bpftrace icon indicating copy to clipboard operation
bpftrace copied to clipboard

Published 20 hours ago verified publisher icon bpftrace

biosnoop.bt: use block tracepoints

Open makelinux opened this issue 1 year ago • 7 comments

since functions blk_account_io_start and blk_account_io_done became static and can't be used as kprobes.

Using major and minor because unfortunately disk_name is not exported to tracepoints.

Checklist
  • [x] User-visible and non-trivial changes updated in CHANGELOG.md

makelinux avatar Dec 10 '23 20:12 makelinux

Needs a rebase I think. But otherwise good to merge. Sorry - this fell thru the cracks

danobi avatar Jan 26 '24 17:01 danobi

Ah ok, so I was getting confused about dev_t cuz apparently kernel dev_t is different than the one userspace sees: https://lwn.net/Articles/50703/ . So that all looks good.

Just one question though: when I run biosnoop during sudo pacman -Syu, I see a lot of:

10497         259:1  pacman           270981       0
10499         259:1  pacman           270981       0
10499         259:1  pacman           270981       0
10500         259:1  pacman           270981       0
10502         259:1  pacman           270981       0
10502         259:1  pacman           270981       0
10503         259:1  pacman           270981       0

But my lsblk shows:

nvme0n1     259:0    0 953.9G  0 disk
├─nvme0n1p1 259:1    0     1G  0 part  /boot
├─nvme0n1p2 259:2    0    32G  0 part  [SWAP]
└─nvme0n1p3 259:3    0 920.9G  0 part  /

Doesn't seem correct that pacman writes/reads from /boot (259:1). It should be from / (259:3), right? Any ideas?

danobi avatar Jan 28 '24 19:01 danobi

Good catch! Fixed.

On Sun, 28 Jan 2024 at 21:19, Daniel Xu @.***> wrote:

Ah ok, so I was getting confused about dev_t cuz apparently kernel dev_t is different than the one userspace sees: https://lwn.net/Articles/50703/ . So that all looks good.

Just one question though: when I run biosnoop during sudo pacman -Syu, I see a lot of:

10497 259:1 pacman 270981 0 10499 259:1 pacman 270981 0 10499 259:1 pacman 270981 0 10500 259:1 pacman 270981 0 10502 259:1 pacman 270981 0 10502 259:1 pacman 270981 0 10503 259:1 pacman 270981 0

But my lsblk shows:

nvme0n1 259:0 0 953.9G 0 disk ├─nvme0n1p1 259:1 0 1G 0 part /boot ├─nvme0n1p2 259:2 0 32G 0 part [SWAP] └─nvme0n1p3 259:3 0 920.9G 0 part /

Doesn't seem correct that pacman writes/reads from /boot. It should be from /, right? Any ideas?

— Reply to this email directly, view it on GitHub https://github.com/iovisor/bpftrace/pull/2875#issuecomment-1913695600, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAR2DUNVJFQCWREUCV6SOFLYQ2QDHAVCNFSM6AAAAABAOZNKDSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGY4TKNRQGA . You are receiving this because you authored the thread.Message ID: @.***>

makelinux avatar Jan 28 '24 19:01 makelinux

Ha, && vs & -- didn't spot that.

With fix, it looks like all activity is going to minor number 0. Is that expected? I'm not too familiar with block layer semantics for this case

danobi avatar Jan 28 '24 20:01 danobi

With fix, it looks like all activity is going to minor number 0. Is that expected? I'm not too familiar with block layer semantics for this case

The same major or another?

makelinux avatar Jan 29 '24 12:01 makelinux

The same major as before (correct one I think)

danobi avatar Jan 29 '24 16:01 danobi

I don't know.

makelinux avatar Jan 29 '24 17:01 makelinux