xref: /aosp_15_r20/external/bcc/libbpf-tools/statsnoop.c (revision 387f9dfdfa2baef462e92476d413c7bc2470293e) 
1 // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
2 // Copyright (c) 2021 Hengqi Chen
3 //
4 // Based on statsnoop(8) from BCC by Brendan Gregg.
5 // 09-May-2021   Hengqi Chen   Created this.
6 #include <argp.h>
7 #include <errno.h>
8 #include <signal.h>
9 #include <time.h>
10 #include <unistd.h>
11 
12 #include <bpf/libbpf.h>
13 #include <bpf/bpf.h>
14 #include "statsnoop.h"
15 #include "statsnoop.skel.h"
16 #include "btf_helpers.h"
17 #include "trace_helpers.h"
18 
19 #define PERF_BUFFER_PAGES       16
20 #define PERF_POLL_TIMEOUT_MS    100
21 #define warn(...) fprintf(stderr, __VA_ARGS__)
22 
23 static volatile sig_atomic_t exiting = 0;
24 
25 static pid_t target_pid = 0;
26 static bool trace_failed_only = false;
27 static bool emit_timestamp = false;
28 static bool verbose = false;
29 
30 const char *argp_program_version = "statsnoop 0.1";
31 const char *argp_program_bug_address =
32 	"https://github.com/iovisor/bcc/tree/master/libbpf-tools";
33 const char argp_program_doc[] =
34 "Trace stat syscalls.\n"
35 "\n"
36 "USAGE: statsnoop [-h] [-t] [-x] [-p PID]\n"
37 "\n"
38 "EXAMPLES:\n"
39 "    statsnoop             # trace all stat syscalls\n"
40 "    statsnoop -t          # include timestamps\n"
41 "    statsnoop -x          # only show failed stats\n"
42 "    statsnoop -p 1216     # only trace PID 1216\n";
43 
44 static const struct argp_option opts[] = {
45 	{ "pid", 'p', "PID", 0, "Process ID to trace" },
46 	{ "failed", 'x', NULL, 0, "Only show failed stats" },
47 	{ "timestamp", 't', NULL, 0, "Include timestamp on output" },
48 	{ "verbose", 'v', NULL, 0, "Verbose debug output" },
49 	{ NULL, 'h', NULL, OPTION_HIDDEN, "Show the full help" },
50 	{},
51 };
52 
parse_arg(int key,char * arg,struct argp_state * state)53 static error_t parse_arg(int key, char *arg, struct argp_state *state)
54 {
55 	long pid;
56 
57 	switch (key) {
58 	case 'p':
59 		errno = 0;
60 		pid = strtol(arg, NULL, 10);
61 		if (errno || pid <= 0) {
62 			warn("Invalid PID: %s\n", arg);
63 			argp_usage(state);
64 		}
65 		target_pid = pid;
66 		break;
67 	case 'x':
68 		trace_failed_only = true;
69 		break;
70 	case 't':
71 		emit_timestamp = true;
72 		break;
73 	case 'v':
74 		verbose = true;
75 		break;
76 	case 'h':
77 		argp_state_help(state, stderr, ARGP_HELP_STD_HELP);
78 		break;
79 	default:
80 		return ARGP_ERR_UNKNOWN;
81 	}
82 	return 0;
83 }
84 
libbpf_print_fn(enum libbpf_print_level level,const char * format,va_list args)85 static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args)
86 {
87 	if (level == LIBBPF_DEBUG && !verbose)
88 		return 0;
89 	return vfprintf(stderr, format, args);
90 }
91 
sig_int(int signo)92 static void sig_int(int signo)
93 {
94 	exiting = 1;
95 }
96 
handle_event(void * ctx,int cpu,void * data,__u32 data_sz)97 static void handle_event(void *ctx, int cpu, void *data, __u32 data_sz)
98 {
99 	static __u64 start_timestamp = 0;
100 	const struct event *e = data;
101 	int fd, err;
102 	double ts = 0.0;
103 
104 	if (e->ret >= 0) {
105 		fd = e->ret;
106 		err = 0;
107 	} else {
108 		fd = -1;
109 		err = -e->ret;
110 	}
111 	if (!start_timestamp)
112 		start_timestamp = e->ts_ns;
113 	if (emit_timestamp) {
114 		ts = (double)(e->ts_ns - start_timestamp) / 1000000000;
115 		printf("%-14.9f ", ts);
116 	}
117 	printf("%-7d %-20s %-4d %-4d %-s\n", e->pid, e->comm, fd, err, e->pathname);
118 }
119 
handle_lost_events(void * ctx,int cpu,__u64 lost_cnt)120 static void handle_lost_events(void *ctx, int cpu, __u64 lost_cnt)
121 {
122 	warn("lost %llu events on CPU #%d\n", lost_cnt, cpu);
123 }
124 
main(int argc,char ** argv)125 int main(int argc, char **argv)
126 {
127 	LIBBPF_OPTS(bpf_object_open_opts, open_opts);
128 	static const struct argp argp = {
129 		.options = opts,
130 		.parser = parse_arg,
131 		.doc = argp_program_doc,
132 	};
133 	struct perf_buffer *pb = NULL;
134 	struct statsnoop_bpf *obj;
135 	int err;
136 
137 	err = argp_parse(&argp, argc, argv, 0, NULL, NULL);
138 	if (err)
139 		return err;
140 
141 	libbpf_set_print(libbpf_print_fn);
142 
143 	err = ensure_core_btf(&open_opts);
144 	if (err) {
145 		fprintf(stderr, "failed to fetch necessary BTF for CO-RE: %s\n", strerror(-err));
146 		return 1;
147 	}
148 
149 	obj = statsnoop_bpf__open_opts(&open_opts);
150 	if (!obj) {
151 		warn("failed to open BPF object\n");
152 		return 1;
153 	}
154 
155 	obj->rodata->target_pid = target_pid;
156 	obj->rodata->trace_failed_only = trace_failed_only;
157 
158 	if (!tracepoint_exists("syscalls", "sys_enter_statfs")) {
159 		bpf_program__set_autoload(obj->progs.handle_statfs_entry, false);
160 		bpf_program__set_autoload(obj->progs.handle_statfs_return, false);
161 	}
162 	if (!tracepoint_exists("syscalls", "sys_enter_statx")) {
163 		bpf_program__set_autoload(obj->progs.handle_statx_entry, false);
164 		bpf_program__set_autoload(obj->progs.handle_statx_return, false);
165 	}
166 	if (!tracepoint_exists("syscalls", "sys_enter_newstat")) {
167 		bpf_program__set_autoload(obj->progs.handle_newstat_entry, false);
168 		bpf_program__set_autoload(obj->progs.handle_newstat_return, false);
169 	}
170 	if (!tracepoint_exists("syscalls", "sys_enter_newfstatat")) {
171 		bpf_program__set_autoload(obj->progs.handle_newfstatat_entry, false);
172 		bpf_program__set_autoload(obj->progs.handle_newfstatat_return, false);
173 	}
174 	if (!tracepoint_exists("syscalls", "sys_enter_newlstat")) {
175 		bpf_program__set_autoload(obj->progs.handle_newlstat_entry, false);
176 		bpf_program__set_autoload(obj->progs.handle_newlstat_return, false);
177 	}
178 
179 	err = statsnoop_bpf__load(obj);
180 	if (err) {
181 		warn("failed to load BPF object: %d\n", err);
182 		goto cleanup;
183 	}
184 
185 	err = statsnoop_bpf__attach(obj);
186 	if (err) {
187 		warn("failed to attach BPF programs: %d\n", err);
188 		goto cleanup;
189 	}
190 
191 	pb = perf_buffer__new(bpf_map__fd(obj->maps.events), PERF_BUFFER_PAGES,
192 			      handle_event, handle_lost_events, NULL, NULL);
193 	if (!pb) {
194 		err = -errno;
195 		warn("failed to open perf buffer: %d\n", err);
196 		goto cleanup;
197 	}
198 
199 	if (signal(SIGINT, sig_int) == SIG_ERR) {
200 		warn("can't set signal handler: %s\n", strerror(errno));
201 		err = 1;
202 		goto cleanup;
203 	}
204 
205 	if (emit_timestamp)
206 		printf("%-14s ", "TIME(s)");
207 	printf("%-7s %-20s %-4s %-4s %-s\n",
208 	       "PID", "COMM", "RET", "ERR", "PATH");
209 
210 	while (!exiting) {
211 		err = perf_buffer__poll(pb, PERF_POLL_TIMEOUT_MS);
212 		if (err < 0 && err != -EINTR) {
213 			warn("error polling perf buffer: %s\n", strerror(-err));
214 			goto cleanup;
215 		}
216 		/* reset err to return 0 if exiting */
217 		err = 0;
218 	}
219 
220 cleanup:
221 	perf_buffer__free(pb);
222 	statsnoop_bpf__destroy(obj);
223 	cleanup_core_btf(&open_opts);
224 
225 	return err != 0;
226 }
227