
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]84 u32 pid = bpf_get_current_pid_tgid();
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]85 struct val_t *valp;
86 struct data_t data = {};
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]87
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]88 u64 tsp = bpf_ktime_get_ns();
89
90 valp = infotmp.lookup(&pid);
91 if (valp == 0) {
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]92 // missed entry
93 return 0;
94 }
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]95 bpf_probe_read(&data.comm, sizeof(data.comm), valp->comm);
96 bpf_probe_read(&data.fname, sizeof(data.fname), (void *)valp->fname);
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]97 data.pid = valp->pid;
98 data.delta = tsp - valp->ts;
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]99 data.ts = tsp / 1000;
Naveen N. Rao4afa96a2016-05-03 14:54:21 +0530[diff] [blame]100 data.ret = PT_REGS_RC(ctx);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]101
mcaleavya1a7bebf2016-02-18 22:30:33 +0000[diff] [blame]102 events.perf_submit(ctx, &data, sizeof(data));
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]103 infotmp.delete(&pid);
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]104 args_filename.delete(&pid);
105
106 return 0;
107}
108"""
109if args.pid:
110 bpf_text = bpf_text.replace('FILTER',
111 'if (pid != %s) { return 0; }' % args.pid)
112else:
113 bpf_text = bpf_text.replace('FILTER', '')
114if debug:
115 print(bpf_text)
116
117# initialize BPF
118b = BPF(text=bpf_text)
119b.attach_kprobe(event="sys_stat", fn_name="trace_entry")
120b.attach_kprobe(event="sys_statfs", fn_name="trace_entry")
121b.attach_kprobe(event="sys_newstat", fn_name="trace_entry")
122b.attach_kretprobe(event="sys_stat", fn_name="trace_return")
123b.attach_kretprobe(event="sys_statfs", fn_name="trace_return")
124b.attach_kretprobe(event="sys_newstat", fn_name="trace_return")
125
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]126TASK_COMM_LEN = 16 # linux/sched.h
127NAME_MAX = 255 # linux/limits.h
128
129class Data(ct.Structure):
130 _fields_ = [
131 ("pid", ct.c_ulonglong),
132 ("ts", ct.c_ulonglong),
133 ("delta", ct.c_ulonglong),
134 ("ret", ct.c_int),
135 ("comm", ct.c_char * TASK_COMM_LEN),
136 ("fname", ct.c_char * NAME_MAX)
137 ]
138
139start_ts = 0
140prev_ts = 0
141delta = 0
142
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]143# header
144if args.timestamp:
145 print("%-14s" % ("TIME(s)"), end="")
146print("%-6s %-16s %4s %3s %s" % ("PID", "COMM", "FD", "ERR", "PATH"))
147
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]148# process event
149def print_event(cpu, data, size):
150 event = ct.cast(data, ct.POINTER(Data)).contents
151 global start_ts
152 global prev_ts
153 global delta
154 global cont
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]155
156 # split return value into FD and errno columns
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]157 if event.ret >= 0:
158 fd_s = event.ret
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]159 err = 0
160 else:
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]161 fd_s = -1
162 err = - event.ret
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]163
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]164 if start_ts == 0:
165 prev_ts = start_ts
166
167 if start_ts == 1:
168 delta = float(delta) + (event.ts - prev_ts)
169
170 if (args.failed and (event.ret >= 0)):
171 start_ts = 1
172 prev_ts = event.ts
173 return
174
Brendan Greggad341c92016-02-09 00:31:24 -0800[diff] [blame]175 if args.timestamp:
mcaleavyae14f27f2016-02-17 22:12:44 +0000[diff] [blame]176 print("%-14.9f" % (delta / 1000000), end="")
177
178 print("%-6d %-16s %4d %3d %s" % (event.pid, event.comm,
179 fd_s, err, event.fname))
180
181 prev_ts = event.ts
182 start_ts = 1
183
184# loop with callback to print_event
185b["events"].open_perf_buffer(print_event)
186while 1:
187 b.kprobe_poll()