Add support to dump processCache #2246
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tpapagian
added
the
release-note/misc
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
tpapagian
force-pushed
the
pr/apapag/dump-process-lru
branch
2 times, most recently
from
ceb385b
to
7bff683
Compare
tixxdz
reviewed
Mar 22, 2024
There was a problem hiding this comment.
Much appreciated @tpapagian ;-)
When merged I will add a send signal to also dump this to logs
api/v1/tetragon/sensors.proto
Outdated
| @@ -118,6 +121,20 @@ message GetVersionResponse{ | |||
| string version = 1; | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Could you please add comments here so they show up on gRPC reference doc, that this is for debugging only , do not use it
There was a problem hiding this comment.
Used generic GetDebugRequest rpc call.
| google.protobuf.UInt32Value refcnt = 3; | ||
| string refcntOps = 4; | ||
| } | ||
|
|
There was a problem hiding this comment.
same here and others, as we may change later have a generic debugDump with what to dump as an encoded operation for all type of dumps
There was a problem hiding this comment.
Also what does refcntOps mean here?
There was a problem hiding this comment.
same here and others, as we may change later have a generic debugDump with what to dump as an encoded operation for all type of dumps
Used generic GetDebugRequest rpc call.
Also what does refcntOps mean here?
Added a comment there.
| @@ -83,7 +83,7 @@ func GetProcessExec(event *MsgExecveEventUnix, useCache bool) *tetragon.ProcessE | |||
| } | |||
|
|
|||
| if parent != nil { | |||
| parent.RefInc() | |||
| parent.RefInc("parent") | |||
There was a problem hiding this comment.
maybe pass int constants and decode later to strings? up to you
There was a problem hiding this comment.
I make a try but this seems to complicate things a bit. So I would propose to keep that as it is if there are no objections from your side.
pkg/process/process.go
Outdated
| refcnt uint32 | ||
| color int // Writes should happen only inside gc select channel | ||
| refcnt uint32 | ||
| refcntOps map[string]int |
There was a problem hiding this comment.
What does refcntOps mean here? having some comments will help ;-)
pkg/process/cache.go
Outdated
| func (pc *Cache) refDec(p *ProcessInternal, reason string) { | ||
| p.refcntOpsLock.Lock() | ||
| if val, ok := p.refcntOps[reason]; ok { | ||
| p.refcntOps[reason] = val + 1 |
There was a problem hiding this comment.
I guess the reason here could be parent or process right? a bit confused why it is an increment? what value we get from this? my simplest suggestion would say having a separate track of increment and decrements could be better, but I'm missing something here ;-)
There was a problem hiding this comment.
This would be something like:
"refcntOps": {
"parent++": 2,
"parent--": 1,
"process++": 1
}which means that we count separately all increase and decrease operations. So the reason here can be: process++, process--, parent++, or parent--.
tpapagian
force-pushed
the
pr/apapag/dump-process-lru
branch
6 times, most recently
from
97d38a5
to
265664d
Compare
tpapagian
changed the title
mtardy
approved these changes
Sep 9, 2024
This patch adds support to print the contents of process cache. This may be useful during debugging.
Example:
$ sudo ./tetra dump processCache
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTAwNjgwMDAwMDAwOjE4OTg=", "pid":1898, "uid":1010, "cwd":"/home/apapag", "binary":"/home/apapag/.vscode-server/cli/servers/Stable-fee1edb8d6d72a0ddff41e5f71a671c23ed924b9/server/node", "arguments":"--dns-result-order=ipv4first /home/apapag/.vscode-server/cli/servers/Stable-fee1edb8d6d72a0ddff41e5f71a671c23ed924b9/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false", "flags":"procFS auid", "start_time":"2024-09-05T07:00:23.274832687Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6ODk5NTAwMDAwMDA6MTc3Ng==", "tid":1898}, "color":"inUse", "refcnt":5, "refcntOps":{"parent++":346, "parent--":342, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTQ0MDAwMDAwMDozMzM3OA==", "pid":33378, "uid":1010, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/bash", "flags":"procFS auid", "start_time":"2024-09-05T07:24:52.034832554Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTIyMDAwMDAwMDozMzM3Nw==", "tid":33378}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":30, "parent--":29, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM2Nzc1Nzc4NDo1MjE1Mg==", "pid":52152, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/sudo", "arguments":"./tetra dump processCache --skip-zero-refcnt", "flags":"execve clone", "start_time":"2024-09-05T07:46:14.962590751Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTQ0MDAwMDAwMDozMzM3OA==", "tid":52152}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":1, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NjMxOTI2OTo1MjE1NA==", "pid":52154, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/home/apapag/tetragon/tetra", "arguments":"dump processCache --skip-zero-refcnt", "flags":"execve clone", "start_time":"2024-09-05T07:46:14.971151996Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NTU4MTQxMTo1MjE1Mw==", "tid":52154}, "color":"inUse", "refcnt":1, "refcntOps":{"process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NTU4MTQxMTo1MjE1Mw==", "pid":52153, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/sudo", "arguments":"./tetra dump processCache --skip-zero-refcnt", "flags":"execve", "start_time":"2024-09-05T07:46:14.970414578Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM2Nzc1Nzc4NDo1MjE1Mg==", "refcnt":1, "tid":52153}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":2, "parent--":1, "process++":1}}
[...]
We also provide "--skip-zero-refcnt" command line argument to print only the entries with refcnt not equals to zero.
$ sudo ./tetra dump processCache --skip-zero-refcnt
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTAwNjgwMDAwMDAwOjE4OTg=", "pid":1898, "uid":1010, "cwd":"/home/apapag", "binary":"/home/apapag/.vscode-server/cli/servers/Stable-fee1edb8d6d72a0ddff41e5f71a671c23ed924b9/server/node", "arguments":"--dns-result-order=ipv4first /home/apapag/.vscode-server/cli/servers/Stable-fee1edb8d6d72a0ddff41e5f71a671c23ed924b9/server/out/bootstrap-fork --type=extensionHost --transformURIs --useHostProxy=false", "flags":"procFS auid", "start_time":"2024-09-05T07:00:23.274832687Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6ODk5NTAwMDAwMDA6MTc3Ng==", "tid":1898}, "color":"inUse", "refcnt":5, "refcntOps":{"parent++":346, "parent--":342, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTQ0MDAwMDAwMDozMzM3OA==", "pid":33378, "uid":1010, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/bash", "flags":"procFS auid", "start_time":"2024-09-05T07:24:52.034832554Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTIyMDAwMDAwMDozMzM3Nw==", "tid":33378}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":30, "parent--":29, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM2Nzc1Nzc4NDo1MjE1Mg==", "pid":52152, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/sudo", "arguments":"./tetra dump processCache --skip-zero-refcnt", "flags":"execve clone", "start_time":"2024-09-05T07:46:14.962590751Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6MTU2OTQ0MDAwMDAwMDozMzM3OA==", "tid":52152}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":1, "process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NjMxOTI2OTo1MjE1NA==", "pid":52154, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/home/apapag/tetragon/tetra", "arguments":"dump processCache --skip-zero-refcnt", "flags":"execve clone", "start_time":"2024-09-05T07:46:14.971151996Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NTU4MTQxMTo1MjE1Mw==", "tid":52154}, "color":"inUse", "refcnt":1, "refcntOps":{"process++":1}}
{"process":{"exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM3NTU4MTQxMTo1MjE1Mw==", "pid":52153, "uid":0, "cwd":"/home/apapag/tetragon", "binary":"/usr/bin/sudo", "arguments":"./tetra dump processCache --skip-zero-refcnt", "flags":"execve", "start_time":"2024-09-05T07:46:14.970414578Z", "auid":1010, "parent_exec_id":"YXBhcGFnLXVidW50dS1kZXY6Mjg1MjM2Nzc1Nzc4NDo1MjE1Mg==", "refcnt":1, "tid":52153}, "color":"inUse", "refcnt":2, "refcntOps":{"parent++":2, "parent--":1, "process++":1}}
[...]
Signed-off-by: Anastasios Papagiannis <[email protected]>
tpapagian
force-pushed
the
pr/apapag/dump-process-lru
branch
from
265664d
to
24fdda8
Compare
|
Hey @tpapagian any chance we could get this backported into v1.2? |
Sure! Will do that during the next week or so. |
tpapagian
added
backport-pending/1.2
Backport: #3038 |
tpapagian
added
backport-done/1.2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch adds support to print the contents of process cache. This may be useful during debugging.
Example:
We also provide "--skip-zero-refcnt" command line argument to print only the entries with refcnt not equals to zero.