## Variable Monitor changelog ```log 11.9 多个变量监控支持 11.10 按照 pid 区分不同内核结构, 支持每个进程单独申请取消自己的监控. 11.13 用户接口 cancel_all_watch -> cancel_watch, 每个进程互不干扰. ``` ## 说明 监控 数值变量(给定 地址,长度), 超过设定条件打印系统堆栈信息. 同时监控数量 - 相同定时长度的监控 会被分为一组,对应一个定时器. - 一组最多 32 个变量,超过后会分配一个新的定时器. - 定时器数量全局最多 128 个. - 以上数量限制定义在 `watch_module.h` 头部宏. ## 使用 示例如 helloworld.c - 添加 `#include "watch.h"` - 对每个需要监控的变量 设置: 名称 && 地址 && 长度, 设置阈值, 比较方式, 定时器间隔(ns) 等. - `start_watch(watch_arg);` 启动监控 - 需要取消监控时调用 `cancel_watch();` 超出设定条件时,打印系统堆栈信息, `dmesg` 查看,如下示例: - 一个定时器内,多个变量超过阈值,堆栈信息不会重复输出; - 打印堆栈后定时器再启动时间为 1s, 1s 后开始下一个轮次监控. ```log [ 713.225894] ------------------------------------- [ 713.225900] -------------watch monitor----------- [ 713.225900] Threshold reached: [ 713.225901] name: temp0, threshold: 150, pid: 4261 [ 713.225902] name: temp1, threshold: 151, pid: 4261 [ 713.225903] name: temp2, threshold: 152, pid: 4261 [ 713.225904] name: temp3, threshold: 153, pid: 4261 [ 713.225904] name: temp4, threshold: 154, pid: 4261 [ 713.225905] name: temp5, threshold: 155, pid: 4261 [ 713.225905] name: temp6, threshold: 156, pid: 4261 [ 713.225906] name: temp7, threshold: 157, pid: 4261 [ 713.225906] name: temp8, threshold: 158, pid: 4261 [ 713.225907] name: temp9, threshold: 159, pid: 4261 [ 713.225907] name: temp10, threshold: 160, pid: 4261 [ 713.225908] name: temp11, threshold: 161, pid: 4261 [ 713.225908] name: temp12, threshold: 162, pid: 4261 [ 713.225909] name: temp13, threshold: 163, pid: 4261 [ 713.225909] name: temp14, threshold: 164, pid: 4261 [ 713.225910] name: temp15, threshold: 165, pid: 4261 [ 713.225910] name: temp16, threshold: 166, pid: 4261 [ 713.225911] name: temp17, threshold: 167, pid: 4261 [ 713.225911] name: temp18, threshold: 168, pid: 4261 [ 713.225912] name: temp19, threshold: 169, pid: 4261 [ 713.225912] name: temp20, threshold: 170, pid: 4261 [ 713.225913] name: temp21, threshold: 171, pid: 4261 [ 713.225913] name: temp22, threshold: 172, pid: 4261 [ 713.225914] name: temp23, threshold: 173, pid: 4261 [ 713.225914] name: temp24, threshold: 174, pid: 4261 [ 713.225915] name: temp25, threshold: 175, pid: 4261 [ 713.225915] name: temp26, threshold: 176, pid: 4261 [ 713.225916] name: temp27, threshold: 177, pid: 4261 [ 713.225916] name: temp28, threshold: 178, pid: 4261 [ 713.225916] name: temp29, threshold: 179, pid: 4261 [ 713.225917] name: temp30, threshold: 180, pid: 4261 [ 713.225917] name: temp31, threshold: 181, pid: 4261 [ 713.225918] Timestamp (ns): 1699846710299420862 [ 713.225919] Recent Load: 0.05, 0.12, 0.08 [ 713.225921] task: name rcu_gp, pid 3, state 1026 [ 713.225926] rescuer_thread+0x290/0x390 [ 713.225931] kthread+0xd7/0x100 [ 713.225932] ret_from_fork+0x1f/0x30 [ 713.225935] task: name rcu_par_gp, pid 4, state 1026 [ 713.225936] rescuer_thread+0x290/0x390 [ 713.225937] kthread+0xd7/0x100 [ 713.225938] ret_from_fork+0x1f/0x30 [ 713.225940] task: name netns, pid 5, state 1026 [ 713.225941] rescuer_thread+0x290/0x390 [ 713.225942] kthread+0xd7/0x100 ``` ### 参数说明 start_watch 传入的是 watch_arg 结构体.各个字段意义如下 - name 限制 `MAX_NAME_LEN`(15) 个有效字符 ```c typedef struct { pid_t task_id; // current process id char name[MAX_NAME_LEN + 1]; // name (15+1) void *ptr; // virtual address int length_byte; // byte long long threshold; // threshold value unsigned char unsigned_flag; // unsigned flag (true: unsigned, false: signed) unsigned char greater_flag; // reverse flag (true: >, false: <) unsigned long time_ns; // timer interval (ns) } watch_arg; ``` 一个初始化示例 ```c watch_args = (watch_arg){ .task_id = getpid(), .ptr = &temp, .name = "temp", .length_byte = sizeof(int), .threshold = 150 + i, .unsigned_flag = 0, .greater_flag = 1, .time_ns = 2000 + (i / 33) * 5000 }; ``` ## demo 项目主文件下 - `helloworld.c`: 测试大量变量监控 - `hptest.c`: 测试 hugePage 挂载 ```bash # 编译加载模块 make && insmod variable_monitor.ko ./helloworld ``` dmesg 可以看到打印的堆栈信息 ```bash # 卸载模块,清理编译文件 rmmod variable_monitor.ko && make clean ``` 仅在 `kernel 5.17.15-1.el8.x86_64` 测试,其他内核版本未测试. ## 其他 程序分为两部分: 字符设备 和 用户空间接口, 两者通过 ioctl 通信. 用户空间地址访问 - 用户程序传入的变量 虚拟地址, 使用 `get_user_pages_remote` 获取地址所在内存页, `kmap` 将其映射到内核. - 192.168.40.204 环境下,HugeTLB Pages 测试挂载正常. - 内存页地址 + 偏移量存入定时器对应的 `kernel_watch_arg` 中, hrTimer 轮询时访问 `kernel_watch_arg` 得到真实值. 定时器分组 - hrTimer 数据结构定义在全局数组 `kernel_wtimer_list`.分配定时器时,会检查遍历 `kernel_wtimer_list` 比较定时器间隔, - 相同定时间隔的 watch 分配到同一组,对应同一个 hrTimer. - 若一个定时器监控变量数量超过 `TIMER_MAX_WATCH_NUM` (32),则会创建一个新的 hrTimer. - hrTimer 的总数量(`kernel_wtimer_list` 数组长度)限制是 `MAX_TIMER_NUM`(128). 内存页 mount/unmount - `get_user_pages_remote`/ `kmap` 会增加对应的计数,需要对等的 `put_page`/`kunmap`. - 一个模块内全局链表 `watch_local_memory_list` 存储每一个成功挂载的变量对应的 page 和 kt,执行字符设备的 close 操作时,遍历并卸载. variable monitor 添加/删除 - kernel_watch_arg 数据结构中有 pid 的成员变量,但添加变量监控时,不按照进程区分. - 删除时遍历全部监控变量,比较 pid. - 删除造成的缺位,将最后的变量移动到空位, sentinel--; hrTimer 同理. 堆栈输出条件: 条件参考自 [diagnose-tools::load.c](https://github.com/alibaba/diagnose-tools/blob/e285bc4626a7d207eabd4a69cb276e1a3b1b7c76/SOURCE/module/kernel/load.c#L209) - `TASK` 要满足 TASK_RUNNING 和 `__task_contributes_to_load` 和 `TASK_IDLE`(可能有阻塞进程). - `__task_contributes_to_load` 对应内核宏 `task_contributes_to_loa`. ```c // https://www.spinics.net/lists/kernel/msg3582022.html // remove from 5.8.rc3,but it still work // whether the task contributes to the load #define __task_contributes_to_load(task) \ ((READ_ONCE(task->__state) & TASK_UNINTERRUPTIBLE) != 0 && (task->flags & PF_FROZEN) == 0 && \ (READ_ONCE(task->__state) & TASK_NOLOAD) == 0) ```