diff --git a/docs/limitations.md b/docs/limitations.md index 3ac7733..bcd52ea 100644 --- a/docs/limitations.md +++ b/docs/limitations.md @@ -51,3 +51,9 @@ GhostScope scans `/proc/PID/maps` at startup to obtain loaded dynamic library in - **Shared-library targets (new processes)**: For processes that start after GhostScope, enable `--enable-sysmon-shared-lib` (or the matching config option) so globals can be resolved. This incurs extra system-wide work, so expect higher overhead on hosts with frequent process churn. > **Note**: The current sysmon pipeline still assumes the library is mapped when the exec event is handled; if a loader pulls it in much later, offsets are not retried yet. + +### 9. `-p ` Mode inside Containers or WSL + +- The `-p` workflow filters events using `bpf_get_current_pid_tgid`, which returns the host kernel PID/ TGID. Inside PID namespaces (e.g., Docker, Kubernetes) or Windows Subsystem for Linux, the PID visible inside the container often differs from the host PID. +- See [PID namespaces manual](https://www.man7.org/linux/man-pages/man7/pid_namespaces.7.html), [WSL issue #12408](https://github.com/microsoft/WSL/issues/12408), and [WSL issue #12115](https://github.com/microsoft/WSL/issues/12115) for details. +- In these environments, either map the container/WSL PID to the host PID before using `-p`, or prefer `-t `/`-t ` where we attach uprobes by module path instead of PID. diff --git a/docs/zh/limitations.md b/docs/zh/limitations.md index 3f061c6..a13874c 100644 --- a/docs/zh/limitations.md +++ b/docs/zh/limitations.md @@ -53,3 +53,9 @@ GhostScope 启动时会扫描进程的 `/proc/PID/maps` 获取已加载的动态 提示:`-p ` 模式下仍会自动计算并下发模块偏移,全局变量始终可用。 > **说明**:目前 sysmon 假设共享库在 exec 事件处理时已经映射;若动态加载发生得更晚,目前不会自动重试。 + +### 9. 容器 / WSL 场景下 `-p ` 模式的软限制 + +- `-p` 模式依赖 `bpf_get_current_pid_tgid` 获取宿主机视角的 PID/TGID。处于 PID namespace(例如 Docker、Kubernetes 容器)或 WSL 中时,容器内部看到的 PID 往往与宿主机不一致。 +- 参考 [PID namespaces 手册](https://www.man7.org/linux/man-pages/man7/pid_namespaces.7.html)、[WSL issue #12408](https://github.com/microsoft/WSL/issues/12408) 和 [WSL issue #12115](https://github.com/microsoft/WSL/issues/12115)。 +- 在这些环境使用 `-p` 时,请先确认宿主机实际 PID;或改用 `-t <二进制>` / `-t <共享库>` 模式,通过模块路径挂载 uprobe,避免 PID 不匹配导致事件过滤失败。 diff --git a/ghostscope-compiler/src/ebpf/codegen.rs b/ghostscope-compiler/src/ebpf/codegen.rs index 17300e5..c6e459d 100644 --- a/ghostscope-compiler/src/ebpf/codegen.rs +++ b/ghostscope-compiler/src/ebpf/codegen.rs @@ -381,7 +381,6 @@ impl<'ctx> EbpfContext<'ctx> { if data_len == 0 { return Err(CodeGenError::TypeSizeNotAvailable(v.name)); } - // Remove legacy 1993-byte clamp; keep DWARF-reported size let module_hint = self.take_module_hint(); Ok(ComplexArg { var_name_index: self @@ -405,7 +404,6 @@ impl<'ctx> EbpfContext<'ctx> { if data_len == 0 { return Err(CodeGenError::TypeSizeNotAvailable(v.name)); } - // Remove legacy 1993-byte clamp; keep DWARF-reported size let module_hint = self.take_module_hint(); Ok(ComplexArg { var_name_index: self diff --git a/ghostscope-process/src/maps.rs b/ghostscope-process/src/maps.rs index fb1d911..c0936bf 100644 --- a/ghostscope-process/src/maps.rs +++ b/ghostscope-process/src/maps.rs @@ -146,6 +146,7 @@ pub fn ensure_pinned_proc_offsets_exists(max_entries: u32) -> anyhow::Result<()> } } } + // Low-level bpf syscall wrapper for map update (avoids tight coupling to aya map wrappers) #[repr(C)] struct BpfMapUpdateAttr { diff --git a/ghostscope/src/cli/runtime.rs b/ghostscope/src/cli/runtime.rs index 9886166..32fe08e 100644 --- a/ghostscope/src/cli/runtime.rs +++ b/ghostscope/src/cli/runtime.rs @@ -21,8 +21,6 @@ pub async fn run_command_line_runtime_with_config(config: MergedConfig) -> Resul run_cli_with_session(session, script_content, &config).await } -// Removed unused legacy runtime function to satisfy clippy without allow attributes - /// Run CLI session with existing GhostSession and configuration async fn run_cli_with_session( mut session: GhostSession, diff --git a/ghostscope/src/main.rs b/ghostscope/src/main.rs index 8fb76f9..305ba71 100644 --- a/ghostscope/src/main.rs +++ b/ghostscope/src/main.rs @@ -1,5 +1,3 @@ -// Keep binary clippy-clean without allow attributes - mod cli; mod config; mod core; @@ -129,17 +127,6 @@ async fn main() -> Result<()> { info!("Using default configuration (no config file found)"); } - // Log eBPF configuration settings - info!("eBPF Configuration:"); - info!( - " RingBuf size: {} bytes", - merged_config.ebpf_config.ringbuf_size - ); - info!( - " PerfEventArray page count: {}", - merged_config.ebpf_config.perf_page_count - ); - // Detect kernel eBPF capabilities once at startup if merged_config.ebpf_config.force_perf_event_array { warn!("⚠️ TESTING MODE: force_perf_event_array=true - will use PerfEventArray"); diff --git a/ghostscope/src/runtime/coordinator.rs b/ghostscope/src/runtime/coordinator.rs index d56b07e..2b155f1 100644 --- a/ghostscope/src/runtime/coordinator.rs +++ b/ghostscope/src/runtime/coordinator.rs @@ -48,8 +48,6 @@ pub async fn run_tui_coordinator_with_config(config: MergedConfig) -> Result<()> .await } -// Removed unused legacy TUI coordinator to satisfy clippy without allow attributes - /// Internal function to run TUI coordinator with UI configuration async fn run_tui_coordinator_with_ui_config_and_merged_config( parsed_args: ParsedArgs,