Phenomenon
When try to use helper function bpf_get_current_pid_tgid to get current pid and tgid in the BCC prog, it always can see the pid=0 in the output when it be used to handle tracepoints/kprobe of network related functions.
SoftIrq
Kernel handles softirq in two paths:
- irq_exit()->invoke_softirq() This is called after hardware interrupt
- ksoftirqd->invoke_softirq() This is handled by ksoftirqd
When hardware IRQ interrupts the system during CPU is idle, then the pid used by bpf_get_current_pid_tgid() is 0.
If many cpus are idle, and then you may get many pid=0 when call this helper function, so it is not uniq to use this pid_tgid as key for a map. This may cause some events lost when you don’t remind of this.
Network Latency
For the handle paths of softirq, we can see that two common cases that can caused network latency.
-
irq had been off for too long time
-
ksoftirqd is blocked by other process runs on the CPU
There are tools that used to detect these two issues. For example: