Conversation
fabled
reviewed
Jul 23, 2025
This comment was marked as outdated.
This comment was marked as outdated.
florianl
force-pushed
the
draft-dynamic-uprobe
branch
from
877b141 to
89940ca
Compare
florianl
added a commit
that referenced
this pull request
Jul 30, 2025
strobelight-ctrl is a supplementary tool demoing the use of -load-probe from #651. This tool is inspired by the blog post [1] around always-on profiling and enabling users to dynamically attach probes to various points. [1]: https://engineering.fb.com/2025/01/21/production-engineering/strobelight-a-profiling-service-built-on-open-source-technology/ Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
florianl
added a commit
that referenced
this pull request
Jul 30, 2025
strobelight-ctrl is a supplementary tool demoing the use of -load-probe from #651. This tool is inspired by the blog post [1] around always-on profiling and enabling users to dynamically attach probes to various points. [1]: https://engineering.fb.com/2025/01/21/production-engineering/strobelight-a-profiling-service-built-on-open-source-technology/ Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
Merged
florianl
added a commit
that referenced
this pull request
Jul 30, 2025
strobelight-ctrl is a supplementary tool demoing the use of -load-probe from #651. This tool is inspired by the blog post [1] around always-on profiling and enabling users to dynamically attach probes to various points. [1]: https://engineering.fb.com/2025/01/21/production-engineering/strobelight-a-profiling-service-built-on-open-source-technology/ Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
Add support to dynamically attach to symbols of executables. E.g. to inspect memory allocations in Go one could attach a uprobe to runtime.mallocgc: ``` sudo ./ebpf-profiler -collection-agent=127.0.0.1:11000 -disable-tls -off-cpu-threshold 0.1 -uprobe /path/to/my/go/executable:runtime.mallocgc ``` Another interesting uproble in Go executables is runtime.gopark, that puts a Go routine into a waiting state. While ebpf-profiler allows attaching only to a single uprobe, using this project as OTel collector allows to attach to multiple uprobes at ones. Visualize uprobes with elastic/devfiler#38 Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
florianl
force-pushed
the
draft-dynamic-uprobe
branch
from
b15ce93 to
1b1ea8d
Compare
fabled
reviewed
Aug 13, 2025
fabled
reviewed
Aug 13, 2025
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
fabled
approved these changes
Aug 14, 2025
Contributor
fabled
left a comment
fabled
left a comment
There was a problem hiding this comment.
LGTM. One nit about not needing to copy/prepend the helpers but load them first in a separate block. Pre-approving though.
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
christos68k
approved these changes
Aug 21, 2025
This was referenced Sep 22, 2025
simonswine
added a commit
to simonswine/opentelemetry-ebpf-profiler
that referenced
this pull request
Sep 23, 2025
With open-telemetry#651 it is possible to attach uprobes, but they currently are merged together. This PR introduces the use of cookies (available from kernel 5.15+) to keep track of the links that lead to the events being generated. It now uses the symbol part of the uprobe link and propages it into the sample type. That is something that we currently don't do well enough. So let's look at this example: ``` --uprobe-link /nix/store/r7pnxs3cfl3qxwacj38iakpm5v1ch6lz-glibc-2.40-66/lib/libc.so.6:malloc --uprobe-link /nix/store/r7pnxs3cfl3qxwacj38iakpm5v1ch6lz-glibc-2.40-66/lib/libc.so.6:open --uprobe-link /proc/4501/root/usr/lib/aarch64-linux-gnu/libc.so.6:open --uprobe-link /proc/4501/root/usr/lib/aarch64-linux-gnu/libc.so.6:malloc ``` There would be resulting two sample types - `uprobe_malloc_events:count` - `uprobe_open_events:count`
simonswine
added a commit
to simonswine/opentelemetry-ebpf-profiler
that referenced
this pull request
Sep 23, 2025
With open-telemetry#651 it is possible to attach uprobes, but they currently are merged together. This PR introduces the use of cookies (available from kernel 5.15+) to keep track of the links that lead to the events being generated. It now uses the symbol part of the uprobe link and propages it into the sample type. That is something that we currently don't do well enough. So let's look at this example: ``` --uprobe-link /nix/store/r7pnxs3cfl3qxwacj38iakpm5v1ch6lz-glibc-2.40-66/lib/libc.so.6:malloc --uprobe-link /nix/store/r7pnxs3cfl3qxwacj38iakpm5v1ch6lz-glibc-2.40-66/lib/libc.so.6:open --uprobe-link /proc/4501/root/usr/lib/aarch64-linux-gnu/libc.so.6:open --uprobe-link /proc/4501/root/usr/lib/aarch64-linux-gnu/libc.so.6:malloc ``` There would be resulting two sample types - `uprobe_malloc_events:count` - `uprobe_open_events:count`
gnurizen
pushed a commit
to parca-dev/opentelemetry-ebpf-profiler
that referenced
this pull request
Sep 30, 2025
Signed-off-by: Florian Lehner <florian.lehner@elastic.co>
This was referenced Nov 10, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add support to dynamically attach to symbols of executables.
E.g. to inspect memory allocations in Go one could attach a uprobe to runtime.mallocgc:
Another interesting uprobe in Go executables is runtime.gopark, that puts a Go routine into a waiting state.
To identify potential uprobes, one could use something like this:
Visualize uprobes with https://github.com/elastic/devfiler