lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20160614164530.4192.79560.stgit@aravindap>
Date:	Tue, 14 Jun 2016 22:19:29 +0530
From:	Aravinda Prasad <aravinda@...ux.vnet.ibm.com>
To:	a.p.zijlstra@...llo.nl, linux-kernel@...r.kernel.org,
	rostedt@...dmis.org, mingo@...hat.com, paulus@...ba.org,
	acme@...nel.org, ebiederm@...ssion.com
Cc:	hbathini@...ux.vnet.ibm.com, ananth@...ibm.com
Subject: [RFC PATCH 0/2] perf: Container-aware tracing support

The RFC patch set supports filtering container specific events
when perf tool is executed inside a container. However, unlike
the previous approach [1], this requires containers to be created
with a new namespace "perf-namespace" (introduced in patch 1).

The basic idea is analogous to other namespaces: if event isolation
is required when running perf tool inside a container, then the
container should be created with perf-namespace.

Based on the feedback on the previous approach for container-aware
tracing [1] in Plumbers 2015 Containers Microconference [2] we have
come-up with a new prototype. The new prototype introduces a new
namespace "perf-namespace" (namespace name is just a placeholder.
name suggestions are welcome). The perf tool executed inside a
container created with perf-namespace reports only those events
that are triggered within the container. For example "perf record -a"
inside a container reports container-wide events; the "-a" flag
which stands for system-wide event collection takes the meaning of
container-wide event collection when executed inside a container.
We have tested perf-record, perf-stat and perf-top and we are
currently working on getting perf-probe (kprobe/uprobe) working.

Our previous prototype [1] required the container to be created
with PID namesapce and further required processes inside the
container grouped into a single perf_event cgroup. However,
during the discussion in Plumbers it was mentioned that the
requirement of PID namespace is insufficient for containers
that need access to the host PID namespace [3].

Work in progress:

    - Get perf-probe working for containers. We are planning to enhance
      tracefs to have multiple probe lists instances and then mount
      different instance of tracefs (using add newinstance mount option)
      for every perf namespace.

Patches are based on 4.7.0-rc2.

Suggestions and feedback are welcome.

[1] https://lkml.org/lkml/2015/7/15/192
[2] http://linuxplumbersconf.org/2015/ocw/sessions/2667.html
[3] Notes for container-aware tracing:
    https://etherpad.openstack.org/p/LPC2015_Containers

Regards,
Aravinda & Hari
---

Aravinda Prasad (1):
      perf: Filter events based on perf-namespace

Hari Bathini (1):
      perf/namespaces: Add a new namespace for isolated tracing


 fs/proc/namespaces.c           |    4 
 include/linux/nsproxy.h        |    2 
 include/linux/perf_event.h     |    8 +
 include/linux/perf_namespace.h |   58 +++++++
 include/linux/proc_ns.h        |    2 
 include/uapi/linux/sched.h     |    1 
 init/Kconfig                   |    7 +
 kernel/Makefile                |    1 
 kernel/events/core.c           |  347 ++++++++++++++++++++++++++++++++++++++++
 kernel/fork.c                  |    3 
 kernel/nsproxy.c               |   20 ++
 kernel/perf_namespace.c        |  132 +++++++++++++++
 12 files changed, 581 insertions(+), 4 deletions(-)
 create mode 100644 include/linux/perf_namespace.h
 create mode 100644 kernel/perf_namespace.c

-- 
Aravinda Prasad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ