On Thu, 27 May 2021 14:13:09 +0800 zhoufeng <zhoufeng.zf@xxxxxxxxxxxxx> wrote:
I'm surprised that it makes this much difference. Has DRGN been fullyDRGN is a tool similar to Crash, but much lighter. It allows users to
optimised to minimise the amount of pread()ing which it does? Why does
it do so much reading?
obtain kernel data structures from Python scripts. Based on this, we
intend to use DRGN for kernel monitoring. So we used some pressure test
scripts to test the loss of monitoring.
Monitoring is all about getting current real-time data, so every time
DRGN tries to get kernel data, it needs to read /proc/kcore. In my
script, I tried to loop 1000 times to obtain the information of all the
processes in the machine, in order to construct a scene where kernel
data is frequently read. So, the frequency in the default version of
kcore, pread is very high. In view of this situation, our optimization
idea is to reduce the number of context switches as much as possible
under the scenario of frequent kernel data acquisition, to reduce the
performance loss to a minimum, and then move the monitoring system to
the production environment.
Why would a pread() cause a context switch?
After running for a long time in a
production environment, the number of kernel data reads was added as
time went on, and the pread number also increased. If users use mmap,
it's once for all.