1 // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
2 // Copyright (c) 2021 Hengqi Chen
3 //
4 // Based on statsnoop(8) from BCC by Brendan Gregg.
5 // 09-May-2021 Hengqi Chen Created this.
6 #include <argp.h>
7 #include <errno.h>
8 #include <signal.h>
9 #include <time.h>
10
11 #include <bpf/libbpf.h>
12 #include <bpf/bpf.h>
13 #include "statsnoop.h"
14 #include "statsnoop.skel.h"
15 #include "trace_helpers.h"
16
17 #define PERF_BUFFER_PAGES 16
18 #define PERF_POLL_TIMEOUT_MS 100
19 #define warn(...) fprintf(stderr, __VA_ARGS__)
20
21 static volatile sig_atomic_t exiting = 0;
22
23 static pid_t target_pid = 0;
24 static bool trace_failed_only = false;
25 static bool emit_timestamp = false;
26 static bool verbose = false;
27
28 const char *argp_program_version = "statsnoop 0.1";
29 const char *argp_program_bug_address =
30 "https://github.com/iovisor/bcc/tree/master/libbpf-tools";
31 const char argp_program_doc[] =
32 "Trace stat syscalls.\n"
33 "\n"
34 "USAGE: statsnoop [-h] [-t] [-x] [-p PID]\n"
35 "\n"
36 "EXAMPLES:\n"
37 " statsnoop # trace all stat syscalls\n"
38 " statsnoop -t # include timestamps\n"
39 " statsnoop -x # only show failed stats\n"
40 " statsnoop -p 1216 # only trace PID 1216\n";
41
42 static const struct argp_option opts[] = {
43 { "pid", 'p', "PID", 0, "Process ID to trace" },
44 { "failed", 'x', NULL, 0, "Only show failed stats" },
45 { "timestamp", 't', NULL, 0, "Include timestamp on output" },
46 { "verbose", 'v', NULL, 0, "Verbose debug output" },
47 { NULL, 'h', NULL, OPTION_HIDDEN, "Show the full help" },
48 {},
49 };
50
parse_arg(int key,char * arg,struct argp_state * state)51 static error_t parse_arg(int key, char *arg, struct argp_state *state)
52 {
53 long pid;
54
55 switch (key) {
56 case 'p':
57 errno = 0;
58 pid = strtol(arg, NULL, 10);
59 if (errno || pid <= 0) {
60 warn("Invalid PID: %s\n", arg);
61 argp_usage(state);
62 }
63 target_pid = pid;
64 break;
65 case 'x':
66 trace_failed_only = true;
67 break;
68 case 't':
69 emit_timestamp = true;
70 break;
71 case 'v':
72 verbose = true;
73 break;
74 case 'h':
75 argp_state_help(state, stderr, ARGP_HELP_STD_HELP);
76 break;
77 default:
78 return ARGP_ERR_UNKNOWN;
79 }
80 return 0;
81 }
82
libbpf_print_fn(enum libbpf_print_level level,const char * format,va_list args)83 static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args)
84 {
85 if (level == LIBBPF_DEBUG && !verbose)
86 return 0;
87 return vfprintf(stderr, format, args);
88 }
89
sig_int(int signo)90 static void sig_int(int signo)
91 {
92 exiting = 1;
93 }
94
handle_event(void * ctx,int cpu,void * data,__u32 data_sz)95 static void handle_event(void *ctx, int cpu, void *data, __u32 data_sz)
96 {
97 static __u64 start_timestamp = 0;
98 const struct event *e = data;
99 int fd, err;
100 double ts = 0.0;
101
102 if (e->ret >= 0) {
103 fd = e->ret;
104 err = 0;
105 } else {
106 fd = -1;
107 err = -e->ret;
108 }
109 if (!start_timestamp)
110 start_timestamp = e->ts_ns;
111 if (emit_timestamp) {
112 ts = (double)(e->ts_ns - start_timestamp) / 1000000000;
113 printf("%-14.9f ", ts);
114 }
115 printf("%-7d %-20s %-4d %-4d %-s\n", e->pid, e->comm, fd, err, e->pathname);
116 }
117
handle_lost_events(void * ctx,int cpu,__u64 lost_cnt)118 static void handle_lost_events(void *ctx, int cpu, __u64 lost_cnt)
119 {
120 warn("lost %llu events on CPU #%d\n", lost_cnt, cpu);
121 }
122
main(int argc,char ** argv)123 int main(int argc, char **argv)
124 {
125 static const struct argp argp = {
126 .options = opts,
127 .parser = parse_arg,
128 .doc = argp_program_doc,
129 };
130 struct perf_buffer *pb = NULL;
131 struct statsnoop_bpf *obj;
132 int err;
133
134 err = argp_parse(&argp, argc, argv, 0, NULL, NULL);
135 if (err)
136 return err;
137
138 libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
139 libbpf_set_print(libbpf_print_fn);
140
141 obj = statsnoop_bpf__open();
142 if (!obj) {
143 warn("failed to open BPF object\n");
144 return 1;
145 }
146
147 obj->rodata->target_pid = target_pid;
148 obj->rodata->trace_failed_only = trace_failed_only;
149
150 err = statsnoop_bpf__load(obj);
151 if (err) {
152 warn("failed to load BPF object: %d\n", err);
153 goto cleanup;
154 }
155
156 err = statsnoop_bpf__attach(obj);
157 if (err) {
158 warn("failed to attach BPF programs: %d\n", err);
159 goto cleanup;
160 }
161
162 pb = perf_buffer__new(bpf_map__fd(obj->maps.events), PERF_BUFFER_PAGES,
163 handle_event, handle_lost_events, NULL, NULL);
164 if (!pb) {
165 err = -errno;
166 warn("failed to open perf buffer: %d\n", err);
167 goto cleanup;
168 }
169
170 if (signal(SIGINT, sig_int) == SIG_ERR) {
171 warn("can't set signal handler: %s\n", strerror(errno));
172 err = 1;
173 goto cleanup;
174 }
175
176 if (emit_timestamp)
177 printf("%-14s ", "TIME(s)");
178 printf("%-7s %-20s %-4s %-4s %-s\n",
179 "PID", "COMM", "RET", "ERR", "PATH");
180
181 while (!exiting) {
182 err = perf_buffer__poll(pb, PERF_POLL_TIMEOUT_MS);
183 if (err < 0 && err != -EINTR) {
184 warn("error polling perf buffer: %s\n", strerror(-err));
185 goto cleanup;
186 }
187 /* reset err to return 0 if exiting */
188 err = 0;
189 }
190
191 cleanup:
192 perf_buffer__free(pb);
193 statsnoop_bpf__destroy(obj);
194
195 return err != 0;
196 }
197