Add support to dump processLRU #2246
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
3ae24c9
to
ceb385b
Compare
This patch adds support to print the contents of processLRU. This may be useful during debugging.
Example:
$ sudo ./tetra dump processlru
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" pid:{} uid:{} binary:"<kernel>" flags:"procFS" start_time:{seconds:1710835735 nanos:594078504} auid:{} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" tid:{}} color:"inUse" refcnt:{value:4} refcntOps:"{process++:1}|{parent++:3}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTg5MTAwMDAwMDA6NTY0" pid:{value:564} uid:{} cwd:"/" binary:"/usr/bin/containerd" flags:"procFS auid rootcwd" start_time:{seconds:1710835754 nanos:504077933} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:564}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzE1MDAwMDAwMDoyMTU=" pid:{value:215} uid:{} cwd:"/" binary:"/usr/bin/udevadm" flags:"procFS auid rootcwd" start_time:{seconds:1710835738 nanos:744077948} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:215}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDA5NDAwMDAwMDA6MTE1Mw==" pid:{value:1153} uid:{} cwd:"/" binary:"/usr/sbin/agetty" arguments:"-o \"-p -- \\u\" --noclear - linux" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:534077952} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1153}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDEwMzAwMDAwMDA6MTE2MA==" pid:{value:1160} uid:{} cwd:"/" binary:"/usr/lib/systemd/systemd-logind" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:624077943} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1160}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
[...]
We also provide "--skip-zero-refcnt" command line argument to print only the entries with refcnt not equals to zero.
$ sudo ./tetra dump processlru --skip-zero-refcnt
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTUzMDAwMDAwMDoxNDI=" pid:{value:142} uid:{} binary:"[kworker/3:1H-kblockd]" flags:"procFS" start_time:{seconds:1710835737 nanos:124077925} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:142}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjY0NTQ5MjAwMDAwMDAwOjM5OTAzNg==" pid:{value:399036} uid:{} binary:"[kworker/4:1-rcu_gp]" flags:"procFS" start_time:{seconds:1711100284 nanos:794077928} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:399036}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQ=" pid:{value:4} uid:{} binary:"[rcu_par_gp]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077916} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:4}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQw" pid:{value:40} uid:{} binary:"[ksoftirqd/4]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077932} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:40}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
[...]
Signed-off-by: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
ceb385b
to
7bff683
Compare
tixxdz
reviewed
Mar 22, 2024
There was a problem hiding this comment.
Much appreciated @tpapagian ;-)
When merged I will add a send signal to also dump this to logs
| @@ -118,6 +121,20 @@ message GetVersionResponse{ | |||
| string version = 1; | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Could you please add comments here so they show up on gRPC reference doc, that this is for debugging only , do not use it
| google.protobuf.UInt32Value refcnt = 3; | ||
| string refcntOps = 4; | ||
| } | ||
|
|
There was a problem hiding this comment.
same here and others, as we may change later have a generic debugDump with what to dump as an encoded operation for all type of dumps
There was a problem hiding this comment.
Also what does refcntOps mean here?
| @@ -83,7 +83,7 @@ func GetProcessExec(event *MsgExecveEventUnix, useCache bool) *tetragon.ProcessE | |||
| } | |||
|
|
|||
| if parent != nil { | |||
| parent.RefInc() | |||
| parent.RefInc("parent") | |||
There was a problem hiding this comment.
maybe pass int constants and decode later to strings? up to you
| refcnt uint32 | ||
| color int // Writes should happen only inside gc select channel | ||
| refcnt uint32 | ||
| refcntOps map[string]int |
There was a problem hiding this comment.
What does refcntOps mean here? having some comments will help ;-)
| func (pc *Cache) refDec(p *ProcessInternal, reason string) { | ||
| p.refcntOpsLock.Lock() | ||
| if val, ok := p.refcntOps[reason]; ok { | ||
| p.refcntOps[reason] = val + 1 |
There was a problem hiding this comment.
I guess the reason here could be parent or process right? a bit confused why it is an increment? what value we get from this? my simplest suggestion would say having a separate track of increment and decrements could be better, but I'm missing something here ;-)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch adds support to print the contents of processLRU. This may be useful during debugging.
Example:
We also provide
--skip-zero-refcntcommand line argument to print only the entries with refcnt not equals to zero.