Implement new perf elevated privilege system

Instead of using a script that changes system configuration temporarily,
just run perf as root.

To properly synchronize with a launched app (that should not run as root),
launch the app in a separate, initially stopped process, and use the
control fifo feature of perf to properly synchronize with it.

The control fifos are also needed to be able to stop sudo-perf, as one
does not have permission to SIGINT it anymore.

CMakeLists.txt

@@ -144,7 +144,6 @@ if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
 endif()
 
 add_subdirectory(3rdparty)
-add_subdirectory(scripts)
 
 include_directories(${CMAKE_CURRENT_BINARY_DIR})
 add_subdirectory(src)

README.md

@@ -407,12 +407,7 @@ Consider tweaking /proc/sys/kernel/perf_event_paranoid:
  2 - Disallow kernel profiling for unpriv
 ```
 
-To workaround this limitation, hotspot can temporarily elevate the perf privileges.
-This is achieved by applying
-[these steps](https://superuser.com/questions/980632/run-perf-without-root-right),
-bundled into [a script](scripts/elevate_perf_privileges.sh) that is run via `pkexec`, `kdesudo` or `kdesu`.
-The resulting elevated privileges are also required for kernel tracing in general and Off-CPU profiling in
-particular.
+To workaround this limitation, hotspot can run perf itself with elevated privileges.
 
 ### Export File Format
 

src/CMakeLists.txt

@@ -50,6 +50,8 @@ set(HOTSPOT_SRCS
  perfoutputwidgettext.cpp
  perfoutputwidgetkonsole.cpp
  costcontextmenu.cpp
+ initiallystoppedprocess.cpp
+ perfcontrolfifowrapper.cpp
  # ui files:
  mainwindow.ui
  aboutdialog.ui

src/initiallystoppedprocess.cpp

@@ -0,0 +1,125 @@
+/*
+ SPDX-FileCopyrightText: Zeno Endemann <[email protected]>
+ SPDX-FileCopyrightText: 2023 Klarälvdalens Datakonsult AB, a KDAB Group company, [email protected]
+
+ SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#include <cstring>
+
+#include "initiallystoppedprocess.h"
+
+#include <QDebug>
+#include <QFile>
+#include <QLoggingCategory>
+#include <QSocketNotifier>
+#include <QStandardPaths>
+
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <vector>
+
+namespace {
+Q_LOGGING_CATEGORY(initiallystoppedprocess, "hotspot.initiallystoppedprocess")
+
+void sendSignal(pid_t pid, int signal)
+{
+ if (!kill(pid, signal)) {
+ qCCritical(initiallystoppedprocess) << "Failed to send" << signal << "to" << pid << ":" << std::strerror(errno);
+ ;
+ }
+}
+}
+
+InitiallyStoppedProcess::~InitiallyStoppedProcess()
+{
+ kill();
+}
+
+bool InitiallyStoppedProcess::createProcessAndStop(const QString& exePath, const QStringList& exeOptions,
+ const QString& workingDirectory)
+{
+ kill();
+
+ // convert arguments and working dir into what the C API needs
+
+ std::vector<QByteArray> args;
+ args.reserve(exeOptions.size() + 1);
+ args.emplace_back(exePath.toLocal8Bit());
+ for (const auto& opt : exeOptions)
+ args.emplace_back(opt.toLocal8Bit());
+ const auto wd = workingDirectory.toLocal8Bit();
+
+ std::vector<char*> argsArray(args.size() + 1);
+ for (size_t i = 0; i < args.size(); ++i)
+ argsArray[i] = args[i].data();
+ argsArray.back() = nullptr;
+
+ // fork
+ m_pid = fork();
+
+ if (m_pid == 0) { // inside child process
+ // change working dir
+ if (!wd.isEmpty() && chdir(wd.data()) != 0)
+ qCCritical(initiallystoppedprocess)
+ << "Failed to change working directory to:" << wd.data() << std::strerror(errno);
+
+ // stop self
+ if (raise(SIGSTOP)) {
+ qCCritical(initiallystoppedprocess) << "Failed to raise SIGSTOP:" << std::strerror(errno);
+ ;
+ }
+
+ // exec
+ execvp(argsArray[0], argsArray.data());
+ qCCritical(initiallystoppedprocess) << "Failed to exec" << argsArray[0] << std::strerror(errno);
+ } else if (m_pid < 0) {
+ qCCritical(initiallystoppedprocess) << "Failed to fork:" << std::strerror(errno);
+ ;
+ return false;
+ }
+
+ return true;
+}
+
+bool InitiallyStoppedProcess::continueStoppedProcess()
+{
+ if (m_pid <= 0)
+ return false;
+
+ // wait for child to be stopped
+
+ int wstatus;
+ if (waitpid(m_pid, &wstatus, WUNTRACED) == -1) {
+ qCWarning(initiallystoppedprocess()) << "Failed to wait on process:" << std::strerror(errno);
+ }
+ if (!WIFSTOPPED(wstatus)) {
+ m_pid = -1;
+ return false;
+ }
+
+ // continue
+
+ sendSignal(m_pid, SIGCONT);
+ return true;
+}
+
+void InitiallyStoppedProcess::terminate()
+{
+ if (m_pid > 0)
+ sendSignal(m_pid, SIGTERM);
+}
+
+void InitiallyStoppedProcess::kill()
+{
+ if (m_pid > 0) {
+ sendSignal(m_pid, SIGILL);
+ if (waitpid(m_pid, nullptr, 0) < 0) {
+ qCWarning(initiallystoppedprocess()) << "failed to wait on pid:" << m_pid << std::strerror(errno);
+ }
+ m_pid = -1;
+ }
+}

src/initiallystoppedprocess.h

@@ -0,0 +1,42 @@
+/*
+ SPDX-FileCopyrightText: Zeno Endemann <[email protected]>
+ SPDX-FileCopyrightText: 2023 Klarälvdalens Datakonsult AB, a KDAB Group company, [email protected]
+
+ SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#pragma once
+
+#include <QObject>
+#include <QString>
+#include <QStringList>
+
+#include <memory>
+#include <unistd.h>
+
+class QSocketNotifier;
+
+class InitiallyStoppedProcess
+{
+ Q_DISABLE_COPY(InitiallyStoppedProcess)
+public:
+ InitiallyStoppedProcess() = default;
+ ~InitiallyStoppedProcess();
+
+ pid_t processPID() const
+ {
+ return m_pid;
+ }
+
+ // this function stop any existing child an then will create a process and ch into workDir. The process will then be
+ // stopped immediately. After receiving SIGCONT it will run exePath with exeOptions
+ bool createProcessAndStop(const QString& exePath, const QStringList& exeOptions, const QString& workingDirectory);
+
+ // continue stopped process creted by reset, will wait until child is stopped
+ bool continueStoppedProcess();
+ void terminate();
+ void kill();
+
+private:
+ pid_t m_pid = -1;
+};