Presented by:

I've been a fan and user of GNU/Linux since the mid 90s. In my professional career I've been a programmer, systems administrator, and DBA. I really enjoy finding bugs and solving performance problems using a variety of debugging tools and techniques. I also enjoy programming in C, Python, Go, Perl, and Elisp.

Programs like iostat and iotop can tell you all sorts of interesting things about what's happening on your block devices. You can answer questions like: "How busy are my disks?" "What's my average latency?" "How many blocks per second am I writing?" "Which processes are doing the most disk I/O?"

What do you do when that information isn't detailed enough? While it's great to have statistics on how your disks are performing and which processes are responsible for generating most of the I/O, how do you answer a question like: "Which files are most actively being written to or read from and by whom?"

This question can be answered by blktrace, a block layer IO tracing mechanism which, among other things, provides detailed information about every logical block address (LBA) that is read and written from your disk. In this talk I'll show you how to run blktrace and how to interpret some of it's cryptic output. Using some arithmetic and debugfs I'll show you how to go from an LBA, to a disk partition, to a filesystem block, to an inode, and finally to a filename.

In this talk we'll also cover some fun things about the GNU/Linux 'ext' family of filesystems. "What's an inode?" "How are files broken up and organized into multiple disk blocks?" We'll explore these concepts using the debugfs tool, which we'll use to help us read file contents straight off the disk using dd. How cool is that?

Date:
2017 October 6 - 16:30
Duration:
50 min
Room:
Room 1113
Language:
Track:
Systems/Ops
Difficulty:
Medium

Happening at the same time:

  1. Verbose mode: an exploration of programming languages and craft
  2. Start Time:
    2017 October 6 16:30

    Room:
    Room 3199

  3. Hackers Gotta Eat
  4. Start Time:
    2017 October 6 16:30

    Room:
    Room 5104

  5. UEFI: What Is It and How Can We Exploit It For Fun And Profit
  6. Start Time:
    2017 October 6 16:30

    Room:
    Room 3187

  7. Ransomware: History, Analysis, & Mitigation
  8. Start Time:
    2017 October 6 16:30

    Room:
    Room 5102