mirror of
https://github.com/systemd/systemd
synced 2024-07-22 18:55:10 +00:00
bb5232b6a3
Currently we spawn services by forking a child process, doing a bunch of work, and then exec'ing the service executable. There are some advantages to this approach: - quick: we immediately have access to all the enourmous amount of state simply by virtue of sharing the memory with the parent - easy to refactor and add features - part of the same binary, will never be out of sync There are however significant drawbacks: - doing work after fork and before exec is against glibc's supported case for several APIs we call - copy-on-write trap: anytime any memory is touched in either parent or child, a copy of that page will be triggered - memory footprint of the child process will be memory footprint of PID1, but using the cgroup memory limits of the unit The last issue is especially problematic on resource constrained systems where hard memory caps are enforced and swap is not allowed. As soon as PID1 is under load, with no page out due to no swap, and a service with a low MemoryMax= tries to start, hilarity ensues. Add a new systemd-executor binary, that is able to receive all the required state via memfd, deserialize it, prepare the appropriate data structures and call exec_child. Use posix_spawn which uses CLONE_VM + CLONE_VFORK, to ensure there is no copy-on-write (same address space will be used, and parent process will be frozen, until exec). The sd-executor binary is pinned by FD on startup, so that we can guarantee there will be no incompatibilities during upgrades. |
||
---|---|---|
.. | ||
_data | ||
_includes | ||
_layouts | ||
assets | ||
fonts | ||
sysvinit | ||
var-log | ||
.gitattributes | ||
.gitignore | ||
_config.yml | ||
ARCHITECTURE.md | ||
AUTOMATIC_BOOT_ASSESSMENT.md | ||
BLOCK_DEVICE_LOCKING.md | ||
BOOT_LOADER_INTERFACE.md | ||
BOOT_LOADER_SPECIFICATION.md | ||
BUILDING_IMAGES.md | ||
CGROUP_DELEGATION.md | ||
CODE_OF_CONDUCT.md | ||
CODE_QUALITY.md | ||
CODING_STYLE.md | ||
CONTAINER_INTERFACE.md | ||
CONTRIBUTING.md | ||
CONVERTING_TO_HOMED.md | ||
COREDUMP.md | ||
COREDUMP_PACKAGE_METADATA.md | ||
CREDENTIALS.md | ||
DESKTOP_ENVIRONMENTS.md | ||
DISCOVERABLE_PARTITIONS.md | ||
DISTRO_PORTING.md | ||
ELF_PACKAGE_METADATA.md | ||
ENVIRONMENT.md | ||
favicon.png | ||
favicon.svg | ||
FILE_DESCRIPTOR_STORE.md | ||
GROUP_RECORD.md | ||
HACKING.md | ||
HOME_DIRECTORY.md | ||
index.md | ||
INITRD_INTERFACE.md | ||
JOURNAL_EXPORT_FORMATS.md | ||
JOURNAL_FILE_FORMAT.md | ||
JOURNAL_NATIVE_PROTOCOL.md | ||
MEMORY_PRESSURE.md | ||
NETWORK_ONLINE.md | ||
PASSWORD_AGENTS.md | ||
PORTABILITY_AND_STABILITY.md | ||
PORTABLE_SERVICES.md | ||
PORTING_TO_NEW_ARCHITECTURES.md | ||
PREDICTABLE_INTERFACE_NAMES.md | ||
RANDOM_SEEDS.md | ||
RELEASE.md | ||
RESOLVED-VPNS.md | ||
ROOT_STORAGE_DAEMONS.md | ||
SECURITY.md | ||
style.css | ||
TEMPORARY_DIRECTORIES.md | ||
TESTING_WITH_SANITIZERS.md | ||
TPM2_PCR_MEASUREMENTS.md | ||
TRANSIENT-SETTINGS.md | ||
TRANSLATORS.md | ||
UIDS-GIDS.md | ||
USER_GROUP_API.md | ||
USER_NAMES.md | ||
USER_RECORD.md | ||
USERDB_AND_DESKTOPS.md |