search

sio2project / sio2jail

A tool for supervising execution of programs submitted in algorithmic competitions
MIT License
30 stars 10 forks source link

perf event open failed: No such file or directory #21

Closed meithecatte closed 4 years ago

meithecatte commented 4 years ago

I am trying to use sio2jail as a local copy of the OI grading environment. I tried building the tool from source and running without any configuration options, which yielded this error:

[user@personal-dev oiejq]$ sio2jail ../nww
Exception occurred: Invalid configration, first bind mount must be root bind mount if namespace listener is used

Surprised that the defaults are invalid, I decided to use the oiejq wrapper, which I downloaded from the OIJ website. When that didn't work, I used the bash -x option to extract the exact command used. The error in both cases was:

[user@personal-dev oiejq]$ sio2jail -o oiaug --seccomp off --ptrace off --mount-namespace off --pid-namespace off --uts-namespace off --ipc-namespace off --net-namespace off --capability-drop off --user-namespace off -s -- ../nww
Exception occurred: System error occured: perf event open failed: No such file or directory: error 2: No such file or directory

Information that I feel might be related:

[user@personal-dev oiejq]$ sudo sysctl -w kernel.perf_event_paranoid=-1
kernel.perf_event_paranoid = -1
[user@personal-dev oiejq]$ sudo sysctl -w kernel.unpriviledged_userns_clone=1
sysctl: cannot stat /proc/sys/kernel/unpriviledged_userns_clone: No such file or directory
[user@personal-dev oiejq]$ uname -a
Linux personal-dev 4.19.80-1.pvops.qubes.x86_64 #1 SMP Sun Oct 20 14:41:34 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

The failed sysctl might be significant, but as far as I understand, it only applies to the sandboxing features, which are disabled by oiejq.

What should I do to diagnose/fix this issue?

Michcioperz commented 4 years ago

Surprised that the defaults are invalid, I decided to use the oiejq wrapper

It's not that the defaults are invalid, there are quite literally no defaults.

[user@personal-dev oiejq]$ uname -a
Linux personal-dev 4.19.80-1.pvops.qubes.x86_64 #1 SMP Sun Oct 20 14:41:34 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Oh wow, a Qubes OS user. (No offence meant, just didn't expect the set intersection of Qubes users and competitive programmers to be non-empty.)

I don't know much about Qubes, but I can imagine that the paravirtualization might be getting in the way. For instance, sio2jail/oiejq doesn't work on most servers from most VPS providers, because the VM you get doesn't have CPU hardware performance counters passthrough from the host CPU. Perhaps Qubes is the same.

Michcioperz commented 4 years ago 
[user@personal-dev oiejq]$ sudo sysctl -w kernel.unpriviledged_userns_clone=1
sysctl: cannot stat /proc/sys/kernel/unpriviledged_userns_clone: No such file or directory

I've heard that the userns sysctl is gone in recent kernels, so this makes sense. Maybe the docs need updating — maybe not yet still.

Wolf480pl commented 4 years ago

Yeah, it's probably because of virtualization.

Could you try running perf list hw and seeing if it outputs anything? If it doesn't, it means the VM doesn't have access to performance counters.

I know on Xen it's possible to enable virtual performance counters (a.k.a. vpmu), but I don't know how to do it on Qubes, or whether it's available/working on the version of Xen used by Qubes.

meithecatte commented 4 years ago

I don't know much about Qubes, but I can imagine that the paravirtualization might be getting in the way. For instance, sio2jail/oiejq doesn't work on most servers from most VPS providers, because the VM you get doesn't have CPU hardware performance counters passthrough from the host CPU. Perhaps Qubes is the same.

Thanks for the quick reply! I guess I'll try on some other machine and get back to you.

Oh wow, a Qubes OS user. (No offence meant, just didn't expect the set intersection of Qubes users and competitive programmers to be non-empty.)

Consider the intersection of (a) competitive programmers and cybersecurity enthusiasts, (b) cybersecurity enthusiasts and Qubes OS users.

Michcioperz commented 4 years ago

Consider the intersection of (a) competitive programmers and cybersecurity enthusiasts, (b) cybersecurity enthusiasts and Qubes OS users.

Sorry, when I was in high school a few years ago the intersection of people I knew and (a)-as-defined-by-you was empty, save for one of the guys who later ended up writing sio2jail.

meithecatte commented 4 years ago

I've heard that the userns sysctl is gone in recent kernels, so this makes sense. Maybe the docs need updating — maybe not yet still.

See #22.

Could you try running perf list hw and seeing if it outputs anything?

As predicted,

[user@personal-dev oiejq]$ perf list hw

List of pre-defined events (to be used in -e):

[user@personal-dev oiejq]$

However, the tool seems to work just fine on my non-Qubes system. Sorry for the bother.