Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Significant initialization slowdown from kallsyms parsing #4463

Open
oshaked1 opened this issue Dec 25, 2024 · 0 comments · May be fixed by #4464
Open

Significant initialization slowdown from kallsyms parsing #4463

oshaked1 opened this issue Dec 25, 2024 · 0 comments · May be fixed by #4464
Assignees
Labels
Milestone

Comments

@oshaked1
Copy link
Contributor

The current kallsyms implementation uses a lazy approach where only symbols marked as required ahead of time are stored. When looking up a symbol that wasn't marked as required fails, the symbol is added ad-hoc to the required symbols and the symbol table is refreshed (the entire /proc/kallsyms is read and parsed).

For the most part, symbols that will be looked up are added to the required symbols ahead of time. But there are some cases involving dependencies and kprobe attachments where there are lookup failures which result in a re-read of /proc/kallsyms. From a check I performed, a standard execution of tracee with no arguments resulted in /proc/kallsyms being parsed 11 times, accounting for more than 10% of the initialization time (around 0.7 seconds from a total of 5.8 seconds). This slowdown becomes much worse with more kprobe attachments. For example,. when supplying a long syscall list (~70 syscalls) for the susipcious_syscall_source event, the initialization takes 22 seconds, 15 of which are just from updating the symbol table.

@oshaked1 oshaked1 self-assigned this Dec 25, 2024
@oshaked1 oshaked1 linked a pull request Dec 25, 2024 that will close this issue
@geyslan geyslan added this to the v0.23.0 milestone Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants