Cargo flamegraph

I tried to use "cargo flamegraph" on Linux (Ubuntu 20.04 LTS).

The executable needs the CAP_PERFMON capability to run. Reasonable enough. Then it turns out the Ubuntu "setcap" program is broken, and doesn't recognize CAP_PERFMON. Somebody built "setcap" with the wrong library. Reported and fixed for CentOS/RedHat a few months back. I just reported it for Ubuntu. Amazed this didn't get noticed by someone else long ago. I guess nobody does this much.

Doing everything as root, or giving "flamegraph" root-level permissions, would work around this, but that's insecure.

Am I doing this the hard way, or something?

The default permissions for perf have changed somewhat recently in Linux. To restore the old behavior, you can set /proc/sys/kernel/perf_event_paranoid. Values are as follows:

                  2   allow only user-space measurements (default since
                      Linux 4.6).
                  1   allow both kernel and user measurements (default
                      before Linux 4.6).
                  0   allow access to CPU-specific data but not raw
                      tracepoint samples.
                  -1  no restrictions.
1 Like

The default on Debian 10 seems to be 3.

I just dealt with this exact issue last week.

In Ubuntu 16.04 LTS, it's 3, and in Ubuntu 20.04 it's 4.

I'm looking around for a document that includes values 3 and 4, but I suspect 4 means "don't even think about getting performance data".

sudo sysctl kernel.perf_event_paranoid=1

probably will help, but it's a big hammer to change that system-wide. Don't do that on a server.

4 likely means: Even if you get any performance data, we'll knock down your door and take it away from you. :wink:

Yeah, I wouldn't change it on a server. Even on my workstation I only temporarily change it while profiling.

Reportedly, "setcap" on Ubuntu 21.xx understands CAP_PERFMON, but 20.04 LTS does not. Reported Ubuntu bug, since 20.04 LTS is supported until 2025.

I can not find anywhere in the linux kernel source that seems to deal with any values higher than two. Two and up seem to all be treated equally. Maybe it's a distro thing being used flag something for software other than the kernel?

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.