Re: [lmi] perf

lmi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] perf

From:	Greg Chicares
Subject:	Re: [lmi] perf
Date:	Mon, 28 Sep 2020 12:02:19 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0

On 2020-09-27 18:44, Greg Chicares wrote:
> On 2020-09-27 17:57, Vadim Zeitlin wrote:
>> On Sat, 26 Sep 2020 23:14:21 +0000 Greg Chicares <gchicares@sbcglobal.net> 
>> wrote:
>> 
>> GC> My normal user doesn't have CAP_SYS_ADMIN. Apparently if you have
>> GC> that, you're almost root anyway, so I'm reluctant to give myself
>> GC> that privilege--at least when I become root, I'm aware that I need
>> GC> to be especially careful. Do you use root, or grant your normal
>> GC> user CAP_SYS_ADMIN, or run 'perf' in some other way?
>> 
>>  I just do what, I think, it told me to do, once I've tried using it
>> unsuccessfully, i.e. set kernel.perf_event_paranoid kernel parameter to 0
>> or -1 depending on my current actual level of paranoia. This can, of
>> course, be done temporarily, if you run perf only episodically.
>> 
>>  FWIW I definitely don't run perf as root -- not because I don't trust perf
>> itself, but because I don't trust my own programs, that would also run as
>> root then.
> 
> Oh. I didn't think of that. I guess that 'paranoid' thing is the
> least dangerous option.

For the record...I tried the latest official advice:
  https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
which doesn't use CAP_SYS_ADMIN:

# cd /usr/bin 
# groupadd perf_users
# chgrp perf_users perf
# chmod o-rwx perf
# ls -l perf
-rwxr-x--- 1 root perf_users 528 Jul 20  2018 perf
# setcap "cap_perfmon,cap_sys_ptrace,cap_syslog=ep" perf
fatal error: Invalid argument
# setcap "38,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
# setcap -v "38,cap_ipc_lock,cap_sys_ptrace,cap_syslog=ep" perf
perf: OK
# getcap perf
perf = cap_ipc_lock,cap_sys_ptrace,cap_syslog,38+ep
# usermod -aG perf_users greg

My normal user was already logged in, and 'groups' didn't show
my newly-added membership in 'perf_users', so I tried...

$ newgrp perf_users

but 'perf' still gave
  error 13 (Permission denied) ...
  Consider tweaking /proc/sys/kernel/perf_event_paranoid

so I fell back on...

# echo 1 >/proc/sys/kernel/perf_event_paranoid

and was able to use 'perf'.

Maybe kernel.org's advice will work when I eventually log out
and back in again.

>> GC> the seemingly brilliant idea of running 'perf' in my host
>> GC> (after installing it successfully there) to profile a binary
>> GC> in a chroot:
[...]
> [...and hilarity ensues...]
> 
>>  I don't really know what's going on here, but trying to run a binary from
>> chroot outside of chroot just seems weird. OTOH I still think you ought to
>> be able to run "perf record schroot -c bullseye0 /path/to/lmi_cli_shared"
>> or something like this, shouldn't you?
> 
> Thanks, I didn't think of that.

Perhaps chroots are just incompatible with 'perf'. This works:

$perf record -e cpu-clock sleep 1                        
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.017 MB perf.data (3 samples) ]
$perf report --stdio             

(the output is valid, even though it has little to say), but this fails:

$perf record -e cpu-clock -- schroot -c bullseye0 sleep 1
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.017 MB perf.data ]
zsh: terminated  perf record -e cpu-clock -- schroot -c bullseye0 sleep 1
$perf report --stdio                             
Error:
The perf.data file has no samples!

For the record (because it was hard to figure out), this command:

$schroot -c bullseye0 -- sh -c 
'LD_LIBRARY_PATH=/opt/lmi/gcc_x86_64-pc-linux-gnu/build/ship 
/opt/lmi/gcc_x86_64-pc-linux-gnu/build/ship/lmi_cli_shared --accept 
--data_path=/opt/lmi/data --selftest'

really does run a self-test, but trying to use it with 'perf'
fails with "zsh: terminated" as for the chroot 'sleep' above.

Then I had another idea that seemed brilliant--on my host,
try executing a program that resides in the chroot with an
LD_LIBRARY_PATH that includes a path to everything found
by running 'ldd' on that program. But that segfaulted,
even without 'perf':

$ chrtpath=/srv/chroot/bullseye0 ; 
lmipath=$chrtpath/opt/lmi/gcc_x86_64-pc-linux-gnu/build/ship ; 
LD_LIBRARY_PATH="$lmipath:$chrtpath/lib/x86_64-linux-gnu:$chrtpath/lib64/" 
$lmipath/lmi_cli_shared --accept --data_path=/opt/lmi/data --selftest
zsh: segmentation fault  
LD_LIBRARY_PATH="$lmipath:$chrtpath/lib/x86_64-linux-gnu:$chrtpath/lib64/"

My next step will be to compile lmi on the host. I haven't
installed gcc there yet, but 'buster' has gcc-8.3.0-1, which
should be good enough for now. For std::filesystem, we'll need
gcc-10, which is in 'bullseye', and I'm sure it can't be too
hard to install that in 'buster'.

[Prev in Thread]

Current Thread

[Next in Thread]

[lmi] perf, Greg Chicares, 2020/09/26
- Re: [lmi] perf, Vadim Zeitlin, 2020/09/27
  - Re: [lmi] perf, Greg Chicares, 2020/09/27
    - Re: [lmi] perf, Greg Chicares <=
    - Re: [lmi] perf, Vadim Zeitlin, 2020/09/28
    - Re: [lmi] perf, Greg Chicares, 2020/09/28
    - Re: [lmi] perf, Vadim Zeitlin, 2020/09/28
    - Re: [lmi] perf, Greg Chicares, 2020/09/29
    - Re: [lmi] perf, Vadim Zeitlin, 2020/09/29
    - Re: [lmi] perf, Greg Chicares, 2020/09/29
    - Re: [lmi] perf, Vadim Zeitlin, 2020/09/29
    - Re: [lmi] perf, Greg Chicares, 2020/09/29

Prev by Date: Re: [lmi] Question about using fardels
Next by Date: Re: [lmi] perf
Previous by thread: Re: [lmi] perf
Next by thread: Re: [lmi] perf
Index(es):
- Date
- Thread