-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to dump processLRU #2246
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
3ae24c9
to
ceb385b
Compare
This patch adds support to print the contents of processLRU. This may be useful during debugging. Example: $ sudo ./tetra dump processlru process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" pid:{} uid:{} binary:"<kernel>" flags:"procFS" start_time:{seconds:1710835735 nanos:594078504} auid:{} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" tid:{}} color:"inUse" refcnt:{value:4} refcntOps:"{process++:1}|{parent++:3}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTg5MTAwMDAwMDA6NTY0" pid:{value:564} uid:{} cwd:"/" binary:"/usr/bin/containerd" flags:"procFS auid rootcwd" start_time:{seconds:1710835754 nanos:504077933} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:564}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzE1MDAwMDAwMDoyMTU=" pid:{value:215} uid:{} cwd:"/" binary:"/usr/bin/udevadm" flags:"procFS auid rootcwd" start_time:{seconds:1710835738 nanos:744077948} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:215}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDA5NDAwMDAwMDA6MTE1Mw==" pid:{value:1153} uid:{} cwd:"/" binary:"/usr/sbin/agetty" arguments:"-o \"-p -- \\u\" --noclear - linux" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:534077952} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1153}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDEwMzAwMDAwMDA6MTE2MA==" pid:{value:1160} uid:{} cwd:"/" binary:"/usr/lib/systemd/systemd-logind" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:624077943} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1160}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" [...] We also provide "--skip-zero-refcnt" command line argument to print only the entries with refcnt not equals to zero. $ sudo ./tetra dump processlru --skip-zero-refcnt process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTUzMDAwMDAwMDoxNDI=" pid:{value:142} uid:{} binary:"[kworker/3:1H-kblockd]" flags:"procFS" start_time:{seconds:1710835737 nanos:124077925} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:142}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjY0NTQ5MjAwMDAwMDAwOjM5OTAzNg==" pid:{value:399036} uid:{} binary:"[kworker/4:1-rcu_gp]" flags:"procFS" start_time:{seconds:1711100284 nanos:794077928} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:399036}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQ=" pid:{value:4} uid:{} binary:"[rcu_par_gp]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077916} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:4}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQw" pid:{value:40} uid:{} binary:"[ksoftirqd/4]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077932} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:40}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}" [...] Signed-off-by: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
ceb385b
to
7bff683
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much appreciated @tpapagian ;-)
When merged I will add a send signal to also dump this to logs
@@ -118,6 +121,20 @@ message GetVersionResponse{ | |||
string version = 1; | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add comments here so they show up on gRPC reference doc, that this is for debugging only , do not use it
google.protobuf.UInt32Value refcnt = 3; | ||
string refcntOps = 4; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here and others, as we may change later have a generic debugDump with what to dump as an encoded operation for all type of dumps
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also what does refcntOps mean here?
@@ -83,7 +83,7 @@ func GetProcessExec(event *MsgExecveEventUnix, useCache bool) *tetragon.ProcessE | |||
} | |||
|
|||
if parent != nil { | |||
parent.RefInc() | |||
parent.RefInc("parent") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe pass int constants and decode later to strings? up to you
refcnt uint32 | ||
color int // Writes should happen only inside gc select channel | ||
refcnt uint32 | ||
refcntOps map[string]int |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does refcntOps mean here? having some comments will help ;-)
func (pc *Cache) refDec(p *ProcessInternal, reason string) { | ||
p.refcntOpsLock.Lock() | ||
if val, ok := p.refcntOps[reason]; ok { | ||
p.refcntOps[reason] = val + 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the reason here could be parent or process right? a bit confused why it is an increment? what value we get from this? my simplest suggestion would say having a separate track of increment and decrements could be better, but I'm missing something here ;-)
This patch adds support to print the contents of processLRU. This may be useful during debugging.
Example:
We also provide
--skip-zero-refcnt
command line argument to print only the entries with refcnt not equals to zero.