1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/env bcc-lua 2*387f9dfdSAndroid Build Coastguard Worker--[[ 3*387f9dfdSAndroid Build Coastguard WorkerCopyright 2016 Marek Vavrusa <[email protected]> 4*387f9dfdSAndroid Build Coastguard Worker 5*387f9dfdSAndroid Build Coastguard WorkerLicensed under the Apache License, Version 2.0 (the "License"); 6*387f9dfdSAndroid Build Coastguard Workeryou may not use this file except in compliance with the License. 7*387f9dfdSAndroid Build Coastguard WorkerYou may obtain a copy of the License at 8*387f9dfdSAndroid Build Coastguard Worker 9*387f9dfdSAndroid Build Coastguard Workerhttp://www.apache.org/licenses/LICENSE-2.0 10*387f9dfdSAndroid Build Coastguard Worker 11*387f9dfdSAndroid Build Coastguard WorkerUnless required by applicable law or agreed to in writing, software 12*387f9dfdSAndroid Build Coastguard Workerdistributed under the License is distributed on an "AS IS" BASIS, 13*387f9dfdSAndroid Build Coastguard WorkerWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*387f9dfdSAndroid Build Coastguard WorkerSee the License for the specific language governing permissions and 15*387f9dfdSAndroid Build Coastguard Workerlimitations under the License. 16*387f9dfdSAndroid Build Coastguard Worker]] 17*387f9dfdSAndroid Build Coastguard Worker-- Trace readline() call from all bash instances (print bash commands from all running shells). 18*387f9dfdSAndroid Build Coastguard Worker-- This is rough equivallent to `bashreadline` with output through perf event API. 19*387f9dfdSAndroid Build Coastguard Worker-- Source: http://www.brendangregg.com/blog/2016-02-08/linux-ebpf-bcc-uprobes.html 20*387f9dfdSAndroid Build Coastguard Workerlocal ffi = require('ffi') 21*387f9dfdSAndroid Build Coastguard Workerlocal bpf = require('bpf') 22*387f9dfdSAndroid Build Coastguard Workerlocal S = require('syscall') 23*387f9dfdSAndroid Build Coastguard Worker-- Perf event map 24*387f9dfdSAndroid Build Coastguard Workerlocal sample_t = 'struct { uint64_t pid; char str[80]; }' 25*387f9dfdSAndroid Build Coastguard Workerlocal events = bpf.map('perf_event_array') 26*387f9dfdSAndroid Build Coastguard Worker-- Kernel-space part of the program 27*387f9dfdSAndroid Build Coastguard Workerlocal probe = bpf.uprobe('/bin/bash:readline', function (ptregs) 28*387f9dfdSAndroid Build Coastguard Worker local sample = ffi.new(sample_t) 29*387f9dfdSAndroid Build Coastguard Worker sample.pid = pid_tgid() 30*387f9dfdSAndroid Build Coastguard Worker ffi.copy(sample.str, ffi.cast('char *', ptregs.ax)) -- Cast `ax` to string pointer and copy to buffer 31*387f9dfdSAndroid Build Coastguard Worker perf_submit(events, sample) -- Write buffer to perf event map 32*387f9dfdSAndroid Build Coastguard Workerend, true, -1, 0) 33*387f9dfdSAndroid Build Coastguard Worker-- User-space part of the program 34*387f9dfdSAndroid Build Coastguard Workerlocal log = events:reader(nil, 0, sample_t) -- Must specify PID or CPU_ID to observe 35*387f9dfdSAndroid Build Coastguard Workerprint(' TASK-PID TIMESTAMP FUNCTION') 36*387f9dfdSAndroid Build Coastguard Workerprint(' | | | |') 37*387f9dfdSAndroid Build Coastguard Workerwhile true do 38*387f9dfdSAndroid Build Coastguard Worker log:block() -- Wait until event reader is readable 39*387f9dfdSAndroid Build Coastguard Worker for _,e in log:read() do -- Collect available reader events 40*387f9dfdSAndroid Build Coastguard Worker print(string.format('%12s%-16s %-10s %s', '', tonumber(e.pid), os.date("%H:%M:%S"), ffi.string(e.str))) 41*387f9dfdSAndroid Build Coastguard Worker end 42*387f9dfdSAndroid Build Coastguard Workerend 43