Conversation
@llvm have you seen ioctl(PROCMAP_QUERY)? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed5d583a88a9207b866c14ba834984c6f3c51d23. It was added recently, in 6.11, but this will hopefully suck less going forward.
0
0
2

@llvm We shouldn't parse /proc anymore: we should rely on BPF instead. /usr/bin/ls shows /proc is empty, because reading a file from procfs essentially amounts to a system call. Reading the same information with BPF will be both faster and (in terms of system load) cheaper for large reads. Notably BPF relies on libllvm's JIT!

0
0
0

@llvm You bet: that's why BPF needs a JIT! Here is a tutorial with examples: https://bpftrace.org/hol/intro Here is an actual tracer: https://github.com/chaiken/BPF-sandbox/tree/main/investigate-PCIe-lockup With systemd integration, the tracer starts at boot and prints into the syslog.

Sadly, libllvm and its dependencies are a bit large, and won't necessarily fit on storage of embedded devices.

When you run /usr/bin/top, you can see that top itself uses a lot of CPU. All that is reading /proc. Someone should rewrite top, and yeah, my patches would be welcome.

1
0
0

@llvm Two more notes: I've read that Windows is adding support for BPF. Also, one need not use bpftrace: there are many precompiled binary utilities: https://www.brendangregg.com/ebpf.html#bcctools

0
0
0