Re: [PATCH 1/2] tracing: show size of requested buffer

[Robin H. Johnson]

On Fri, Oct 08, 2021 at 06:13:48PM -0400, Steven Rostedt wrote:
> On Thu, 7 Oct 2021 17:26:04 +0000
> "Robin H. Johnson" <robbat2@xxxxxxxxxx> wrote:
> 
> > I was trying to think further what would make sense for the constant.
> > - What are the negative impacts of a too-large value?
> > - Is there demand for more reconfigurability? 
> > - Should PERF_MAX_TRACE_SIZE be a knob in Kconfig?
> 
> One thing you haven't discussed was, have you hit this warning, and if so,
> what were you doing?
Ah, I covered that in patch 2/2 in the original series, which discussed
why I was raising the limit, and how I came to the 8K value for
PERF_MAX_TRACE_SIZE.
https://lore.kernel.org/all/20210831043723.13481-2-robbat2@xxxxxxxxxx/

To summarize here:
$work requires that all employees run endpoint security software from
SentinalOne [1]. I can see that it uses trace/perf stuff to dig deeply
into what's taking place on the system.

Something in my personal setup/configuration, leads to SentinelOne
getting large perf backlogs during heavy workloads, primarily when I'm
doing deep things with containers (esp with tun devices inside
containers). I haven't been able to narrow it down much more than that,
and I don't have the source to SentinelOne at all.

It does feel like SentinelOne either has a leak of some sort, or gets a
backlog of work that takes a noticible amount of time to clean up.

[1] https://www.sentinelone.com/

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robbat2@xxxxxxxxxx
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Attachment: signature.asc
Description: PGP signature