Get deeper insights into your system with eBPF
Peak Performance
One of the best uses for the eBPF tools is to help you tune your system for maximum performance by identifying and removing bottlenecks at various levels. You can begin by using the runqlat tool to chart how long threads spend waiting in the CPU run queues. It prints a summary of the scheduler run queue latency in the form of a histogram, as shown in Figure 4.
Then there's the biolatency tool, which comes in handy to visualize the latency of block device I/O. The biolatency tool keeps track of the elapsed time from when a device is called to its completion. Like runqlat, this tool will also print a histogram once it ends, either manually or after a specified duration. A typical invocation will look like:
sudo biolatency-bpfcc -D 6 2
The -D
option instructs biolatency to print separate information for each block device. The first numeric value is the time interval for printing each summary, whereas the second numeric value informs biolatency of the total number of times it should collect information, after which point biolatency will automatically exit. Therefore, the previous command instructs biolatency to print the first histogram after 6 seconds of invoking the tool and another after another 6 seconds.
In addition to devices, there are also several tools for tracing filesystems. There's ext4slower for EXT4 filesystems, xfsslower for XFS, btrfsslower for BTRFS, nfsslower for NFS and zfsslower for ZFS file system. These tools will time the common filesystem operations and print a list of those that exceed a defined threshold. By default the threshold is set at 10ms, but you can customize it by specifying one manually (Listing 5).
Listing 5
Specifying a Threshold
The command in Listing 5 will display all filesystem operations that are slower than 100 ms. It measures the time it takes from when an operation is called from the virtual filesystem to its completion and flags it if it exceeds the specified threshold. This tool is ideal for picking up performance issues caused by slow disk I/O at the filesystem level. It is a lot better than statistics plotted by popular performance monitoring tools, since they depict the performance of the disk, when in fact the bottleneck can also be due to the inability of the filesystem to respond to the requests flooding in.
We've only touched upon some of the eBPF tools that are at your disposal to trace and inspect various areas of your installation. Remember, however, that just because you have the performance measurement tools, it doesn't mean that you'll be able to streamline the performance of your box. Interpreting the results of the trace requires a fair bit of understanding of how Linux works and its internals. So make sure you invest some time reading up about the internals of the Linux kernel before you begin to utilize these tools to chip away milliseconds and optimize your installation.
Also know that eBPF has a greater mandate than just tracing. Thanks to its architecture, it can also play a role in system security. It can be used to monitor and detect intrusions and may even become the de-facto means for enforcing firewalls in Linux.
Infos
- eBPF in the Linux Kernel: http://www.brendangregg.com/ebpf.html
- "The BSD Packet Filter: A New Architecture for User-level Packet Capture" by Steven McCanne and Van Jacobson: http://www.tcpdump.org/papers/bpf-usenix93.pdf
- bcc Project: https://github.com/iovisor/bcc
- bcc Installation: https://github.com/iovisor/bcc/blob/master/INSTALL.md
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.