Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

full breakdown of syscalls by cgroup #425

Merged
merged 2 commits into from
Jan 28, 2025
+155 −21
Merged

full breakdown of syscalls by cgroup #425

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7a249fa
full breakdown of syscalls by cgroup
brayniac Jan 28, 2025
db672f3
fix comments
brayniac Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 76 additions & 3 deletions src/samplers/syscall/linux/counts/mod.bpf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,10 @@ struct {
__uint(max_entries, MAX_SYSCALL_ID);
} syscall_lut SEC(".maps");

// per-cgroup syscalls - other
/*
* per-cgroup counters
*/

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
Expand All @@ -75,7 +78,6 @@ struct {
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_other SEC(".maps");

// per-cgroup syscalls - read
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
Expand All @@ -84,7 +86,6 @@ struct {
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_read SEC(".maps");

// per-cgroup syscalls - write
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
Expand All @@ -93,6 +94,54 @@ struct {
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_write SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_poll SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_lock SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_time SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_sleep SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_socket SEC(".maps");

struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(map_flags, BPF_F_MMAPABLE);
__type(key, u32);
__type(value, u64);
__uint(max_entries, MAX_CGROUPS);
} cgroup_syscall_yield SEC(".maps");

SEC("tracepoint/raw_syscalls/sys_enter")
int sys_enter(struct trace_event_raw_sys_enter *args)
{
Expand Down Expand Up @@ -138,6 +187,12 @@ int sys_enter(struct trace_event_raw_sys_enter *args)
bpf_map_update_elem(&cgroup_syscall_other, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_read, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_write, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_poll, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_lock, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_time, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_sleep, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_socket, &cgroup_id, &zero, BPF_ANY);
bpf_map_update_elem(&cgroup_syscall_yield, &cgroup_id, &zero, BPF_ANY);

// initialize the cgroup info
struct cgroup_info cginfo = {
Expand Down Expand Up @@ -167,6 +222,24 @@ int sys_enter(struct trace_event_raw_sys_enter *args)
case 2:
array_incr(&cgroup_syscall_write, cgroup_id);
break;
case 3:
array_incr(&cgroup_syscall_poll, cgroup_id);
break;
case 4:
array_incr(&cgroup_syscall_lock, cgroup_id);
break;
case 5:
array_incr(&cgroup_syscall_time, cgroup_id);
break;
case 6:
array_incr(&cgroup_syscall_sleep, cgroup_id);
break;
case 7:
array_incr(&cgroup_syscall_socket, cgroup_id);
break;
case 8:
array_incr(&cgroup_syscall_yield, cgroup_id);
break;
default:
array_incr(&cgroup_syscall_other, cgroup_id);
break;
Expand Down
31 changes: 21 additions & 10 deletions src/samplers/syscall/linux/counts/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,9 @@
/// * `raw_syscalls/sys_enter`
///
/// And produces these stats:
/// * `syscall/total`
/// * `syscall/read`
/// * `syscall/write`
/// * `syscall/poll`
/// * `syscall/lock`
/// * `syscall/time`
/// * `syscall/sleep`
/// * `syscall/socket`
/// * `syscall/yield`
/// * `syscall`
/// * `cgroup_syscall`

Check warning

Code scanning / clippy

empty line after doc comment Warning

empty line after doc comment

Check warning

Code scanning / clippy

empty line after doc comment Warning

empty line after doc comment
const NAME: &str = "syscall_counts";

mod bpf {
Expand All @@ -19,7 +12,7 @@
}

mod stats;

Check warning

Code scanning / clippy

empty line after doc comment Warning

empty line after doc comment

Check warning

Code scanning / clippy

empty line after doc comment Warning

empty line after doc comment
use bpf::*;
use stats::*;

Expand Down Expand Up @@ -63,7 +56,13 @@
if !name.is_empty() {
CGROUP_SYSCALL_OTHER.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_READ.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_WRITE.insert_metadata(id as usize, "name".to_string(), name);
CGROUP_SYSCALL_WRITE.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_POLL.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_LOCK.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_TIME.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_SLEEP.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_SOCKET.insert_metadata(id as usize, "name".to_string(), name.clone());
CGROUP_SYSCALL_YIELD.insert_metadata(id as usize, "name".to_string(), name);
}
}

Expand Down Expand Up @@ -94,6 +93,12 @@
.packed_counters("cgroup_syscall_other", &CGROUP_SYSCALL_OTHER)
.packed_counters("cgroup_syscall_read", &CGROUP_SYSCALL_READ)
.packed_counters("cgroup_syscall_write", &CGROUP_SYSCALL_WRITE)
.packed_counters("cgroup_syscall_poll", &CGROUP_SYSCALL_POLL)
.packed_counters("cgroup_syscall_lock", &CGROUP_SYSCALL_LOCK)
.packed_counters("cgroup_syscall_time", &CGROUP_SYSCALL_TIME)
.packed_counters("cgroup_syscall_sleep", &CGROUP_SYSCALL_SLEEP)
.packed_counters("cgroup_syscall_socket", &CGROUP_SYSCALL_SOCKET)
.packed_counters("cgroup_syscall_yield", &CGROUP_SYSCALL_YIELD)
.ringbuf_handler("cgroup_info", handle_event)
.build()?;

Expand All @@ -107,6 +112,12 @@
"cgroup_syscall_other" => &self.maps.cgroup_syscall_other,
"cgroup_syscall_read" => &self.maps.cgroup_syscall_read,
"cgroup_syscall_write" => &self.maps.cgroup_syscall_write,
"cgroup_syscall_poll" => &self.maps.cgroup_syscall_poll,
"cgroup_syscall_lock" => &self.maps.cgroup_syscall_lock,
"cgroup_syscall_time" => &self.maps.cgroup_syscall_time,
"cgroup_syscall_sleep" => &self.maps.cgroup_syscall_sleep,
"cgroup_syscall_socket" => &self.maps.cgroup_syscall_socket,
"cgroup_syscall_yield" => &self.maps.cgroup_syscall_yield,
"counters" => &self.maps.counters,
"syscall_lut" => &self.maps.syscall_lut,
_ => unimplemented!(),
Expand Down
66 changes: 58 additions & 8 deletions src/samplers/syscall/linux/counts/stats.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,17 @@ use metriken::*;

use crate::common::*;

/*
* system-wide
*/

#[metric(
name = "syscall",
description = "The total number of syscalls",
metadata = { unit = "syscalls", op = "other" }
)]
pub static SYSCALL_OTHER: LazyCounter = LazyCounter::new(Counter::default);

#[metric(
name = "syscall",
description = "The number of read related syscalls (read, recvfrom, ...)",
Expand Down Expand Up @@ -58,30 +69,69 @@ pub static SYSCALL_SOCKET: LazyCounter = LazyCounter::new(Counter::default);
)]
pub static SYSCALL_YIELD: LazyCounter = LazyCounter::new(Counter::default);

/*
* per-cgroup
*/

#[metric(
name = "syscall",
description = "The total number of syscalls",
name = "cgroup_syscall",
description = "The total number of syscalls on a per-cgroup basis",
metadata = { unit = "syscalls", op = "other" }
)]
pub static SYSCALL_OTHER: LazyCounter = LazyCounter::new(Counter::default);
pub static CGROUP_SYSCALL_OTHER: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of read related syscalls (read, recvfrom, ...)",
description = "The number of read related syscalls on a per-cgroup basis (read, recvfrom, ...)",
metadata = { unit = "syscalls", op = "read" }
)]
pub static CGROUP_SYSCALL_READ: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of write related syscalls (write, sendto, ...)",
description = "The number of write related syscalls on a per-cgroup basis (write, sendto, ...)",
metadata = { unit = "syscalls", op = "write" }
)]
pub static CGROUP_SYSCALL_WRITE: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The total number of syscalls on a per-cgroup basis",
metadata = { unit = "syscalls", op = "other" }
description = "The number of poll related syscalls on a per-cgroup basis (poll, select, epoll, ...)",
metadata = { unit = "syscalls", op = "poll" }
)]
pub static CGROUP_SYSCALL_OTHER: CounterGroup = CounterGroup::new(MAX_CGROUPS);
pub static CGROUP_SYSCALL_POLL: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of lock related syscalls on a per-cgroup basis (futex, ...)",
metadata = { unit = "syscalls", op = "lock" }
)]
pub static CGROUP_SYSCALL_LOCK: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of time related syscalls on a per-cgroup basis (clock_gettime, clock_settime, clock_getres, ...)",
metadata = { unit = "syscalls", op = "time" }
)]
pub static CGROUP_SYSCALL_TIME: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of sleep related syscalls on a per-cgroup basis (nanosleep, clock_nanosleep, ...)",
metadata = { unit = "syscalls", op = "sleep" }
)]
pub static CGROUP_SYSCALL_SLEEP: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of socket related syscalls on a per-cgroup basis (accept, connect, bind, setsockopt, ...)",
metadata = { unit = "syscalls", op = "socket" }
)]
pub static CGROUP_SYSCALL_SOCKET: CounterGroup = CounterGroup::new(MAX_CGROUPS);

#[metric(
name = "cgroup_syscall",
description = "The number of socket related syscalls on a per-cgroup basis (sched_yield, ...)",
metadata = { unit = "syscalls", op = "yield" }
)]
pub static CGROUP_SYSCALL_YIELD: CounterGroup = CounterGroup::new(MAX_CGROUPS);
Loading