| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jun 2016 22:19:29 +0530
From: Aravinda Prasad <aravinda@...ux.vnet.ibm.com>
To: a.p.zijlstra@...llo.nl, linux-kernel@...r.kernel.org,
rostedt@...dmis.org, mingo@...hat.com, paulus@...ba.org,
acme@...nel.org, ebiederm@...ssion.com
Cc: hbathini@...ux.vnet.ibm.com, ananth@...ibm.com
Subject: [RFC PATCH 0/2] perf: Container-aware tracing support
The RFC patch set supports filtering container specific events
when perf tool is executed inside a container. However, unlike
the previous approach [1], this requires containers to be created
with a new namespace "perf-namespace" (introduced in patch 1).
The basic idea is analogous to other namespaces: if event isolation
is required when running perf tool inside a container, then the
container should be created with perf-namespace.
Based on the feedback on the previous approach for container-aware
tracing [1] in Plumbers 2015 Containers Microconference [2] we have
come-up with a new prototype. The new prototype introduces a new
namespace "perf-namespace" (namespace name is just a placeholder.
name suggestions are welcome). The perf tool executed inside a
container created with perf-namespace reports only those events
that are triggered within the container. For example "perf record -a"
inside a container reports container-wide events; the "-a" flag
which stands for system-wide event collection takes the meaning of
container-wide event collection when executed inside a container.
We have tested perf-record, perf-stat and perf-top and we are
currently working on getting perf-probe (kprobe/uprobe) working.
Our previous prototype [1] required the container to be created
with PID namesapce and further required processes inside the
container grouped into a single perf_event cgroup. However,
during the discussion in Plumbers it was mentioned that the
requirement of PID namespace is insufficient for containers
that need access to the host PID namespace [3].
Work in progress:
- Get perf-probe working for containers. We are planning to enhance
tracefs to have multiple probe lists instances and then mount
different instance of tracefs (using add newinstance mount option)
for every perf namespace.
Patches are based on 4.7.0-rc2.
Suggestions and feedback are welcome.
[1] https://lkml.org/lkml/2015/7/15/192
[2] http://linuxplumbersconf.org/2015/ocw/sessions/2667.html
[3] Notes for container-aware tracing:
https://etherpad.openstack.org/p/LPC2015_Containers
Regards,
Aravinda & Hari
---
Aravinda Prasad (1):
perf: Filter events based on perf-namespace
Hari Bathini (1):
perf/namespaces: Add a new namespace for isolated tracing
fs/proc/namespaces.c | 4
include/linux/nsproxy.h | 2
include/linux/perf_event.h | 8 +
include/linux/perf_namespace.h | 58 +++++++
include/linux/proc_ns.h | 2
include/uapi/linux/sched.h | 1
init/Kconfig | 7 +
kernel/Makefile | 1
kernel/events/core.c | 347 ++++++++++++++++++++++++++++++++++++++++
kernel/fork.c | 3
kernel/nsproxy.c | 20 ++
kernel/perf_namespace.c | 132 +++++++++++++++
12 files changed, 581 insertions(+), 4 deletions(-)
create mode 100644 include/linux/perf_namespace.h
create mode 100644 kernel/perf_namespace.c
--
Aravinda Prasad
Powered by blists - more mailing lists