search

andrewrk / poop

Performance Optimizer Observation Platform
MIT License
788 stars 50 forks source link

detect when perf is permission denied and give the user a helpful message #17

Open andrewrk opened 1 year ago

andrewrk commented 1 year ago

https://unix.stackexchange.com/questions/14227/do-i-need-root-admin-permissions-to-run-userspace-perf-tool-perf-events-ar

https://github.com/andrewrk/poop/pull/16#issuecomment-1591996452

poop should inform the user how to configure their system to make it work without root access.

dweiller commented 1 year ago

We can use something similar to perf's message:

Error:
Access to performance monitoring and observability operations is limited.
Consider adjusting /proc/sys/kernel/perf_event_paranoid setting to open
access to performance monitoring and observability operations for processes
without CAP_PERFMON, CAP_SYS_PTRACE or CAP_SYS_ADMIN Linux capability.
More information can be found at 'Perf events and tool security' document:
https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
perf_event_paranoid setting is 4:
  -1: Allow use of (almost) all events by all users
      Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK
>= 0: Disallow raw and ftrace function tracepoint access
>= 1: Disallow CPU event access
>= 2: Disallow kernel profiling
To make the adjusted perf_event_paranoid setting permanent preserve it
in /etc/sysctl.conf (e.g. kernel.perf_event_paranoid = <setting>)

In particular we could include a shell command to make an non-permanent change in the setting, either: sudo echo 1 > /proc/sys/kernel/perf_event_paranoid or sudo sysctl kernel.perf_event_paranoid=1. I'm not 100% if 1 is the correct setting, but it seems to run for me with that.

dweiller commented 1 year ago

On my system sysctl kernel.perf_event_paranoid=3 is good enough (default value is 4) to let poop work, despite what the message from perf (above) and my system's man pages say about the different levels...

kassane commented 1 year ago

Sadly, perf_event_open turns out unable test run on isolated VMs as it happens from GH actions, even using setcap.

moderation commented 11 months ago

sysctl kernel.perf_event_paranoid=3 is working for me too. Xubuntu 23.04 x86_64

kassane commented 11 months ago

sysctl kernel.perf_event_paranoid=3 is working for me too. Xubuntu 23.04 x86_64

On CI/CD test poop (release-safe build) not working:

 /home/runner/work/zig-http-benchmarks/zig-http-benchmarks/poop/src/main.zig:0:0: 0x2248f1 in main (poop)
/opt/hostedtoolcache/zig/master/x64/lib/std/start.zig:370:37: 0x218777 in posixCallMainAndExit (poop)
            var i: usize = 0;
                                    ^
/opt/hostedtoolcache/zig/master/x64/lib/std/start.zig:243:5: 0x2181b1 in _start (poop)
    asm volatile (switch (native_arch) {
    ^
???:?:?: 0xa in ??? (???)
Unwind information for `???:0xa` was not available, trace may be incomplete

./bench.sh: line 76:  5138 Aborted                 (core dumped) poop -d 100 "${commands[@]}"

output: https://github.com/kassane/zig-http-benchmarks/actions/runs/6159000724/job/16712925109#step:7:213 CI config: https://github.com/kassane/zig-http-benchmarks/blob/f79cf863f35598c81e5f696921e2d3551c71ad63/.github/workflows/benchmark.yml#L21-L27