extended bpf
play

Extended BPF A New Type of Software Brendan Gregg UbuntuMasters - PowerPoint PPT Presentation

Dec 08, 2023 •486 likes •979 views

Extended BPF A New Type of Software Brendan Gregg UbuntuMasters Oct 2019 BPF 50 Years, one (dominant) OS model Applications System Calls Kernel Hardware Origins: Multics, 1960s Applications Supervisor Hardware Privilege Ring 0 Ring

  1. Extended BPF A New Type of Software Brendan Gregg UbuntuMasters Oct 2019

  2. BPF

  3. 50 Years, one (dominant) OS model Applications System Calls Kernel Hardware

  4. Origins: Multics, 1960s Applications Supervisor Hardware Privilege Ring 0 Ring 1 Ring 2 ...

  5. Modern Linux: A new OS model User-mode Kernel-mode Applications Applications (BPF) System Calls BPF Helper Calls Kernel Hardware

  6. 50 Years, one process state model User preemption or time quantum expired On-CPU swap out schedule Kernel Runnable Swapping swap in resource I/O wakeup Wait acquire lock acquired Block Off-CPU sleep wakeup Sleep Linux groups wait for work work arrives most sleep states Idle

  7. BPF program state model Off-CPU On-CPU event fires Enabled BPF helpers attach program ended Loaded Kernel spin lock Spinning

  8. Netconf 2018 Alexei Starvoitov

  9. Kernel Recipes 2019, Alexei Starovoitov ~40 40 acti tive e BPF programs on every Facebook server

  10. >150k AWS EC2 Ubuntu server instances ~34% US Internet traffic at night >130M subscribers ~14 active BPF programs on every instance (so far)

  11. Modern Linux: Event-based Applications User-mode Kernel-mode Applications Applications (BPF) U.E. Kernel Scheduler Kernel Events Hardware Events (incl. clock)

  12. Modern Linux is becoming Microkernel-ish User-mode Kernel-mode Applications Services & Drivers BPF BPF BPF Smaller Kernel Hardware The word “microkernel” has already been invoked by Jonathan Corbet, Thomas Graf, Greg Kroah-Hartman, ...

  14. BPF

  15. BPF 1992 : Berkeley Packet Filter # tcpdump -d host 127.0.0.1 and port 80 (000) ldh [12] (001) jeq #0x800 jt 2 jf 18 (002) ld [26] (003) jeq #0x7f000001 jt 6 jf 4 A limited (004) ld [30] (005) jeq #0x7f000001 jt 6 jf 18 (006) ldb [23] virtua tual mach chine for (007) jeq #0x84 jt 10 jf 8 (008) jeq #0x6 jt 10 jf 9 efficient packet filters (009) jeq #0x11 jt 10 jf 18 (010) ldh [20] (011) jset #0x1fff jt 18 jf 12 (012) ldxb 4*([14]&0xf) (013) ldh [x + 14] (014) jeq #0x50 jt 17 jf 15 (015) ldh [x + 16] (016) jeq #0x50 jt 17 jf 18 (017) ret #262144 (018) ret #0

  16. BPF 2019 : aka extended BPF bpftrace XDP BPF microconference bpfconf & Facebook Katran, Google KRSI, Netflix flowsrus, and many more

  17. BPF 2019 User-De r-Defin fined BP BPF F Programs rams Kernel SDN Configuration Run untime time Event t Tar argets ts DDoS Mitigation sockets verifier Intrusion Detection kprobes Container Security uprobes BPF Observability tracepoints BPF Firewalls perf_events actions Device Drivers …

  18. BPF is now a technology name, and no longer an acronym

  19. BPF Internals BPF Instructions Events Verifier BPF Context Interpreter JIT Compiler Rest of 11 Machine Code BPF Kernel Registers Execution Helpers Map Storage (Mbytes)

  20. Is BPF Turing complete?

  21. A New Type of Software Execution User Compil- Security Failure Resource model defined ation mode access User task yes any user abort syscall, based fault Kernel task no static none panic direct BPF event yes JIT, verified, error restricted CO-RE JIT message helpers

  22. Example Use Case: BPF Observability

  23. BPF enables a new class of cus ustom om, efficien ficient, and productio uction saf safe performance analysis tools

  24. BPF Perf Tools

  25. Ubuntu Install BCC (BPF Compiler Collection): complex tools # apt install bcc bpftrace: custom tools (Ubuntu 19.04+) # apt install bpftrace These are default installs at Netflix, Facebook, etc.

  26. Example: BCC tcplife Which processes are connecting to which port?

  27. Example: BCC tcplife Which processes are connecting to which port? # ./tcplife PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS 22597 recordProg 127.0.0.1 46644 127.0.0.1 28527 0 0 0.23 3277 redis-serv 127.0.0.1 28527 127.0.0.1 46644 0 0 0.28 22598 curl 100.66.3.172 61620 52.205.89.26 80 0 1 91.79 22604 curl 100.66.3.172 44400 52.204.43.121 80 0 1 121.38 22624 recordProg 127.0.0.1 46648 127.0.0.1 28527 0 0 0.22 3277 redis-serv 127.0.0.1 28527 127.0.0.1 46648 0 0 0.27 22647 recordProg 127.0.0.1 46650 127.0.0.1 28527 0 0 0.21 3277 redis-serv 127.0.0.1 28527 127.0.0.1 46650 0 0 0.26 [...]

  28. Example: BCC tcplife # tcplife -h ./usage: tcplife.py [-h] [-T] [-t] [-w] [-s] [-p PID] [-L LOCALPORT] [-D REMOTEPORT] Trace the lifespan of TCP sessions and summarize optional arguments: -h, --help show this help message and exit -T, --time include time column on output (HH:MM:SS) -t, --timestamp include timestamp on output (seconds) -w, --wide wide column output (fits IPv6 addresses) -s, --csv comma separated values output -p PID, --pid PID trace this PID only -L LOCALPORT, --localport LOCALPORT comma-separated list of local ports to trace. -D REMOTEPORT, --remoteport REMOTEPORT comma-separated list of remote ports to trace. examples: ./tcplife # trace all TCP connect()s ./tcplife -t # include time column (HH:MM:SS) [...]

  29. Example: BCC biolatency What is the distribution of disk I/O latency? Per second?

  30. Example: BCC biolatency What is the distribution of disk I/O latency? Per second? # ./biolatency -mT 1 5 Tracing block device I/O... Hit Ctrl-C to end. 06:20:16 msecs : count distribution 0 -> 1 : 36 |**************************************| 2 -> 3 : 1 |* | 4 -> 7 : 3 |*** | 8 -> 15 : 17 |***************** | 16 -> 31 : 33 |********************************** | 32 -> 63 : 7 |******* | 64 -> 127 : 6 |****** | 06:20:17 msecs : count distribution 0 -> 1 : 96 |************************************ | 2 -> 3 : 25 |********* | 4 -> 7 : 29 |*********** | [...]

  32. Example: bpftrace readahead Is readahead polluting the cache?

  33. Example: bpftrace readahead Is readahead polluting the cache? # readahead.bt Attaching 5 probes... ^C Readahead unused pages: 128 Readahead used page age (ms): @age_ms: [1] 2455 |@@@@@@@@@@@@@@@ | [2, 4) 8424 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [4, 8) 4417 |@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [8, 16) 7680 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [16, 32) 4352 |@@@@@@@@@@@@@@@@@@@@@@@@@@ | [32, 64) 0 | | [64, 128) 0 | | [128, 256) 384 |@@ |

  34. #!/usr/local/bin/bpftrace kprobe:__do_page_cache_readahead { @in_readahead[tid] = 1; } kretprobe:__do_page_cache_readahead { @in_readahead[tid] = 0; } kretprobe:__page_cache_alloc /@in_readahead[tid]/ { @birth[retval] = nsecs; @rapages++; } kprobe:mark_page_accessed /@birth[arg0]/ { @age_ms = hist((nsecs - @birth[arg0]) / 1000000); delete(@birth[arg0]); @rapages--; } END { printf("\nReadahead unused pages: %d\n", @rapages); printf("\nReadahead used page age (ms):\n"); print(@age_ms); clear(@age_ms); clear(@birth); clear(@in_readahead); clear(@rapages); }

  35. Observability Challenges libc no frame pointer JIT function tracing Broken off-CPU flame graph (no frame pointer)

  36. Reality Check Many of our perf wins are from CPU flame graphs not CLI tracing

  37. CPU Flame Graphs Stack depth (0 - max) Kernel Java JVM GC Alphabetical frame sort (A - Z)

  38. BPF-based CPU Flame Graphs Li Linux 2.6 .6 Li Linux 4 4.9 .9 perf record profile.py perf.data perf script stackcollapse-perf.pl flamegraph.pl flamegraph.pl

  39. Observability of BPF

  40. Pr Process ocesses es BPF BPF ps bpftool top perf pmap bpflist strace … gdb

Recommend

Extended Project Qualification Introduction What is an Extended Project? What does an

Extended Project Qualification Introduction What is an Extended Project? What does an

Extended Project Qualification Introduction What is an Extended Project? What does an Extended Project involve? What value does the Extended Project have? How does the Extended Project operate at St Aidans? What sort of

296 views • 17 slides
TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An

TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An

TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An End-to-End ML Platform Integrated Frontend for Job Management, Monitoring, Debugging, Data/Model/Evaluation Visualization Shared Configuration

1.83k views • 129 slides
The Extended Essay What is it? The Extended Essay is a required essay for all IB diploma

The Extended Essay What is it? The Extended Essay is a required essay for all IB diploma

The Extended Essay What is it? The Extended Essay is a required essay for all IB diploma students externally assessed an assignment which contributes up to three points toward the total score for the IB diploma in combination with

428 views • 16 slides
Extended Day Program March 20, 2014 Bobby Kaplow, Director, Extended Day Ben Harris, Assistant

Extended Day Program March 20, 2014 Bobby Kaplow, Director, Extended Day Ben Harris, Assistant

Arlington Public Schools Extended Day Program March 20, 2014 Bobby Kaplow, Director, Extended Day Ben Harris, Assistant Director, Extended Day Presentation Overview Program Profile Path to Success By the Numbers Program

541 views • 16 slides
Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of

Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of

Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of WA8) Recurrence relations, part 1 EditorTrees worktime Bringing new life to Null nodes! 1-2 An Extended Binary tree is either an

607 views • 19 slides
All Business - No Waste Extended Producer Responsibility Extended Producer Responsibility in

All Business - No Waste Extended Producer Responsibility Extended Producer Responsibility in

All Business - No Waste Extended Producer Responsibility Extended Producer Responsibility in British Columbia, Canada by David Lawes & Teresa Conner BC Ministry of Environment September 2011 1 British Columbia Facts Population: 4.5

453 views • 33 slides
Topic 4: Imaging of Extended Objects Aim: Covers the imaging of extended objects in coherent and

Topic 4: Imaging of Extended Objects Aim: Covers the imaging of extended objects in coherent and

I V N E U R S E I H T Modern Optics Y T O H F G R E U D B I N Topic 4: Imaging of Extended Objects Aim: Covers the imaging of extended objects in coherent and inco- herent light. The effect of simple defocus is also

610 views • 28 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Extended Access to General Practice Services in South Warwickshire Page 1 Background to Extended

Extended Access to General Practice Services in South Warwickshire Page 1 Background to Extended

Extended Access to General Practice Services in South Warwickshire Page 1 Background to Extended Hours Page 2 NHS England Specification Page 3 Local Design Imperatives Enable delivery of the 7 national core criteria ; Go beyond the

460 views • 19 slides
DUFFERIN-PEEL EXTENDED FRENCH PROGRAM Grade 5 to Grade 12 Am I at the right session? EXTENDED

DUFFERIN-PEEL EXTENDED FRENCH PROGRAM Grade 5 to Grade 12 Am I at the right session? EXTENDED

DUFFERIN-PEEL EXTENDED FRENCH PROGRAM Grade 5 to Grade 12 Am I at the right session? EXTENDED FRENCH SITE FEEDER SCHOOL * *Based on proof of address Land Acknowledgement We would like to begin by acknowledging that the land on which we

573 views • 25 slides
Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of

Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of

Extended Binary Trees Recurrence relations Today: Extended Binary Trees (basis for much of WA8, which includes 3 induction proofs and no programming) Recurrence relations, part 1 EditorTrees worktime Bringing new life to Null

359 views • 17 slides
Intro to the Extended Essay Sand Creek High School THE EXTENDED ESSAY What are your

Intro to the Extended Essay Sand Creek High School THE EXTENDED ESSAY What are your

Intro to the Extended Essay Sand Creek High School THE EXTENDED ESSAY What are your concerns? What is your mindset? Your resilience and success depend on YOU and YOUR mindset! HOW DO YOU THINK ABOUT THE EE? You are finally

420 views • 19 slides
Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm :

Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm :

Encrypting Communication Review Extended Euclids Algorithm Extended Euclids Algorithm : If b = 0, then egcd( a , 0 ) = ( a , 1 , 0 ) . Z / m Z = { 0 , 1 ,..., m 1 } with operations of addition and multiplication modulo m .

506 views • 4 slides
Extended-Gamut Printing Pointers for Brand Owners and Printers Mike Strickler Principal, MSP

Extended-Gamut Printing Pointers for Brand Owners and Printers Mike Strickler Principal, MSP

Extended-Gamut Printing Pointers for Brand Owners and Printers Mike Strickler Principal, MSP Graphic Services What is Extended Gamut? Larger than normal press CMYK: cleaner, purer colors! What is an extended-gamut printing system?

752 views • 42 slides
after unilateral or bilateral implantation of a new Extended Range of Focus lens F. Goes, Jr.

after unilateral or bilateral implantation of a new Extended Range of Focus lens F. Goes, Jr.

Visual performance and defocus after unilateral or bilateral implantation of a new Extended Range of Focus lens F. Goes, Jr. MD Antwerp, Belgium 40 % TRIFOCAL IOL EUREQUO: 34 % BIFOCAL IOL WHAT ARE YOU USING TODAY? 18 % EXTENDED DEPTH

452 views • 16 slides
Extended Detention Basin Design w w w. t r a n s p o r t a t i o n . o h i o . g o v 1

Extended Detention Basin Design w w w. t r a n s p o r t a t i o n . o h i o . g o v 1

Extended Detention Basin Design w w w. t r a n s p o r t a t i o n . o h i o . g o v 1 Extended Detention w w w. t r a n s p o r t a t i o n . o h i o . g o v 2 Extended Detention Basin L&D Vol. 2 Section 1117.3 Provides quality and

733 views • 56 slides
Extended Binary Trees Recurrence relations After today, you should be able to explain what

Extended Binary Trees Recurrence relations After today, you should be able to explain what

Extended Binary Trees Recurrence relations After today, you should be able to explain what an extended binary tree is solve simple recurrences using patterns Today: Extended Binary Trees (on HW10) Recurrence relations, part

563 views • 20 slides
Leadscrew Slides Steel Extended Contact Bearing Stageses Stainless Steel Extended Contact

Leadscrew Slides Steel Extended Contact Bearing Stageses Stainless Steel Extended Contact

MANUAL POSITIONERS Mirror Mounts Leadscrew Slides Steel Extended Contact Bearing Stageses Stainless Steel Extended Contact Bearing Stages Inexpensive leadscrew slides Ideal for non-critical positioning

270 views • 4 slides
Estimating effects from extended regression models David M. Drukker Executive Director of

Estimating effects from extended regression models David M. Drukker Executive Director of

Estimating effects from extended regression models David M. Drukker Executive Director of Econometrics Stata Stata Conference Baltimore July 2627, 2017 Extended regression models Extended regression model (ERM) is a Stata term for a

449 views • 32 slides
KDI EER: The Extended ER Model Fausto Giunchiglia and Mattia Fumagallli University of Trento

KDI EER: The Extended ER Model Fausto Giunchiglia and Mattia Fumagallli University of Trento

KDI EER: The Extended ER Model Fausto Giunchiglia and Mattia Fumagallli University of Trento 0/61 Extended Entity Relationship Model The Extended Entity-Relationship (EER) model is a conceptual (or semantic ) data model, capable of describing

557 views • 32 slides
Extended Binary Trees Recurrence relations After today, you should be able to explain what

Extended Binary Trees Recurrence relations After today, you should be able to explain what

Extended Binary Trees Recurrence relations After today, you should be able to explain what an extended binary tree is solve simple recurrences using patterns } Today: Extended Binary Trees (on HW9) Recurrence relations, part 1 }

426 views • 19 slides
A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle,

A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle,

A model for the extended predicative Mahlo Universe Anton Setzer (joint work with Reinhard Kahle, Lisbon) Proof Society Workshop Ghent 6 September 2018 Anton Setzer The extended predicative Mahlo Universe 1/ 31 Explicit Mathematics Extended

510 views • 34 slides
The extended Global Sky Model (eGSM) Adrian Liu, Hubble Fellow, UC Berkeley The extended Global

The extended Global Sky Model (eGSM) Adrian Liu, Hubble Fellow, UC Berkeley The extended Global

The extended Global Sky Model (eGSM) Adrian Liu, Hubble Fellow, UC Berkeley The extended Global Sky Model (eGSM) project Adrian Liu, UC Berkeley Aaron Parsons, UC Berkeley Doyeon Avery Kim, UC Berkeley Josh Dillon, UC Berkeley Eric

591 views • 32 slides
Resonant Double Higgs Production in the Singlet Extended Standard Model at the LHC

Resonant Double Higgs Production in the Singlet Extended Standard Model at the LHC

Resonant Double Higgs Production in the Singlet Extended Standard Model at the LHC arXiv:1701.08774, submitted to PRD Matthew Sullivan, Ian M. Lewis University of Kansas Pheno 2017 Outline 1 Singlet Extended Standard Model 2 The Models

642 views • 20 slides

More recommend