Completely Passive eBPF Linux Stack Profiling Without Any Tracepoints
I just published a new Linux performance tool: xstack - Completely Passive eBPF Linux Stack Profiling Without Any Tracepoints
xstack is a lightweight, completely passive stack profiler for Linux that uses eBPF task iterators to sample thread states and stack traces without injecting any tracepoints, kprobes, or perf events into the system.
Thanks to using modern eBPF sleepable task iterators and the bpf_copy_from_user_task() helper, xstack can read the task states of all other threads in the system and read both their kernel and userspace stacks (where frame pointers are available).
This allows you to do full wall-clock time profiling (not only CPU) without having to inject any tracepoints or probes into the critical path of all the important processes in your system. And with xstack output, you can do CPU profiling without even using perf_events to inject interrupts to the critical paths!
This means that the overhead of running xstack is essentially none!
That's pretty cool! Thanks for sharing! I'm wondering, will the userspace program state change on the SMP system if you don't stop it? Like it might continue to run and modify the stacks, and the stack frame trace might be corrupt. How do you (or eBPF iter) make sure it's correct?
💯 👍 👏 🤝
Well, that may be a game changer. This is huge 🧐
Really cool, I’ll check it out Tanel!