Hi Ashley, Could it be that you're reaching the maxactive bound and thus some probes are missed? From the kprobes documentation [1]:
While the probed function is executing, its return address is stored in an object of type kretprobe_instance. Before calling register_kretprobe(), the user sets the maxactive field of the kretprobe struct to specify how many instances of the specified function can be probed simultaneously. register_kretprobe() pre-allocates the indicated number of kretprobe_instance objects. For example, if the function is non-recursive and is called with a spinlock held, maxactive = 1 should be enough. If the function is non-recursive and can never relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should be enough. If maxactive <= 0, it is set to a default value. If CONFIG_PREEMPT is enabled, the default is max(10, 2*NR_CPUS). Otherwise, the default is NR_CPUS. I tried to patch bcc [2] to set the maxactive value to 1000 on attach_kretprobe, but it didn't make a difference when running your script. Maybe you could check the nmissed field mentioned in the documentation (with a kernel module instead of bpf)? Paul 1 - https://www.kernel.org/doc/Documentation/kprobes.txt 2 - https://github.com/pchaigno/bcc/tree/bump-maxactive -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1570): https://lists.iovisor.org/g/iovisor-dev/message/1570 Mute This Topic: https://lists.iovisor.org/mt/29702757/21656 Group Owner: [email protected] Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
