Re: [RFC PATCH 2/2] perf: Filter events based on perf-namespace
From: Peter Zijlstra
Date: Tue Jul 12 2016 - 10:28:16 EST
On Tue, Jul 12, 2016 at 08:55:17AM -0500, Eric W. Biederman wrote:
> I completely misread the description of this, or I would have something
> earlier. For some reason I thought he was talking about the perf
> controller.
>
> As I recall the tricky part of this was to have tracing that was safe
> and usable inside of a container. If you can align a per cgroup with
> your container that is probably sufficient for the select of processes.
>
> At the same time there is a real desire to have identifiers like pids
> translated into the appropriate form for inside of the container.
> Without that translation they are meaningless inside a container.
> Further it is necessary to be certain the trancing that is used is is
> safe for unprivileged users.
>
> I don't think I ever suggested or approved of the concept of a perf
> namespace and that sounds a bit dubious to me.
So perf uses the pid-namespace of the event-creator to report PID/TID
numbers in.
So sys_perf_event_open() -> perf_event_alloc() does
get_pid_ns(task_active_pid_ns(current)) to set event->ns and then we do:
task_{tgid,pid}_nr_ns(p, event->ns) to report the PID/TID resp., see
perf_event_{pid,tid}().