poop icon indicating copy to clipboard operation
poop copied to clipboard

Published 20 hours ago verified publisher icon andrewrk

detect when perf is permission denied and give the user a helpful message

Open andrewrk opened this issue 1 year ago • 5 comments

https://unix.stackexchange.com/questions/14227/do-i-need-root-admin-permissions-to-run-userspace-perf-tool-perf-events-ar

https://github.com/andrewrk/poop/pull/16#issuecomment-1591996452

poop should inform the user how to configure their system to make it work without root access.

andrewrk avatar Jun 14 '23 21:06 andrewrk

We can use something similar to perf's message:

Error:
Access to performance monitoring and observability operations is limited.
Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open
access to performance monitoring and observability operations for processes
without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.
More information can be found at 'Perf events and tool security' document:
https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
perf_event_paranoid setting is 4:
  -1: Allow use of (almost) all events by all users
      Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
>= 0: Disallow raw and ftrace function tracepoint access
>= 1: Disallow CPU event access
>= 2: Disallow kernel profiling
To make the adjusted perf_event_paranoid setting permanent preserve it
in /etc/sysctl.conf (e.g. kernel.perf_event_paranoid = <setting>)

In particular we could include a shell command to make an non-permanent change in the setting, either: sudo echo 1 > /proc/sys/kernel/perf_event_paranoid or sudo sysctl kernel.perf_event_paranoid=1. I'm not 100% if 1 is the correct setting, but it seems to run for me with that.

dweiller avatar Jun 16 '23 20:06 dweiller

On my system sysctl kernel.perf_event_paranoid=3 is good enough (default value is 4) to let poop work, despite what the message from perf (above) and my system's man pages say about the different levels...

dweiller avatar Jun 19 '23 11:06 dweiller

Sadly, perf_event_open turns out unable test run on isolated VMs as it happens from GH actions, even using setcap.

  • https://github.com/actions/runner-images/issues/4974

kassane avatar Aug 11 '23 17:08 kassane

sysctl kernel.perf_event_paranoid=3 is working for me too. Xubuntu 23.04 x86_64

moderation avatar Sep 11 '23 21:09 moderation

sysctl kernel.perf_event_paranoid=3 is working for me too. Xubuntu 23.04 x86_64

On CI/CD test poop (release-safe build) not working:

 /home/runner/work/zig-http-benchmarks/zig-http-benchmarks/poop/src/main.zig:0:0: 0x2248f1 in main (poop)
/opt/hostedtoolcache/zig/master/x64/lib/std/start.zig:370:37: 0x218777 in posixCallMainAndExit (poop)
            var i: usize = 0;
                                    ^
/opt/hostedtoolcache/zig/master/x64/lib/std/start.zig:243:5: 0x2181b1 in _start (poop)
    asm volatile (switch (native_arch) {
    ^
???:?:?: 0xa in ??? (???)
Unwind information for `???:0xa` was not available, trace may be incomplete

./bench.sh: line 76:  5138 Aborted                 (core dumped) poop -d 100 "${commands[@]}"

output: https://github.com/kassane/zig-http-benchmarks/actions/runs/6159000724/job/16712925109#step:7:213 CI config: https://github.com/kassane/zig-http-benchmarks/blob/f79cf863f35598c81e5f696921e2d3551c71ad63/.github/workflows/benchmark.yml#L21-L27

kassane avatar Sep 12 '23 12:09 kassane