#systemtap on 2020-12-07 — irc logs at freenode.irclog.whitequark.org

2015-11-12 23:18 fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged

00:28 derek0883 has quit [Remote host closed the connection]

00:32 derek088_ has joined #systemtap

01:02 orivej_ has joined #systemtap

01:03 orivej has quit [Ping timeout: 265 seconds]

01:07 beauty2 has quit [Ping timeout: 256 seconds]

01:08 beauty2 has joined #systemtap

01:13 hpt has joined #systemtap

01:18 orivej_ has quit [Ping timeout: 260 seconds]

01:18 orivej has joined #systemtap

01:20 khaled has quit [Quit: Konversation terminated!]

01:55 orivej has quit [Ping timeout: 265 seconds]

01:57 orivej has joined #systemtap

03:03 orivej has quit [Ping timeout: 264 seconds]

03:50 derek088_ has quit [Ping timeout: 265 seconds]

03:57 derek0883 has joined #systemtap

06:26 derek0883 has quit [Remote host closed the connection]

06:33 derek0883 has joined #systemtap

07:32 derek0883 has quit [Remote host closed the connection]

07:36 derek0883 has joined #systemtap

07:54 derek0883 has quit [Remote host closed the connection]

08:02 khaled has joined #systemtap

08:03 mjw has joined #systemtap

09:26 hpt has quit [Ping timeout: 265 seconds]

09:46 orivej has joined #systemtap

12:42 wcohen has quit [Remote host closed the connection]

12:45 wcohen has joined #systemtap

13:12 derek0883 has joined #systemtap

13:14 ema has quit [Quit: reboot]

13:16 ema has joined #systemtap

13:23 derek0883 has quit [Remote host closed the connection]

13:24 derek0883 has joined #systemtap

13:29 derek0883 has quit [Ping timeout: 246 seconds]

14:36 tromey has joined #systemtap

15:03 amerey has joined #systemtap

16:21 derek0883 has joined #systemtap

16:26 derek0883 has quit [Ping timeout: 260 seconds]

17:54 derek0883 has joined #systemtap

17:59 tonyj has quit [Quit: leaving]

17:59 tonyj has joined #systemtap

18:40 derek0883 has quit [Ping timeout: 264 seconds]

18:47 derek0883 has joined #systemtap

19:29 _whitelogger has joined #systemtap

19:36 derek0883 has quit [Remote host closed the connection]

19:45 derek0883 has joined #systemtap

20:00 <kerneltoast> fche, we meet again

20:00 <kerneltoast> the bulkmode patch got rekt by the testsuite: https://gist.github.com/kerneltoast/526e844a676d0f28bef75dd46e026eb4#file-systemtap-sum-diff

20:01 <kerneltoast> ideas?

20:03 <kerneltoast> maybe i nuked too much of the print_flush function wrt those ifdefs

20:15 <agentzh> fche: are the bpf developers of stap around here? i just filed a PR for a bug in the bpf runtime of stap: https://sourceware.org/bugzilla/show_bug.cgi?id=27030

20:17 <agentzh> fche: i wonder why stap decides to generate bpf directly instead of using a C compiler like clang/llvm. maybe it's just for minimalism? but then we cannot use defs in kernel header files in the bpf backend?

20:17 <fche> agentzh, correcto

20:18 <fche> well, kernel headers/defs shouldn't be needed beyond dwarf, in theory

20:18 <agentzh> that'll be sad since bcc does allow kernel headers in the bpf C programs.

20:18 <fche> serhei has been the poor sucker ^W faithful developer of the bpf bits

20:18 <fche> yes, well bcc FORCES you to code in C so it must let you use their headers

20:18 <agentzh> serhei: howdy!

20:18 <agentzh> right

20:18 <agentzh> bcc is very strict.

20:19 <agentzh> believing in one true way of doing things.

20:19 <agentzh> a monolithic thing.

20:19 <agentzh> kerneltoast: sorry to hear that.

20:20 derek0883 has quit [Remote host closed the connection]

20:20 <kerneltoast> agentzh, but you lured fche out

20:20 <kerneltoast> now he has to respond to me

20:20 <agentzh> ah, right

20:20 <agentzh> my bad

20:20 <fche> bye

20:20 <kerneltoast> so all is well

20:21 <kerneltoast> nooooooooo

20:21 <fche> hm a systemic bunch of errors like that is a good sign

20:21 <fche> check out the .log file for corresponding segments

20:21 derek0883 has joined #systemtap

20:22 derek0883 has quit [Remote host closed the connection]

20:22 derek0883 has joined #systemtap

20:24 <kerneltoast> fche, huh: https://gist.github.com/kerneltoast/77ca9fffacb2b2950d5682cf310ded30

20:27 <kerneltoast> also this: https://gist.github.com/kerneltoast/19b60f956c9a131f36e3be676a7a8e70

20:28 <kerneltoast> is it all just timeouts

20:28 <kerneltoast> wait a second

20:28 <fche> maybe missing error messages?

20:28 <kerneltoast> the testsuite took 2.5x longer to run than usual

20:28 <kerneltoast> agentzh, were you loading glass on friday night?

20:30 <kerneltoast> i'm gonna re-run this test

20:30 <kerneltoast> *re-run the testsuite

20:32 derek0883 has quit [Remote host closed the connection]

20:33 derek0883 has joined #systemtap

20:34 derek0883 has quit [Remote host closed the connection]

20:35 <agentzh> kerneltoast: loading? nothing unusual.

20:35 <kerneltoast> hm maybe the per-cpu log thread was more intense than expected?

20:35 <agentzh> i didn't run the fuzz testing that day.

20:37 <agentzh> serhei: another PR regarding bpf filed: https://sourceware.org/bugzilla/show_bug.cgi?id=27031

20:39 <agentzh> fche serhei: so the bpf backend will solely rely on dwarf and hard-coded offsets for complex data structure handling?

20:39 <agentzh> kenrel data structures i mean.

20:40 <agentzh> fche: we have some customers with their kernels locked down, that's why i've been looking at the bpf solution.

20:40 <agentzh> when no ko can be loaded, bpf and ptrace are the only choice...

20:41 <agentzh> but it seems like stap's bpf support still have some crutial TODOs to be really useful for our purposes.

20:43 <fche> bpf is severely limited at the kernel level, so that also impacts things

20:43 <fche> but we are not quite up to the full level of the kernel bpf limitations in all respects

20:47 <agentzh> serhei: one more bugzilla PR: https://sourceware.org/bugzilla/show_bug.cgi?id=27032

20:48 <agentzh> fche: yeah, at this moment, we only need the following for userland tracing: 1. @var(), 2. user_long_error() and its friends, 3. -c CMD

20:48 <agentzh> they should be doable with the current bpf support in the kernel.

20:48 <agentzh> oh and 4. vma tracker

20:49 <agentzh> serhei: will you help us?

20:49 <agentzh> thanks in advance! :)

20:49 <agentzh> i've already filed PRs for the first 3 items.

20:50 <agentzh> regarding 4), i never got that far to be able to test.

20:50 <agentzh> the bpf backend of stap is indeed nice when it works.

20:50 <agentzh> much faster than the kernel runtime at least.

20:51 <agentzh> i mean the startup hit.

20:52 <agentzh> i have to say generating bpf instructions directly is quite brave...

20:52 <fche> hey we had some compiler experts on staff at the time who preferred to do it that way

20:53 <fche> and yeah not relying on the whole llvm enchilada is lovely

20:53 <agentzh> i really like the stapbpf utility, just as i like staprun :)

20:53 <agentzh> fche: yeah, of course. it's redhat.

20:54 <agentzh> it took me 21min to compile llvm/clang on my box.

20:54 <agentzh> with a 8c16t machine.

20:54 <agentzh> and then i found my llvm is too new to work with bcc.

20:54 <agentzh> alas.

20:55 <agentzh> and bcc requires llvm and kernel headers and everything everytime.

20:55 <agentzh> no separate compilation phase.

20:55 <agentzh> the only thing that be precompiled is the python script...

20:55 <agentzh> *that can be

20:56 <agentzh> just to the py bytecode.

20:57 <fche> yeah

20:59 <agentzh> the good thing about bcc is that i succeeded in reading virtual memory in the userland process via its bpf_probe_read_user() helper. but that's it.

20:59 <agentzh> stapbpf does not get me that far due to the broken user_long_error() tapset and @var() operator.

21:02 <agentzh> fche: is serhei in the same time zone as you?

21:03 <fche> yup

21:03 <agentzh> k

21:03 <fche> he doesn't decloak here very frequently :)

21:03 derek0883 has joined #systemtap

21:03 <agentzh> k

21:19 tromey has quit [Quit: ERC (IRC client for Emacs 27.1)]

21:40 derek0883 has quit [Ping timeout: 272 seconds]

21:44 derek0883 has joined #systemtap

22:02 lindi- has quit [*.net *.split]

22:04 <serhei> agentzh, spotted those bpf PRs in my email

22:09 * serhei remembers something vaguely with user_string() and why I procrastinated with other user_ helpers

22:10 <serhei> ah it was the bpf_probe_read_{kernel,user}() helpers and how they were the same function in pre-recent Linux kernels

22:12 <serhei> agentzh, in any case, the first three wishlist items look doable

22:12 <serhei> less sure about vma tracker

22:12 <serhei> that may depend on stap runtime special sauce

22:13 * serhei almost considers the usefulness of writing our own bpf interpreter and linking it with the stap runtime

22:16 <agentzh> serhei: maybe we can implement the vma tracker in bpf.

22:17 <agentzh> the major motivation of using ebpf for us is to avoid loading ko modules.

22:17 <agentzh> if you link with the stap runtime, then it'll defeat our motivation ;)

22:18 <agentzh> so please don't...

22:18 <serhei> makes sense

22:19 <agentzh> serhei: also, i've noted that kernel 5.3+ allows simple loops like "for (i = 0; i < 50; i++)" in the ebpf verifier. so maybe stap's bpf backend can make use of it to implement the looping control flow structures in the stap language.

22:19 <agentzh> at least in the form of bounded loops.

22:19 <agentzh> before 5.3, loop unrolling was the only choice.

22:19 <serhei> or even implicitly bounded loops, sure

22:19 <agentzh> yeah, that was what i mean.

22:20 <agentzh> implicit bounded loops that is.

22:20 <agentzh> serhei: btw, how do you transfer the warnings and prints to stapbpf?

22:21 <agentzh> are you using the relay api like staprun?

22:21 <serhei> perf_event buffers

22:21 <agentzh> ah, okay, just like bcc.

22:21 <serhei> it's the only known sane way

22:21 <agentzh> bcc's outputs are crazy.

22:21 <agentzh> so much boring boilerplate code.

22:21 <agentzh> just for doing simple prints.

22:22 <agentzh> that makes sense if we can abstract it away.

22:22 <agentzh> like in stap.

22:22 <agentzh> serhei: i wonder if you guys would consider adding a parallel clang backend to the existing bpf emitter.

22:22 <agentzh> i kinda miss the capability of using kernel headers...

22:23 <agentzh> like in the kernel runtime of stap or in bcc.

22:23 <agentzh> many times the kernel debuginfo packages are missing anyway.

22:24 <agentzh> so the dwarf approach usually means finding the same kernel source and rebuilding the kernel ourselves.

22:24 <agentzh> which is quite painful.

22:24 <fche> hm, stapbpf can still use kernel headers via @cast() etc

22:24 <fche> and generate dwarf from them via gcc

22:24 <agentzh> oh really? there is such magic?

22:25 <agentzh> @cast() is a dwarf thing iirc.

22:25 <fche> yes

22:25 <fche> what do you want from kernel headers?

22:25 <agentzh> then we still need dwarf.

22:25 <fche> this dwarf is -generated- on the fly tho

22:25 <agentzh> oh that's interesting.

22:26 <agentzh> stap calls gcc to compile kernel headers into dwarf?

22:26 <agentzh> that sounds crazy.

22:26 <agentzh> (in a good way)

22:26 <agentzh> if that's the case, then i don't have any problems with that.

22:26 <agentzh> eager to try it out.

22:28 <agentzh> i'm very worried about the ebpf's 4k instruction count limit.

22:28 <agentzh> the 32-level tail-call may be helpful but is also tricky to do.

22:29 <serhei> (is it still 4k? I thought they were talking about raising it)

22:29 <agentzh> i hope they did!

22:29 <agentzh> did they?

22:29 <agentzh> i didn't check the git branch.

22:30 * serhei was following bpf-next lkml a few months ago but gave up on the info overload

22:30 <serhei> let me look it up

22:30 <agentzh> serhei: once you get the user_long_error() and etc implemented, we have large stap scripts to test it out :)

22:30 <agentzh> cool

22:31 lindi- has joined #systemtap

22:33 <serhei> oh. It's still 4096 :/ they just raised the limit on how long their verifier is willing to chase around loops to 1 million instructions

22:33 <serhei> > The only way to know that the program is going to be accepted by the verifier is to try to load it.

22:34 <serhei> quoth the FAQ https://www.kernel.org/doc/html/v5.9-rc8/bpf/bpf_design_QA.html#q-what-are-the-verifier-limits

22:34 <serhei> and my corollary to that is

22:34 <serhei> > The only way to know why the program wasn't accepted by the verifier is to read the verifier source code.

22:47 khaled has quit [Remote host closed the connection]

22:48 khaled has joined #systemtap

22:54 <agentzh> serhei: yeah, that's very lame.

22:54 <agentzh> pity.

22:55 <agentzh> thanks for checking it out.

23:09 amerey has quit [Quit: Leaving]

23:11 derek0883 has quit [Remote host closed the connection]

23:12 derek0883 has joined #systemtap

23:24 derek0883 has quit [Remote host closed the connection]

23:24 derek0883 has joined #systemtap