Skip to content

profil

Intro

profil - write execution times of processes/threads to a buffer

Description

The profil system call is used to write the execution times of a programs or threads to a user-specified buffer. It can be used to identify code paths which are heavily used or those that are less efficient. It has been largely replaced by existing performance analysis tools like perf and flame graphs.

Edge-cases should be taken into account when using the profil system call. The user-specified buffer will eventually fill up and depending on what kernel version is running, this can cause program terminating signals as the end of the buffer is hit. It is therefore important to make sure that the buffer used is large enough to avoid this case.

Arguments

  • buf:pointer[U] - the address of the buffer in the user memory.
  • buflen:unsigned int[U] - the size of the buffer in bytes.
  • offset:unsigned int[U] - the offset from the beginning of the buffer to start writing from. This should be no bigger than buflen.
  • scale:unsigned int[U] - the size of the scale to store the information. A scale of five, for example, would store the value in five-microsecond intervals.
  • pc:unsigned long[K] - the base address of the program counter used by the kernel for the profiling.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_profil

Type

Kprobe+kretprobe

Purpose

Assessing the performance of a user-space program or thread.

Example Use Case

Profiling and examining the performance of a given application or thread.

Issues

The buflen and offset parameters are user-specified and there is no limit checking on the kernel side, so care must be taken when using them, and the size of the buffer should be sutable large enough to avoid running out of space during use.

  • fork
  • execve
  • setitimer

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.