Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / bcc / refs/tags/rel/13/fp3/6.A.025.0 / . / tools / trace.py
blob: b51cccff8354dac1f31a7a52407e90dc085fb265 [file] [log] [blame]
Alexey Ivanovcc01a9c2019-01-16 09:50:46 -0800[diff] [blame]1#!/usr/bin/python
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]2#
3# trace Trace a function and print a trace message based on its
4# parameters, with an optional filter.
5#
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]6# usage: trace [-h] [-p PID] [-L TID] [-v] [-Z STRING_SIZE] [-S] [-c cgroup_path]
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]7# [-M MAX_EVENTS] [-s SYMBOLFILES] [-T] [-t] [-K] [-U] [-a] [-I header]
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]8# [-A]
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]9# probe [probe ...]
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]10#
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]11# Licensed under the Apache License, Version 2.0 (the "License")
12# Copyright (C) 2016 Sasha Goldshtein.
13
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]14from __future__ import print_function
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]15from bcc import BPF, USDT, StrcmpRewrite
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]16from functools import partial
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]17from time import strftime
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]18import time
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]19import argparse
20import re
21import ctypes as ct
22import os
23import traceback
24import sys
25
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]26class Probe(object):
27 probe_count = 0
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]28 streq_index = 0
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]29 max_events = None
30 event_count = 0
31 first_ts = 0
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]32 first_ts_real = None
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]33 print_time = False
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]34 print_unix_timestamp = False
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]35 use_localtime = True
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]36 time_field = False
37 print_cpu = False
Mirek Klimose5382282018-01-26 14:52:50 -0800[diff] [blame]38 print_address = False
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]39 tgid = -1
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]40 pid = -1
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]41 uid = -1
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]42 page_cnt = None
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]43 build_id_enabled = False
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]44 aggregate = False
45 symcount = {}
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]46
47 @classmethod
48 def configure(cls, args):
49 cls.max_events = args.max_events
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]50 cls.print_time = args.timestamp or args.time
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]51 cls.print_unix_timestamp = args.unix_timestamp
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]52 cls.use_localtime = not args.timestamp
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]53 cls.time_field = cls.print_time and (not cls.use_localtime)
54 cls.print_cpu = args.print_cpu
Mirek Klimose5382282018-01-26 14:52:50 -0800[diff] [blame]55 cls.print_address = args.address
Sasha Goldshtein60c41922017-02-09 04:19:53 -0500[diff] [blame]56 cls.first_ts = BPF.monotonic_time()
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]57 cls.first_ts_real = time.time()
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]58 cls.tgid = args.tgid or -1
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]59 cls.pid = args.pid or -1
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]60 cls.uid = args.uid or -1
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]61 cls.page_cnt = args.buffer_pages
Nikita V. Shirokov3953c702018-07-27 16:13:47 -0700[diff] [blame]62 cls.bin_cmp = args.bin_cmp
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]63 cls.build_id_enabled = args.sym_file_list is not None
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]64 cls.aggregate = args.aggregate
65 if cls.aggregate and cls.max_events is None:
66 raise ValueError("-M/--max-events should be specified"
67 " with -A/--aggregate")
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]68
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]69 def __init__(self, probe, string_size, kernel_stack, user_stack,
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]70 cgroup_map_name, name, msg_filter):
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]71 self.usdt = None
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]72 self.streq_functions = ""
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]73 self.raw_probe = probe
74 self.string_size = string_size
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]75 self.kernel_stack = kernel_stack
76 self.user_stack = user_stack
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]77 self.probe_user_list = set()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]78 Probe.probe_count += 1
79 self._parse_probe()
80 self.probe_num = Probe.probe_count
81 self.probe_name = "probe_%s_%d" % \
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]82 (self._display_function(), self.probe_num)
Paul Chaignon956ca1c2017-03-04 20:07:56 +0100[diff] [blame]83 self.probe_name = re.sub(r'[^A-Za-z0-9_]', '_',
84 self.probe_name)
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]85 self.cgroup_map_name = cgroup_map_name
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]86 if name is None:
87 # An empty bytestring is always contained in the command
88 # name so this will always succeed.
89 self.name = b''
90 else:
91 self.name = name.encode('ascii')
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]92 self.msg_filter = msg_filter
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]93 # compiler can generate proper codes for function
94 # signatures with "syscall__" prefix
95 if self.is_syscall_kprobe:
96 self.probe_name = "syscall__" + self.probe_name[6:]
97
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]98 def __str__(self):
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]99 return "%s:%s:%s FLT=%s ACT=%s/%s" % (self.probe_type,
100 self.library, self._display_function(), self.filter,
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]101 self.types, self.values)
102
103 def is_default_action(self):
104 return self.python_format == ""
105
106 def _bail(self, error):
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]107 raise ValueError("error in probe '%s': %s" %
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]108 (self.raw_probe, error))
109
110 def _parse_probe(self):
111 text = self.raw_probe
112
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]113 # There might be a function signature preceding the actual
114 # filter/print part, or not. Find the probe specifier first --
115 # it ends with either a space or an open paren ( for the
116 # function signature part.
117 # opt. signature
118 # probespec | rest
119 # --------- ---------- --
120 (spec, sig, rest) = re.match(r'([^ \t\(]+)(\([^\(]*\))?(.*)',
121 text).groups()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]122
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]123 self._parse_spec(spec)
Paul Chaignon956ca1c2017-03-04 20:07:56 +0100[diff] [blame]124 # Remove the parens
125 self.signature = sig[1:-1] if sig else None
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]126 if self.signature and self.probe_type in ['u', 't']:
127 self._bail("USDT and tracepoint probes can't have " +
128 "a function signature; use arg1, arg2, " +
129 "... instead")
130
131 text = rest.lstrip()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]132 # If we now have a (, wait for the balanced closing ) and that
133 # will be the predicate
134 self.filter = None
135 if len(text) > 0 and text[0] == "(":
136 balance = 1
137 for i in range(1, len(text)):
138 if text[i] == "(":
139 balance += 1
140 if text[i] == ")":
141 balance -= 1
142 if balance == 0:
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]143 self._parse_filter(text[:i + 1])
144 text = text[i + 1:]
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]145 break
146 if self.filter is None:
147 self._bail("unmatched end of predicate")
148
149 if self.filter is None:
150 self.filter = "1"
151
152 # The remainder of the text is the printf action
153 self._parse_action(text.lstrip())
154
Ferenc Fejesd7b427e2020-08-01 21:18:57 +0200[diff] [blame]155 def _parse_offset(self, func_and_offset):
156 func, offset_str = func_and_offset.split("+")
157 try:
158 if "x" in offset_str or "X" in offset_str:
159 offset = int(offset_str, 16)
160 else:
161 offset = int(offset_str)
162 except ValueError:
163 self._bail("invalid offset format " +
164 " '%s', must be decimal or hexadecimal" % offset_str)
165
166 return func, offset
167
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]168 def _parse_spec(self, spec):
169 parts = spec.split(":")
170 # Two special cases: 'func' means 'p::func', 'lib:func' means
171 # 'p:lib:func'. Other combinations need to provide an empty
172 # value between delimiters, e.g. 'r::func' for a kretprobe on
173 # the function func.
174 if len(parts) == 1:
175 parts = ["p", "", parts[0]]
176 elif len(parts) == 2:
177 parts = ["p", parts[0], parts[1]]
178 if len(parts[0]) == 0:
179 self.probe_type = "p"
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]180 elif parts[0] in ["p", "r", "t", "u"]:
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]181 self.probe_type = parts[0]
182 else:
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]183 self._bail("probe type must be '', 'p', 't', 'r', " +
184 "or 'u', but got '%s'" % parts[0])
Ferenc Fejesd7b427e2020-08-01 21:18:57 +0200[diff] [blame]185 self.offset = 0
186 if "+" in parts[-1]:
187 parts[-1], self.offset = self._parse_offset(parts[-1])
188
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]189 if self.probe_type == "t":
190 self.tp_category = parts[1]
191 self.tp_event = parts[2]
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]192 self.library = "" # kernel
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]193 self.function = "" # from TRACEPOINT_PROBE
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]194 elif self.probe_type == "u":
Fuji Goro21625162020-03-08 08:16:54 +0000[diff] [blame]195 # u:<library>[:<provider>]:<probe> where :<provider> is optional
196 self.library = parts[1]
197 self.usdt_name = ":".join(parts[2:])
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]198 self.function = "" # no function, just address
199 # We will discover the USDT provider by matching on
200 # the USDT name in the specified library
201 self._find_usdt_probe()
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]202 else:
vkhromov5a2b39e2017-07-14 20:42:29 +0100[diff] [blame]203 self.library = ':'.join(parts[1:-1])
204 self.function = parts[-1]
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]205
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]206 # only x64 syscalls needs checking, no other syscall wrapper yet.
207 self.is_syscall_kprobe = False
208 if self.probe_type == "p" and len(self.library) == 0 and \
209 self.function[:10] == "__x64_sys_":
210 self.is_syscall_kprobe = True
211
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]212 def _find_usdt_probe(self):
Sasha Goldshteindd045362016-11-13 05:07:38 -0800[diff] [blame]213 target = Probe.pid if Probe.pid and Probe.pid != -1 \
214 else Probe.tgid
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]215 self.usdt = USDT(path=self.library, pid=target)
Fuji Goro21625162020-03-08 08:16:54 +0000[diff] [blame]216
217 parts = self.usdt_name.split(":")
218 if len(parts) == 1:
219 provider_name = None
220 usdt_name = parts[0].encode("ascii")
221 else:
222 provider_name = parts[0].encode("ascii")
223 usdt_name = parts[1].encode("ascii")
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]224 for probe in self.usdt.enumerate_probes():
Fuji Goro21625162020-03-08 08:16:54 +0000[diff] [blame]225 if ((not provider_name or probe.provider == provider_name)
226 and probe.name == usdt_name):
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]227 return # Found it, will enable later
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]228 self._bail("unrecognized USDT probe %s" % self.usdt_name)
229
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]230 def _parse_filter(self, filt):
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]231 self.filter = self._rewrite_expr(filt)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]232
233 def _parse_types(self, fmt):
234 for match in re.finditer(
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]235 r'[^%]%(s|u|d|lu|llu|ld|lld|hu|hd|x|lx|llx|c|K|U)', fmt):
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]236 self.types.append(match.group(1))
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]237 fmt = re.sub(r'([^%]%)(u|d|lu|llu|ld|lld|hu|hd)', r'\1d', fmt)
238 fmt = re.sub(r'([^%]%)(x|lx|llx)', r'\1x', fmt)
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]239 fmt = re.sub('%K|%U', '%s', fmt)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]240 self.python_format = fmt.strip('"')
241
242 def _parse_action(self, action):
243 self.values = []
244 self.types = []
245 self.python_format = ""
246 if len(action) == 0:
247 return
248
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]249 action = action.strip()
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]250 match = re.search(r'(\".*?\"),?(.*)', action)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]251 if match is None:
252 self._bail("expected format string in \"s")
253
254 self.raw_format = match.group(1)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]255 self._parse_types(self.raw_format)
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]256 for part in re.split('(?<!"),', match.group(2)):
257 part = self._rewrite_expr(part)
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]258 if len(part) > 0:
259 self.values.append(part)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]260
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]261 aliases_arg = {
Naveen N. Rao4afa96a2016-05-03 14:54:21 +0530[diff] [blame]262 "arg1": "PT_REGS_PARM1(ctx)",
263 "arg2": "PT_REGS_PARM2(ctx)",
264 "arg3": "PT_REGS_PARM3(ctx)",
265 "arg4": "PT_REGS_PARM4(ctx)",
266 "arg5": "PT_REGS_PARM5(ctx)",
267 "arg6": "PT_REGS_PARM6(ctx)",
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]268 }
269
270 aliases_indarg = {
Prashant Bhole05765ee2018-12-28 01:47:56 +0900[diff] [blame]271 "arg1": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]272 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM1(_ctx))); _val;})",
Xiaozhou Liu25a0ef32019-01-14 14:14:43 +0800[diff] [blame]273 "arg2": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]274 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM2(_ctx))); _val;})",
Xiaozhou Liu25a0ef32019-01-14 14:14:43 +0800[diff] [blame]275 "arg3": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]276 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM3(_ctx))); _val;})",
Xiaozhou Liu25a0ef32019-01-14 14:14:43 +0800[diff] [blame]277 "arg4": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]278 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM4(_ctx))); _val;})",
Xiaozhou Liu25a0ef32019-01-14 14:14:43 +0800[diff] [blame]279 "arg5": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]280 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM5(_ctx))); _val;})",
Xiaozhou Liu25a0ef32019-01-14 14:14:43 +0800[diff] [blame]281 "arg6": "({u64 _val; struct pt_regs *_ctx = (struct pt_regs *)PT_REGS_PARM1(ctx);"
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]282 " bpf_probe_read_kernel(&_val, sizeof(_val), &(PT_REGS_PARM6(_ctx))); _val;})",
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]283 }
284
285 aliases_common = {
286 "retval": "PT_REGS_RC(ctx)",
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]287 "$uid": "(unsigned)(bpf_get_current_uid_gid() & 0xffffffff)",
288 "$gid": "(unsigned)(bpf_get_current_uid_gid() >> 32)",
289 "$pid": "(unsigned)(bpf_get_current_pid_tgid() & 0xffffffff)",
290 "$tgid": "(unsigned)(bpf_get_current_pid_tgid() >> 32)",
Yonghong Songf92fef22018-01-24 20:51:46 -0800[diff] [blame]291 "$cpu": "bpf_get_smp_processor_id()",
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]292 "$task": "((struct task_struct *)bpf_get_current_task())"
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]293 }
294
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]295 def _rewrite_expr(self, expr):
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]296 # Find the occurances of any arg[1-6]@user. Use it later to
297 # identify bpf_probe_read_user
298 for matches in re.finditer(r'(arg[1-6])(@user)', expr):
299 if matches.group(1).strip() not in self.probe_user_list:
300 self.probe_user_list.add(matches.group(1).strip())
301 # Remove @user occurrences from arg before resolving to its
302 # corresponding aliases.
303 expr = re.sub(r'(arg[1-6])@user', r'\1', expr)
304 rdict = StrcmpRewrite.rewrite_expr(expr,
305 self.bin_cmp, self.library,
306 self.probe_user_list, self.streq_functions,
307 Probe.streq_index)
308 expr = rdict["expr"]
309 self.streq_functions = rdict["streq_functions"]
310 Probe.streq_index = rdict["probeid"]
311 alias_to_check = Probe.aliases_indarg \
312 if self.is_syscall_kprobe \
313 else Probe.aliases_arg
314 # For USDT probes, we replace argN values with the
315 # actual arguments for that probe obtained using
316 # bpf_readarg_N macros emitted at BPF construction.
317 if not self.probe_type == "u":
318 for alias, replacement in alias_to_check.items():
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]319 expr = expr.replace(alias, replacement)
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]320 for alias, replacement in Probe.aliases_common.items():
321 expr = expr.replace(alias, replacement)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]322 return expr
323
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]324 p_type = {"u": ct.c_uint, "d": ct.c_int, "lu": ct.c_ulong,
325 "ld": ct.c_long,
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]326 "llu": ct.c_ulonglong, "lld": ct.c_longlong,
327 "hu": ct.c_ushort, "hd": ct.c_short,
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]328 "x": ct.c_uint, "lx": ct.c_ulong, "llx": ct.c_ulonglong,
329 "c": ct.c_ubyte,
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]330 "K": ct.c_ulonglong, "U": ct.c_ulonglong}
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]331
332 def _generate_python_field_decl(self, idx, fields):
333 field_type = self.types[idx]
334 if field_type == "s":
335 ptype = ct.c_char * self.string_size
336 else:
337 ptype = Probe.p_type[field_type]
338 fields.append(("v%d" % idx, ptype))
339
340 def _generate_python_data_decl(self):
341 self.python_struct_name = "%s_%d_Data" % \
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]342 (self._display_function(), self.probe_num)
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]343 fields = []
344 if self.time_field:
345 fields.append(("timestamp_ns", ct.c_ulonglong))
346 if self.print_cpu:
347 fields.append(("cpu", ct.c_int))
348 fields.extend([
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]349 ("tgid", ct.c_uint),
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]350 ("pid", ct.c_uint),
351 ("comm", ct.c_char * 16) # TASK_COMM_LEN
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]352 ])
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]353 for i in range(0, len(self.types)):
354 self._generate_python_field_decl(i, fields)
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]355 if self.kernel_stack:
356 fields.append(("kernel_stack_id", ct.c_int))
357 if self.user_stack:
358 fields.append(("user_stack_id", ct.c_int))
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]359 return type(self.python_struct_name, (ct.Structure,),
360 dict(_fields_=fields))
361
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]362 c_type = {"u": "unsigned int", "d": "int",
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]363 "lu": "unsigned long", "ld": "long",
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]364 "llu": "unsigned long long", "lld": "long long",
365 "hu": "unsigned short", "hd": "short",
yonghong-songf7202572018-09-19 08:50:59 -0700[diff] [blame]366 "x": "unsigned int", "lx": "unsigned long",
367 "llx": "unsigned long long",
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]368 "c": "char", "K": "unsigned long long",
369 "U": "unsigned long long"}
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]370 fmt_types = c_type.keys()
371
372 def _generate_field_decl(self, idx):
373 field_type = self.types[idx]
374 if field_type == "s":
375 return "char v%d[%d];\n" % (idx, self.string_size)
376 if field_type in Probe.fmt_types:
377 return "%s v%d;\n" % (Probe.c_type[field_type], idx)
378 self._bail("unrecognized format specifier %s" % field_type)
379
380 def _generate_data_decl(self):
381 # The BPF program will populate values into the struct
382 # according to the format string, and the Python program will
383 # construct the final display string.
384 self.events_name = "%s_events" % self.probe_name
385 self.struct_name = "%s_data_t" % self.probe_name
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]386 self.stacks_name = "%s_stacks" % self.probe_name
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]387 stack_type = "BPF_STACK_TRACE" if self.build_id_enabled is False \
388 else "BPF_STACK_TRACE_BUILDID"
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]389 stack_table = "%s(%s, 1024);" % (stack_type, self.stacks_name) \
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]390 if (self.kernel_stack or self.user_stack) else ""
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]391 data_fields = ""
392 for i, field_type in enumerate(self.types):
393 data_fields += " " + \
394 self._generate_field_decl(i)
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]395 time_str = "u64 timestamp_ns;" if self.time_field else ""
396 cpu_str = "int cpu;" if self.print_cpu else ""
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]397 kernel_stack_str = " int kernel_stack_id;" \
398 if self.kernel_stack else ""
399 user_stack_str = " int user_stack_id;" \
400 if self.user_stack else ""
401
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]402 text = """
403struct %s
404{
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]405%s
406%s
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]407 u32 tgid;
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]408 u32 pid;
409 char comm[TASK_COMM_LEN];
410%s
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]411%s
412%s
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]413 u32 uid;
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]414};
415
416BPF_PERF_OUTPUT(%s);
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]417%s
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]418"""
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]419 return text % (self.struct_name, time_str, cpu_str, data_fields,
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]420 kernel_stack_str, user_stack_str,
421 self.events_name, stack_table)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]422
423 def _generate_field_assign(self, idx):
424 field_type = self.types[idx]
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]425 expr = self.values[idx].strip()
426 text = ""
427 if self.probe_type == "u" and expr[0:3] == "arg":
Sasha Goldshtein3a5256f2017-02-20 15:42:57 +0000[diff] [blame]428 arg_index = int(expr[3])
429 arg_ctype = self.usdt.get_probe_arg_ctype(
430 self.usdt_name, arg_index - 1)
431 text = (" %s %s = 0;\n" +
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]432 " bpf_usdt_readarg(%s, ctx, &%s);\n") \
Sasha Goldshtein3a5256f2017-02-20 15:42:57 +0000[diff] [blame]433 % (arg_ctype, expr, expr[3], expr)
Sumanth Korikkar7f6066d2020-05-20 10:49:56 -0500[diff] [blame]434 probe_read_func = "bpf_probe_read_kernel"
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]435 if field_type == "s":
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]436 if self.library:
437 probe_read_func = "bpf_probe_read_user"
438 else:
439 alias_to_check = Probe.aliases_indarg \
440 if self.is_syscall_kprobe \
441 else Probe.aliases_arg
442 for arg, alias in alias_to_check.items():
443 if alias == expr and arg in self.probe_user_list:
444 probe_read_func = "bpf_probe_read_user"
445 break
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]446 return text + """
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]447 if (%s != 0) {
yonghong-song61484e12018-09-17 22:24:31 -0700[diff] [blame]448 void *__tmp = (void *)%s;
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]449 %s(&__data.v%d, sizeof(__data.v%d), __tmp);
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]450 }
Sumanth Korikkar7cbd0742020-04-27 09:09:28 -0500[diff] [blame]451 """ % (expr, expr, probe_read_func, idx, idx)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]452 if field_type in Probe.fmt_types:
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]453 return text + " __data.v%d = (%s)%s;\n" % \
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]454 (idx, Probe.c_type[field_type], expr)
455 self._bail("unrecognized field type %s" % field_type)
456
Teng Qin0615bff2016-09-28 08:19:40 -0700[diff] [blame]457 def _generate_usdt_filter_read(self):
458 text = ""
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]459 if self.probe_type != "u":
460 return text
yonghong-song2da34262018-06-13 06:12:22 -0700[diff] [blame]461 for arg, _ in Probe.aliases_arg.items():
462 if not (arg in self.filter):
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]463 continue
464 arg_index = int(arg.replace("arg", ""))
465 arg_ctype = self.usdt.get_probe_arg_ctype(
Sasha Goldshteindcf16752017-01-17 07:40:57 +0000[diff] [blame]466 self.usdt_name, arg_index - 1)
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]467 if not arg_ctype:
468 self._bail("Unable to determine type of {} "
469 "in the filter".format(arg))
470 text += """
Teng Qin0615bff2016-09-28 08:19:40 -0700[diff] [blame]471 {} {}_filter;
472 bpf_usdt_readarg({}, ctx, &{}_filter);
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]473 """.format(arg_ctype, arg, arg_index, arg)
474 self.filter = self.filter.replace(
475 arg, "{}_filter".format(arg))
Teng Qin0615bff2016-09-28 08:19:40 -0700[diff] [blame]476 return text
477
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]478 def generate_program(self, include_self):
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]479 data_decl = self._generate_data_decl()
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]480 if Probe.pid != -1:
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]481 pid_filter = """
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]482 if (__pid != %d) { return 0; }
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]483 """ % Probe.pid
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]484 # uprobes can have a built-in tgid filter passed to
485 # attach_uprobe, hence the check here -- for kprobes, we
486 # need to do the tgid test by hand:
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]487 elif len(self.library) == 0 and Probe.tgid != -1:
488 pid_filter = """
489 if (__tgid != %d) { return 0; }
490 """ % Probe.tgid
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]491 elif not include_self:
492 pid_filter = """
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]493 if (__tgid == %d) { return 0; }
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]494 """ % os.getpid()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]495 else:
496 pid_filter = ""
497
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]498 if Probe.uid != -1:
499 uid_filter = """
500 if (__uid != %d) { return 0; }
501 """ % Probe.uid
502 else:
503 uid_filter = ""
504
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]505 if self.cgroup_map_name is not None:
506 cgroup_filter = """
507 if (%s.check_current_task(0) <= 0) { return 0; }
508 """ % self.cgroup_map_name
509 else:
510 cgroup_filter = ""
511
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]512 prefix = ""
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]513 signature = "struct pt_regs *ctx"
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]514 if self.signature:
515 signature += ", " + self.signature
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]516
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]517 data_fields = ""
518 for i, expr in enumerate(self.values):
519 data_fields += self._generate_field_assign(i)
520
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]521 if self.probe_type == "t":
522 heading = "TRACEPOINT_PROBE(%s, %s)" % \
523 (self.tp_category, self.tp_event)
524 ctx_name = "args"
525 else:
526 heading = "int %s(%s)" % (self.probe_name, signature)
527 ctx_name = "ctx"
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]528
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]529 time_str = """
530 __data.timestamp_ns = bpf_ktime_get_ns();""" if self.time_field else ""
531 cpu_str = """
532 __data.cpu = bpf_get_smp_processor_id();""" if self.print_cpu else ""
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]533 stack_trace = ""
534 if self.user_stack:
535 stack_trace += """
536 __data.user_stack_id = %s.get_stackid(
Yonghong Song90f20862019-11-27 09:16:23 -0800[diff] [blame]537 %s, BPF_F_USER_STACK
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]538 );""" % (self.stacks_name, ctx_name)
539 if self.kernel_stack:
540 stack_trace += """
541 __data.kernel_stack_id = %s.get_stackid(
Yonghong Song90f20862019-11-27 09:16:23 -0800[diff] [blame]542 %s, 0
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]543 );""" % (self.stacks_name, ctx_name)
544
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]545 text = heading + """
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]546{
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]547 u64 __pid_tgid = bpf_get_current_pid_tgid();
548 u32 __tgid = __pid_tgid >> 32;
549 u32 __pid = __pid_tgid; // implicit cast to u32 for bottom half
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]550 u32 __uid = bpf_get_current_uid_gid();
551 %s
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]552 %s
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]553 %s
Teng Qin0615bff2016-09-28 08:19:40 -0700[diff] [blame]554 %s
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]555 %s
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]556 if (!(%s)) return 0;
557
558 struct %s __data = {0};
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]559 %s
560 %s
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]561 __data.tgid = __tgid;
562 __data.pid = __pid;
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]563 __data.uid = __uid;
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]564 bpf_get_current_comm(&__data.comm, sizeof(__data.comm));
565%s
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]566%s
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]567 %s.perf_submit(%s, &__data, sizeof(__data));
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]568 return 0;
569}
570"""
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]571 text = text % (pid_filter, uid_filter, cgroup_filter, prefix,
Teng Qin0615bff2016-09-28 08:19:40 -0700[diff] [blame]572 self._generate_usdt_filter_read(), self.filter,
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]573 self.struct_name, time_str, cpu_str, data_fields,
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]574 stack_trace, self.events_name, ctx_name)
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]575
Sasha Goldshteinf4797b02016-10-17 01:44:56 -0700[diff] [blame]576 return self.streq_functions + data_decl + "\n" + text
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]577
578 @classmethod
579 def _time_off_str(cls, timestamp_ns):
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]580 offset = 1e-9 * (timestamp_ns - cls.first_ts)
581 if cls.print_unix_timestamp:
582 return "%.6f" % (offset + cls.first_ts_real)
583 else:
584 return "%.6f" % offset
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]585
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]586 def _display_function(self):
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]587 if self.probe_type == 'p' or self.probe_type == 'r':
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]588 return self.function
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]589 elif self.probe_type == 'u':
590 return self.usdt_name
591 else: # self.probe_type == 't'
592 return self.tp_event
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]593
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]594 def _stack_to_string(self, bpf, stack_id, tgid):
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]595 if stack_id < 0:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]596 return (" %d" % stack_id)
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]597
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]598 stackstr = ''
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]599 stack = list(bpf.get_table(self.stacks_name).walk(stack_id))
600 for addr in stack:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]601 stackstr += ' '
Mirek Klimose5382282018-01-26 14:52:50 -0800[diff] [blame]602 if Probe.print_address:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]603 stackstr += ("%16x " % addr)
604 symstr = bpf.sym(addr, tgid, show_module=True, show_offset=True)
605 stackstr += ('%s\n' % (symstr.decode('utf-8')))
606
607 return stackstr
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]608
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]609 def _format_message(self, bpf, tgid, values):
610 # Replace each %K with kernel sym and %U with user sym in tgid
Rafael Fonsecaaee5ecf2017-02-08 16:14:31 +0100[diff] [blame]611 kernel_placeholders = [i for i, t in enumerate(self.types)
612 if t == 'K']
613 user_placeholders = [i for i, t in enumerate(self.types)
614 if t == 'U']
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]615 for kp in kernel_placeholders:
Sasha Goldshtein01553852017-02-09 03:58:09 -0500[diff] [blame]616 values[kp] = bpf.ksym(values[kp], show_offset=True)
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]617 for up in user_placeholders:
Sasha Goldshtein1e34f4e2017-02-09 00:21:49 -0500[diff] [blame]618 values[up] = bpf.sym(values[up], tgid,
Sasha Goldshtein01553852017-02-09 03:58:09 -0500[diff] [blame]619 show_module=True, show_offset=True)
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]620 return self.python_format % tuple(values)
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]621
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]622 def print_aggregate_events(self):
623 for k, v in sorted(self.symcount.items(), key=lambda item: \
624 item[1], reverse=True):
625 print("%s-->COUNT %d\n\n" % (k, v), end="")
626
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]627 def print_event(self, bpf, cpu, data, size):
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]628 # Cast as the generated structure type and display
629 # according to the format string in the probe.
630 event = ct.cast(data, ct.POINTER(self.python_struct)).contents
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]631 if self.name not in event.comm:
tty59ce7b7e2019-12-04 22:49:38 +0800[diff] [blame]632 return
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]633 values = map(lambda i: getattr(event, "v%d" % i),
634 range(0, len(self.values)))
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]635 msg = self._format_message(bpf, event.tgid, values)
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]636 if self.msg_filter and self.msg_filter not in msg:
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]637 return
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]638 eventstr = ''
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]639 if Probe.print_time:
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]640 time = strftime("%H:%M:%S") if Probe.use_localtime else \
641 Probe._time_off_str(event.timestamp_ns)
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]642 if Probe.print_unix_timestamp:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]643 eventstr += ("%-17s " % time[:17])
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]644 else:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]645 eventstr += ("%-8s " % time[:8])
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]646 if Probe.print_cpu:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]647 eventstr += ("%-3s " % event.cpu)
648 eventstr += ("%-7d %-7d %-15s %-16s %s\n" %
jeromemarchandb96ebcd2018-10-10 01:58:15 +0200[diff] [blame]649 (event.tgid, event.pid,
650 event.comm.decode('utf-8', 'replace'),
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]651 self._display_function(), msg))
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]652
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]653 if self.kernel_stack:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]654 eventstr += self._stack_to_string(bpf, event.kernel_stack_id, -1)
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]655 if self.user_stack:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]656 eventstr += self._stack_to_string(bpf, event.user_stack_id, event.tgid)
657
658 if self.aggregate is False:
659 print(eventstr, end="")
660 if self.kernel_stack or self.user_stack:
Sasha Goldshteinaccd4cf2016-10-11 07:56:13 -0700[diff] [blame]661 print("")
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]662 else:
663 if eventstr in self.symcount:
664 self.symcount[eventstr] += 1
665 else:
666 self.symcount[eventstr] = 1
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]667
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]668 Probe.event_count += 1
669 if Probe.max_events is not None and \
670 Probe.event_count >= Probe.max_events:
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]671 if self.aggregate:
672 self.print_aggregate_events()
673 sys.stdout.flush()
674 exit()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]675
676 def attach(self, bpf, verbose):
677 if len(self.library) == 0:
678 self._attach_k(bpf)
679 else:
680 self._attach_u(bpf)
681 self.python_struct = self._generate_python_data_decl()
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]682 callback = partial(self.print_event, bpf)
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]683 bpf[self.events_name].open_perf_buffer(callback,
684 page_cnt=self.page_cnt)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]685
686 def _attach_k(self, bpf):
687 if self.probe_type == "r":
688 bpf.attach_kretprobe(event=self.function,
689 fn_name=self.probe_name)
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]690 elif self.probe_type == "p":
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]691 bpf.attach_kprobe(event=self.function,
Ferenc Fejesd7b427e2020-08-01 21:18:57 +0200[diff] [blame]692 fn_name=self.probe_name,
693 event_off=self.offset)
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]694 # Note that tracepoints don't need an explicit attach
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]695
696 def _attach_u(self, bpf):
697 libpath = BPF.find_library(self.library)
698 if libpath is None:
699 # This might be an executable (e.g. 'bash')
Sasha Goldshteinec679712016-10-04 18:33:36 +0300[diff] [blame]700 libpath = BPF.find_exe(self.library)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]701 if libpath is None or len(libpath) == 0:
702 self._bail("unable to find library %s" % self.library)
703
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]704 if self.probe_type == "u":
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]705 pass # Was already enabled by the BPF constructor
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]706 elif self.probe_type == "r":
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]707 bpf.attach_uretprobe(name=libpath,
708 sym=self.function,
709 fn_name=self.probe_name,
Sasha Goldshteinb6300922017-01-16 18:43:11 +0000[diff] [blame]710 pid=Probe.tgid)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]711 else:
712 bpf.attach_uprobe(name=libpath,
713 sym=self.function,
714 fn_name=self.probe_name,
Ferenc Fejesd7b427e2020-08-01 21:18:57 +0200[diff] [blame]715 pid=Probe.tgid,
716 sym_off=self.offset)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]717
718class Tool(object):
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]719 DEFAULT_PERF_BUFFER_PAGES = 64
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]720 examples = """
721EXAMPLES:
722
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]723trace do_sys_open
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]724 Trace the open syscall and print a default trace message when entered
Ferenc Fejesd7b427e2020-08-01 21:18:57 +0200[diff] [blame]725trace kfree_skb+0x12
726 Trace the kfree_skb kernel function after the instruction on the 0x12 offset
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]727trace 'do_sys_open "%s", arg2@user'
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]728 Trace the open syscall and print the filename being opened @user is
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]729 added to arg2 in kprobes to ensure that char * should be copied from
730 the userspace stack to the bpf stack. If not specified, previous
731 behaviour is expected.
732
733trace 'do_sys_open "%s", arg2@user' -n main
tty59ce7b7e2019-12-04 22:49:38 +0800[diff] [blame]734 Trace the open syscall and only print event that process names containing "main"
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]735trace 'do_sys_open "%s", arg2@user' --uid 1001
736 Trace the open syscall and only print event that processes with user ID 1001
737trace 'do_sys_open "%s", arg2@user' -f config
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]738 Trace the open syscall and print the filename being opened filtered by "config"
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]739trace 'sys_read (arg3 > 20000) "read %d bytes", arg3'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]740 Trace the read syscall and print a message for reads >20000 bytes
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]741trace 'r::do_sys_open "%llx", retval'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]742 Trace the return from the open syscall and print the return value
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]743trace 'c:open (arg2 == 42) "%s %d", arg1, arg2'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]744 Trace the open() call from libc only if the flags (arg2) argument is 42
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]745trace 'c:malloc "size = %d", arg1'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]746 Trace malloc calls and print the size being allocated
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]747trace 'p:c:write (arg1 == 1) "writing %d bytes to STDOUT", arg3'
748 Trace the write() call from libc to monitor writes to STDOUT
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]749trace 'r::__kmalloc (retval == 0) "kmalloc failed!"'
Sasha Goldshtein8acd0152016-02-22 02:25:03 -0800[diff] [blame]750 Trace returns from __kmalloc which returned a null pointer
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]751trace 'r:c:malloc (retval) "allocated = %x", retval'
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]752 Trace returns from malloc and print non-NULL allocated buffers
Sasha Goldshtein376ae5c2016-10-04 19:49:57 +0300[diff] [blame]753trace 't:block:block_rq_complete "sectors=%d", args->nr_sector'
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]754 Trace the block_rq_complete kernel tracepoint and print # of tx sectors
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]755trace 'u:pthread:pthread_create (arg4 != 0)'
756 Trace the USDT probe pthread_create when its 4th argument is non-zero
Fuji Goro21625162020-03-08 08:16:54 +0000[diff] [blame]757trace 'u:pthread:libpthread:pthread_create (arg4 != 0)'
758 Ditto, but the provider name "libpthread" is specified.
Sasha Goldshtein23e72b82017-01-17 08:49:36 +0000[diff] [blame]759trace 'p::SyS_nanosleep(struct timespec *ts) "sleep for %lld ns", ts->tv_nsec'
760 Trace the nanosleep syscall and print the sleep duration in ns
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]761trace -c /sys/fs/cgroup/system.slice/workload.service '__x64_sys_nanosleep' '__x64_sys_clone'
762 Trace nanosleep/clone syscall calls only under workload.service
763 cgroup hierarchy.
Yonghong Songf4470dc2017-12-13 14:12:13 -0800[diff] [blame]764trace -I 'linux/fs.h' \\
765 'p::uprobe_register(struct inode *inode) "a_ops = %llx", inode->i_mapping->a_ops'
766 Trace the uprobe_register inode mapping ops, and the symbol can be found
767 in /proc/kallsyms
768trace -I 'kernel/sched/sched.h' \\
769 'p::__account_cfs_rq_runtime(struct cfs_rq *cfs_rq) "%d", cfs_rq->runtime_remaining'
770 Trace the cfs scheduling runqueue remaining runtime. The struct cfs_rq is defined
771 in kernel/sched/sched.h which is in kernel source tree and not in kernel-devel
772 package. So this command needs to run at the kernel source tree root directory
773 so that the added header file can be found by the compiler.
tehnerd86293f02018-01-23 21:21:58 -0800[diff] [blame]774trace -I 'net/sock.h' \\
775 'udpv6_sendmsg(struct sock *sk) (sk->sk_dport == 13568)'
776 Trace udpv6 sendmsg calls only if socket's destination port is equal
777 to 53 (DNS; 13568 in big endian order)
Yonghong Songf92fef22018-01-24 20:51:46 -0800[diff] [blame]778trace -I 'linux/fs_struct.h' 'mntns_install "users = %d", $task->fs->users'
779 Trace the number of users accessing the file system of the current task
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]780trace -s /lib/x86_64-linux-gnu/libc.so.6,/bin/ping 'p:c:inet_pton' -U
781 Trace inet_pton system call and use the specified libraries/executables for
782 symbol resolution.
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]783"""
784
785 def __init__(self):
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]786 parser = argparse.ArgumentParser(description="Attach to " +
787 "functions and print trace messages.",
788 formatter_class=argparse.RawDescriptionHelpFormatter,
789 epilog=Tool.examples)
Mark Drayton5f5687e2017-02-20 18:13:03 +0000[diff] [blame]790 parser.add_argument("-b", "--buffer-pages", type=int,
791 default=Tool.DEFAULT_PERF_BUFFER_PAGES,
792 help="number of pages to use for perf_events ring buffer "
793 "(default: %(default)d)")
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]794 # we'll refer to the userspace concepts of "pid" and "tid" by
795 # their kernel names -- tgid and pid -- inside the script
796 parser.add_argument("-p", "--pid", type=int, metavar="PID",
797 dest="tgid", help="id of the process to trace (optional)")
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]798 parser.add_argument("-L", "--tid", type=int, metavar="TID",
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]799 dest="pid", help="id of the thread to trace (optional)")
evilpanf32f7722021-12-11 00:58:51 +0800[diff] [blame]800 parser.add_argument("--uid", type=int, metavar="UID",
801 dest="uid", help="id of the user to trace (optional)")
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]802 parser.add_argument("-v", "--verbose", action="store_true",
803 help="print resulting BPF program code before executing")
804 parser.add_argument("-Z", "--string-size", type=int,
805 default=80, help="maximum size to read from strings")
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]806 parser.add_argument("-S", "--include-self",
807 action="store_true",
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]808 help="do not filter trace's own pid from the trace")
809 parser.add_argument("-M", "--max-events", type=int,
810 help="number of events to print before quitting")
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]811 parser.add_argument("-t", "--timestamp", action="store_true",
812 help="print timestamp column (offset from trace start)")
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]813 parser.add_argument("-u", "--unix-timestamp", action="store_true",
814 help="print UNIX timestamp instead of offset from trace start, requires -t")
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]815 parser.add_argument("-T", "--time", action="store_true",
816 help="print time column")
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]817 parser.add_argument("-C", "--print_cpu", action="store_true",
818 help="print CPU id")
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]819 parser.add_argument("-c", "--cgroup-path", type=str,
820 metavar="CGROUP_PATH", dest="cgroup_path",
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]821 help="cgroup path")
tty59ce7b7e2019-12-04 22:49:38 +0800[diff] [blame]822 parser.add_argument("-n", "--name", type=str,
823 help="only print process names containing this name")
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]824 parser.add_argument("-f", "--msg-filter", type=str, dest="msg_filter",
825 help="only print the msg of event containing this string")
Nikita V. Shirokov3953c702018-07-27 16:13:47 -0700[diff] [blame]826 parser.add_argument("-B", "--bin_cmp", action="store_true",
827 help="allow to use STRCMP with binary values")
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]828 parser.add_argument('-s', "--sym_file_list", type=str,
829 metavar="SYM_FILE_LIST", dest="sym_file_list",
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]830 help="coma separated list of symbol files to use \
831 for symbol resolution")
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]832 parser.add_argument("-K", "--kernel-stack",
833 action="store_true", help="output kernel stack trace")
834 parser.add_argument("-U", "--user-stack",
835 action="store_true", help="output user stack trace")
Mirek Klimose5382282018-01-26 14:52:50 -0800[diff] [blame]836 parser.add_argument("-a", "--address", action="store_true",
837 help="print virtual address in stacks")
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]838 parser.add_argument(metavar="probe", dest="probes", nargs="+",
839 help="probe specifier (see examples)")
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]840 parser.add_argument("-I", "--include", action="append",
841 metavar="header",
ShelbyFrancesf5dbbdb2017-02-08 05:56:52 +0300[diff] [blame]842 help="additional header files to include in the BPF program "
Yonghong Songf4470dc2017-12-13 14:12:13 -0800[diff] [blame]843 "as either full path, "
844 "or relative to current working directory, "
845 "or relative to default kernel header search path")
zhenwei pi047541c2022-01-13 19:56:32 +0800[diff] [blame]846 parser.add_argument("-A", "--aggregate", action="store_true",
847 help="aggregate amount of each trace")
Nathan Scottcf0792f2018-02-02 16:56:50 +1100[diff] [blame]848 parser.add_argument("--ebpf", action="store_true",
849 help=argparse.SUPPRESS)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]850 self.args = parser.parse_args()
Mark Draytonaa6c9162016-11-03 15:36:29 +0000[diff] [blame]851 if self.args.tgid and self.args.pid:
Yonghong Songf4470dc2017-12-13 14:12:13 -0800[diff] [blame]852 parser.error("only one of -p and -L may be specified")
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]853 if self.args.cgroup_path is not None:
854 self.cgroup_map_name = "__cgroup"
855 else:
856 self.cgroup_map_name = None
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]857
858 def _create_probes(self):
859 Probe.configure(self.args)
860 self.probes = []
861 for probe_spec in self.args.probes:
862 self.probes.append(Probe(
Teng Qin6b0ed372016-09-29 21:30:13 -0700[diff] [blame]863 probe_spec, self.args.string_size,
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]864 self.args.kernel_stack, self.args.user_stack,
tty55cf529e2019-12-06 17:52:56 +0800[diff] [blame]865 self.cgroup_map_name, self.args.name, self.args.msg_filter))
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]866
867 def _generate_program(self):
868 self.program = """
869#include <linux/ptrace.h>
870#include <linux/sched.h> /* For TASK_COMM_LEN */
871
872"""
Sasha Goldshtein4725a722016-10-18 20:54:47 +0300[diff] [blame]873 for include in (self.args.include or []):
ShelbyFrancesf5dbbdb2017-02-08 05:56:52 +0300[diff] [blame]874 if include.startswith((".", "/")):
875 include = os.path.abspath(include)
876 self.program += "#include \"%s\"\n" % include
877 else:
878 self.program += "#include <%s>\n" % include
Sasha Goldshteinb950d6f2016-03-21 04:06:15 -0700[diff] [blame]879 self.program += BPF.generate_auto_includes(
Sasha Goldshteinfd60d552016-03-01 12:15:34 -0800[diff] [blame]880 map(lambda p: p.raw_probe, self.probes))
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]881 if self.cgroup_map_name is not None:
882 self.program += "BPF_CGROUP_ARRAY(%s, 1);\n" % \
883 self.cgroup_map_name
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]884 for probe in self.probes:
885 self.program += probe.generate_program(
Sasha Goldshtein3e39a082016-03-24 08:39:47 -0700[diff] [blame]886 self.args.include_self)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]887
Nathan Scottcf0792f2018-02-02 16:56:50 +1100[diff] [blame]888 if self.args.verbose or self.args.ebpf:
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]889 print(self.program)
Nathan Scottcf0792f2018-02-02 16:56:50 +1100[diff] [blame]890 if self.args.ebpf:
891 exit()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]892
893 def _attach_probes(self):
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]894 usdt_contexts = []
895 for probe in self.probes:
896 if probe.usdt:
897 # USDT probes must be enabled before the BPF object
898 # is initialized, because that's where the actual
899 # uprobe is being attached.
900 probe.usdt.enable_probe(
901 probe.usdt_name, probe.probe_name)
Sasha Goldshteinf733cac2016-10-04 18:39:01 +0300[diff] [blame]902 if self.args.verbose:
903 print(probe.usdt.get_text())
Sasha Goldshtein69e361a2016-09-27 19:40:00 +0300[diff] [blame]904 usdt_contexts.append(probe.usdt)
905 self.bpf = BPF(text=self.program, usdt_contexts=usdt_contexts)
vijunag9924e642019-01-23 12:35:33 +0530[diff] [blame]906 if self.args.sym_file_list is not None:
907 print("Note: Kernel bpf will report stack map with ip/build_id")
908 map(lambda x: self.bpf.add_module(x), self.args.sym_file_list.split(','))
yonghong-songc2a530b2019-10-20 09:35:55 -0700[diff] [blame]909
910 # if cgroup filter is requested, update the cgroup array map
911 if self.cgroup_map_name is not None:
912 cgroup_array = self.bpf.get_table(self.cgroup_map_name)
913 cgroup_array[0] = self.args.cgroup_path
914
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]915 for probe in self.probes:
916 if self.args.verbose:
917 print(probe)
918 probe.attach(self.bpf, self.args.verbose)
919
920 def _main_loop(self):
921 all_probes_trivial = all(map(Probe.is_default_action,
922 self.probes))
923
924 # Print header
Sasha Goldshtein49d50ba2016-12-19 10:17:38 +0000[diff] [blame]925 if self.args.timestamp or self.args.time:
Maik Riechert3a0d3c42019-05-23 17:57:10 +0100[diff] [blame]926 col_fmt = "%-17s " if self.args.unix_timestamp else "%-8s "
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]927 print(col_fmt % "TIME", end="")
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]928 if self.args.print_cpu:
Jonathan Giddyec0691e2021-02-21 09:44:26 +0000[diff] [blame]929 print("%-3s " % "CPU", end="")
Teng Qinc200b6c2017-12-16 00:15:55 -0800[diff] [blame]930 print("%-7s %-7s %-15s %-16s %s" %
931 ("PID", "TID", "COMM", "FUNC",
932 "-" if not all_probes_trivial else ""))
Alban Crequy8bb4e472019-12-21 16:09:53 +0100[diff] [blame]933 sys.stdout.flush()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]934
935 while True:
Teng Qindbf00292018-02-28 21:47:50 -0800[diff] [blame]936 self.bpf.perf_buffer_poll()
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]937
938 def run(self):
939 try:
940 self._create_probes()
941 self._generate_program()
942 self._attach_probes()
943 self._main_loop()
944 except:
Sasha Goldshtein2febc292017-02-13 20:25:32 -0500[diff] [blame]945 exc_info = sys.exc_info()
946 sys_exit = exc_info[0] is SystemExit
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]947 if self.args.verbose:
948 traceback.print_exc()
Sasha Goldshtein2febc292017-02-13 20:25:32 -0500[diff] [blame]949 elif not sys_exit:
950 print(exc_info[1])
951 exit(0 if sys_exit else 1)
Sasha Goldshtein38847f02016-02-22 02:19:24 -0800[diff] [blame]952
953if __name__ == "__main__":
Sasha Goldshteinf41ae862016-10-19 01:14:30 +0300[diff] [blame]954 Tool().run()