Why performance tools need BPF

Posted on 2023-02-23 Edited on 2023-10-22 In Tech , Performance Views:

BPF is efficient, production safe and built into the Linux kernel. With BPF, you can use the performance tools in production environment without needing to add any new kernel components.

The following example summarizes the block I/O latency as a histogram.

$ biolatency
Tracing block device I/O... Hit Ctrl-C to end.
^C
usecs           : count     distribution
0 -> 1          : 0        |                                        |
2 -> 3          : 0        |                                        |
4 -> 7          : 1        |                                        |
8 -> 15         : 1        |                                        |
16 -> 31        : 66       |****************************************|
32 -> 63        : 11       |******                                  |
64 -> 127       : 21       |************                            |
128 -> 255      : 28       |****************                        |

The following figure explains how BPF improves the efficiency of this tool.

The BPF program is run in the kernel for each event. It fetches the block I/O latency which is saved into a BPF map histogram. In the user space, the BPF map histogram can be read and printed out.