Re: [RFC PATCH] samples:bpf: introduce task detector

From: Andrii Nakryiko
Date: Thu May 28 2020 - 02:36:43 EST

On Wed, May 27, 2020 at 7:53 PM çè <> wrote:
> This is a tool to trace the related schedule events of a
> specified task, eg the migration, sched in/out, wakeup and
> sleep/block.
> The event was translated into sentence to be more readable,
> by execute command 'task_detector -p 49870' we continually
> tracing the schedule events related to 'top' like:
> ----------------------------
> 923455517688 CPU=23 PID=49870 COMM=top ENQUEUE
> 923455519633 CPU=23 PID=0 COMM=IDLE PREEMPTED 1945ns
> 923455519868 CPU=23 PID=49870 COMM=top EXECUTE AFTER WAITED 2180ns
> 923468279019 CPU=23 PID=49870 COMM=top WAIT AFTER EXECUTED 12ms
> 923468279220 CPU=23 PID=128 COMM=ksoftirqd/23 PREEMPT
> 923468283051 CPU=23 PID=128 COMM=ksoftirqd/23 DEQUEUE AFTER PREEMPTED 3831ns
> 923468283216 CPU=23 PID=49870 COMM=top EXECUTE AFTER WAITED 4197ns
> 923476280180 CPU=23 PID=49870 COMM=top WAIT AFTER EXECUTED 7996us
> 923476280350 CPU=23 PID=128 COMM=ksoftirqd/23 PREEMPT
> 923476322029 CPU=23 PID=128 COMM=ksoftirqd/23 DEQUEUE AFTER PREEMPTED 41us
> 923476322150 CPU=23 PID=49870 COMM=top EXECUTE AFTER WAITED 41us
> 923479726879 CPU=23 PID=49870 COMM=top DEQUEUE AFTER EXECUTED 3404us
> ----------------------------
> This could be helpful on debugging the competition on CPU
> resource, to find out who has stolen the CPU and how much
> it stolen.
> It can also tracing the syscall by append option -s.
> Signed-off-by: Michael Wang <>
> ---

I haven't looked through implementation thoroughly yet. But I have few
general remarks.

This looks like a useful and generic tool. I think it will get most
attention and be most useful if it will be part of BCC tools. There is
already a set of generic tools that use libbpf and CO-RE, see [0]. It
feels like this belongs there.

Some of the annoying parts (e.g., syscall name translation) is already
generalized as part of syscount tool PR (to be hopefully merged soon),
so you'll be able to save quite a lot of code with this. There is also
a common build infra that takes care of things like vmlinux.h, which
would provide definitions for all those xxx_args structs that you had
to manually define.

With CO-RE, it also will allow to compile this tool once and run it on
many different kernels without recompilation. Please do take a look
and submit a PR there, it will be a good addition to the toolkit (and
will force you write a bit of README explaining use of this tool as
well ;).

As for the code itself, I haven't gone through it much, but please
convert map definition syntax to BTF-defined one. The one you are
using is a legacy one. Thanks!


> samples/bpf/Makefile | 3 +
> samples/bpf/task_detector.h | 382 +++++++++++++++++++++++++++++++++++++++
> samples/bpf/task_detector_kern.c | 329 +++++++++++++++++++++++++++++++++
> samples/bpf/task_detector_user.c | 314 ++++++++++++++++++++++++++++++++
> 4 files changed, 1028 insertions(+)
> create mode 100644 samples/bpf/task_detector.h
> create mode 100644 samples/bpf/task_detector_kern.c
> create mode 100644 samples/bpf/task_detector_user.c