Page MenuHomeFreeBSD

syslogd(8) add a protection against OOM killer.
AbandonedPublic

Authored by araujo on Jan 18 2016, 6:35 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 4, 7:26 AM
Unknown Object (File)
Fri, Oct 4, 4:17 AM
Unknown Object (File)
Sep 28 2024, 2:26 AM
Unknown Object (File)
Sep 24 2024, 2:49 PM
Unknown Object (File)
Sep 24 2024, 4:59 AM
Unknown Object (File)
Sep 23 2024, 2:05 PM
Unknown Object (File)
Sep 16 2024, 6:48 AM
Unknown Object (File)
Sep 16 2024, 6:48 AM
Subscribers

Details

Reviewers
rodrigc
bapt
imp
Group Reviewers
manpages
Summary

If the system exhausts available memory and swap, it starts to kill processes and report killed processes with syslog facility. syslogd(8) should not be killed or else system administrator has not complete information about the case. Practice shows that syslogd may be killed like any other process.

Let's teach syslogd to protect itself from OOM killer. The following patch introduces new command line option "-O" and system administrator is allowed to have a line in its /etc/rc.conf:

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204741
syslogd_flags="-O"

In this case, syslogd became protected.

Test Plan
  1. Create a VM with 256M of ram.
  2. Run syslogd with -O.
  3. Run anything else that will consume memory.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 2226
Build 2235: arc lint + arc unit

Event Timeline

araujo retitled this revision from to syslogd(8) add a protection against OOM killer..
araujo updated this object.
araujo edited the test plan for this revision. (Show Details)
araujo added reviewers: rodrigc, bapt.
araujo edited edge metadata.

why would this even be optional?

In D4973#105377, @imp wrote:

why would this even be optional?

Very good question, I have replied on that PR, that it should not be even optional, however, with an embedded system some people might want it optional.

Best.

In D4973#105377, @imp wrote:

why would this even be optional?

Very good question, I have replied on that PR, that it should not be even optional, however, with an embedded system some people might want it optional.

I've done embedded for a long time. I don't get this explanation at all. If it is optional, at all, it should be opt out. I'm having a hard time coming up with cases even in embedded where you wouldn't want this. Can you describe the actual use case? I'd imagine it would be exceedingly rare.

Best.

I do not see either the point of having this feature optional, if optional I find '-O' a weird option, I can't find an obvious translation for '-O', '-p' for protect seems straight forward :)

In D4973#105471, @imp wrote:
In D4973#105377, @imp wrote:

why would this even be optional?

Very good question, I have replied on that PR, that it should not be even optional, however, with an embedded system some people might want it optional.

I've done embedded for a long time. I don't get this explanation at all. If it is optional, at all, it should be opt out. I'm having a hard time coming up with cases even in embedded where you wouldn't want this. Can you describe the actual use case? I'd imagine it would be exceedingly rare.

Best.

Me too, and a case that is not rare if you are not aware of it yet is: access point over a mountain far away from anywhere..I would prefer my syslogd be killed than my sshd and I can't acces my device anymore.

So yes, there are cases!

In D4973#105483, @bapt wrote:

I do not see either the point of having this feature optional, if optional I find '-O' a weird option, I can't find an obvious translation for '-O', '-p' for protect seems straight forward :)

Disagree! -p and -P are both used, take a look on syslogd(8). -O to protect against OOM as explained in the man page

bjk added inline comments.
usr.sbin/syslogd/syslogd.8
31

Please update .Dd when a final change is committed.

257

I think this should be a capital O and not a zero?

In D4973#105483, @bapt wrote:

I do not see either the point of having this feature optional, if optional I find '-O' a weird option, I can't find an obvious translation for '-O', '-p' for protect seems straight forward :)

Disagree! -p and -P are both used, take a look on syslogd(8). -O to protect against OOM as explained in the man page

usr.sbin/syslogd/syslogd.8
257

You are right! It will be fixed soon.

araujo edited edge metadata.
  • Enable by default the protection against OOM killer.
  • Fix the typo in the manpage.
  • Bump DATE in the manpage.
araujo removed a subscriber: imp.
  • Remove debug messages.

Sorry for the noisy.

Now it is enabled by default with an opt out. Any comments?

I don't really like this patch at all.
This is a big behavioral change to syslogd.
Even though there is some special case because this is logging,
at some point you could ask, why not have this option in every daemon running on FreeBSD?

I'm not inclined to approve it.

I don't really like this patch at all.
This is a big behavioral change to syslogd.
Even though there is some special case because this is logging,
at some point you could ask, why not have this option in every daemon running on FreeBSD?

I'm not inclined to approve it.

Yes, it could be an option create something that could set the protection in daemon of choice. I will think something about it.

On syslogd(8) I had the same problem with OOM killer couple years ago in a project, back on that time we made something pretty much similar like this patch.

I still think, this patch is valuable.

Best,

gshapiro added inline comments.
usr.sbin/syslogd/syslogd.c
491

This should simply be "ProtectMode = 0;" -- no reason to continually decrement the value. Otherwise, if "-O" is specifed more than once, it actually reverses the intent since the later test (line 642) is simply testing if it is non-zero.