swananan · swananan · Nov 3, 2025 · Nov 3, 2025 · Nov 3, 2025
diff --git a/docs/limitations.md b/docs/limitations.md
@@ -51,3 +51,9 @@ GhostScope scans `/proc/PID/maps` at startup to obtain loaded dynamic library in
 - **Shared-library targets (new processes)**: For processes that start after GhostScope, enable `--enable-sysmon-shared-lib` (or the matching config option) so globals can be resolved. This incurs extra system-wide work, so expect higher overhead on hosts with frequent process churn.
 
 > **Note**: The current sysmon pipeline still assumes the library is mapped when the exec event is handled; if a loader pulls it in much later, offsets are not retried yet.
+
+### 9. `-p <pid>` Mode inside Containers or WSL
+
+- The `-p` workflow filters events using `bpf_get_current_pid_tgid`, which returns the host kernel PID/ TGID. Inside PID namespaces (e.g., Docker, Kubernetes) or Windows Subsystem for Linux, the PID visible inside the container often differs from the host PID.
+- See [PID namespaces manual](https://www.man7.org/linux/man-pages/man7/pid_namespaces.7.html), [WSL issue #12408](https://github.com/microsoft/WSL/issues/12408), and [WSL issue #12115](https://github.com/microsoft/WSL/issues/12115) for details.
+- In these environments, either map the container/WSL PID to the host PID before using `-p`, or prefer `-t <binary>`/`-t <shared library>` where we attach uprobes by module path instead of PID.
diff --git a/docs/zh/limitations.md b/docs/zh/limitations.md
@@ -53,3 +53,9 @@ GhostScope 启动时会扫描进程的 `/proc/PID/maps` 获取已加载的动态
 提示：`-p <pid>` 模式下仍会自动计算并下发模块偏移，全局变量始终可用。
 
 > **说明**：目前 sysmon 假设共享库在 exec 事件处理时已经映射；若动态加载发生得更晚，目前不会自动重试。
+
+### 9. 容器 / WSL 场景下 `-p <pid>` 模式的软限制
+
+- `-p` 模式依赖 `bpf_get_current_pid_tgid` 获取宿主机视角的 PID/TGID。处于 PID namespace（例如 Docker、Kubernetes 容器）或 WSL 中时，容器内部看到的 PID 往往与宿主机不一致。
+- 参考 [PID namespaces 手册](https://www.man7.org/linux/man-pages/man7/pid_namespaces.7.html)、[WSL issue #12408](https://github.com/microsoft/WSL/issues/12408) 和 [WSL issue #12115](https://github.com/microsoft/WSL/issues/12115)。
+- 在这些环境使用 `-p` 时，请先确认宿主机实际 PID；或改用 `-t <二进制>` / `-t <共享库>` 模式，通过模块路径挂载 uprobe，避免 PID 不匹配导致事件过滤失败。
diff --git a/ghostscope-compiler/src/ebpf/codegen.rs b/ghostscope-compiler/src/ebpf/codegen.rs
@@ -381,7 +381,6 @@ impl<'ctx> EbpfContext<'ctx> {
                                     if data_len == 0 {
                                         return Err(CodeGenError::TypeSizeNotAvailable(v.name));
                                     }
-                                    // Remove legacy 1993-byte clamp; keep DWARF-reported size
                                     let module_hint = self.take_module_hint();
                                     Ok(ComplexArg {
                                         var_name_index: self
@@ -405,7 +404,6 @@ impl<'ctx> EbpfContext<'ctx> {
                             if data_len == 0 {
                                 return Err(CodeGenError::TypeSizeNotAvailable(v.name));
                             }
-                            // Remove legacy 1993-byte clamp; keep DWARF-reported size
                             let module_hint = self.take_module_hint();
                             Ok(ComplexArg {
                                 var_name_index: self

diff --git a/ghostscope-process/src/maps.rs b/ghostscope-process/src/maps.rs
@@ -146,6 +146,7 @@ pub fn ensure_pinned_proc_offsets_exists(max_entries: u32) -> anyhow::Result<()>
         }
     }
 }
+
 // Low-level bpf syscall wrapper for map update (avoids tight coupling to aya map wrappers)
 #[repr(C)]
 struct BpfMapUpdateAttr {

diff --git a/ghostscope/src/cli/runtime.rs b/ghostscope/src/cli/runtime.rs
@@ -21,8 +21,6 @@ pub async fn run_command_line_runtime_with_config(config: MergedConfig) -> Resul
     run_cli_with_session(session, script_content, &config).await
 }
 
-// Removed unused legacy runtime function to satisfy clippy without allow attributes
-
 /// Run CLI session with existing GhostSession and configuration
 async fn run_cli_with_session(
     mut session: GhostSession,

diff --git a/ghostscope/src/main.rs b/ghostscope/src/main.rs
@@ -1,5 +1,3 @@
-// Keep binary clippy-clean without allow attributes
-
 mod cli;
 mod config;
 mod core;
@@ -129,17 +127,6 @@ async fn main() -> Result<()> {
         info!("Using default configuration (no config file found)");
     }
 
-    // Log eBPF configuration settings
-    info!("eBPF Configuration:");
-    info!(
-        "  RingBuf size: {} bytes",
-        merged_config.ebpf_config.ringbuf_size
-    );
-    info!(
-        "  PerfEventArray page count: {}",
-        merged_config.ebpf_config.perf_page_count
-    );
-
     // Detect kernel eBPF capabilities once at startup
     if merged_config.ebpf_config.force_perf_event_array {
         warn!("⚠️  TESTING MODE: force_perf_event_array=true - will use PerfEventArray");

diff --git a/ghostscope/src/runtime/coordinator.rs b/ghostscope/src/runtime/coordinator.rs
@@ -48,8 +48,6 @@ pub async fn run_tui_coordinator_with_config(config: MergedConfig) -> Result<()>
         .await
 }
 
-// Removed unused legacy TUI coordinator to satisfy clippy without allow attributes
-
 /// Internal function to run TUI coordinator with UI configuration
 async fn run_tui_coordinator_with_ui_config_and_merged_config(
     parsed_args: ParsedArgs,
-Original file line number
+Diff line change
@@ Expand Up @@
             }
         }
     }
     // Low-level bpf syscall wrapper for map update (avoids tight coupling to aya map wrappers)
     #[repr(C)]
     struct BpfMapUpdateAttr {
@@ Expand Down @@