From owner-freebsd-current@freebsd.org Mon Sep 9 18:13:34 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0815ADAA4E for ; Mon, 9 Sep 2019 18:13:34 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2m.ore.mailhop.org (outbound2m.ore.mailhop.org [54.149.155.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46Rx9n489Tz4LkQ for ; Mon, 9 Sep 2019 18:13:33 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1568052811; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=dDMr0Boc3Th5HN+DoCayLzudhO8wvUQy5Pp/AJ0CbtX0Ai8WthQGLPGxwu4EWAZM3w8gkYzEqbzYT oYi81heJhcoXW7XrzXkS0AgAzfYjqRT2FrznG/mCD9uM1D2WA7SoVoqO/Pv+jVaJW5vedx2t9zzynv /sQSeHanBUzEiyd3aeEeYALLuz+WKvw7XBXNA/gYwgp6NnsSGGPn3E3tUCjx/nZKdU22yHP9K6tHfh n5I9ArPAx5WjFeAHSHtJI0AUD5EBnVji30fJFEqnGiw/UhvLPITV1Cn/0zArvsg+buyVj/Yfx3Rx7x AC3HhK+QmaGGMrSlxJ/ZbwCFtrXIgMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=M6kE9IAaGxc8PIJ7D5sV1E8cnc9Ni9NeV7sCnyDluTw=; b=pdrTkgJp46fFHgVkw0Jxt9nYTocGQfYZLp5MQC9WfvUmrR14p+E4Pwtltz4aweclI6iBqvCq+qFMc cfZ/9wBgUHWsTpGXLaE3S/DzoKDt7DMbtNxe8X9I7QdZVNauEmwbHePte1B6k8rkb2HcWyKg+v/eKh lMQgo1V+OrAGu5LnyAl5qwgvyl12qDmhAHYa/OVpJHG79oCQGebxEzZvkiJevGNHIWDEGJXF6+QRO4 2N4q+2IS/MbPXUhvcd4wPilni9AyJMFmXOON+91mSiLTLAMzZmVhgdPBxEmNmV7uQRS+VudqHwiEGS aoLHaI/Ju4Dm+PvMGrOi6ZCbwBsa9EQ== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:from; bh=M6kE9IAaGxc8PIJ7D5sV1E8cnc9Ni9NeV7sCnyDluTw=; b=hbTbpjWqKPr2EHmVLGMW7XvABCQlKGkST9hj6rot0EQChgLnPMtRbC4MlEcjgIQ2jDcNWL1qz9aF+ jvjj5HWygkBAYA0ezbRWq3ewIY5G8UpqQ4VyPIRUJEYhbO7txfuXMGXYn7Jn1+JJTx9RbRoMiAOp5d Lrpr/ffCqelB/ou0sDGhPwnL7Mkyj0EaYQrSnPa+ePOTTZxWM3jwfihNp8c0NGTTe6fruljSd3opcP r7aKUz+rvi6fSU8OYF/XyF6i0IjVTkCI+ga+uPEXsr+2wY+VcwCwRcGeCcFwJ6XexZ18L+fWUAdV47 0ssc5zpZI4Wz4/K55kCcbjJvFNguOng== X-MHO-RoutePath: aGlwcGll X-MHO-User: 8375d43e-d32d-11e9-85ed-13b9aae3a1d2 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 8375d43e-d32d-11e9-85ed-13b9aae3a1d2; Mon, 09 Sep 2019 18:13:30 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id x89IDOXq063123; Mon, 9 Sep 2019 12:13:24 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: Subject: Re: ntpd segfaults on start From: Ian Lepore To: "Rodney W. Grimes" Cc: Cy Schubert , Konstantin Belousov , Harlan Stenn , Vladimir Zakharov , freebsd-current@freebsd.org Date: Mon, 09 Sep 2019 12:13:24 -0600 In-Reply-To: <201909091630.x89GUjGX044288@gndrsh.dnsmgr.net> References: <201909091630.x89GUjGX044288@gndrsh.dnsmgr.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46Rx9n489Tz4LkQ X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-2.00 / 15.00]; TAGGED_RCPT(0.00)[]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; ASN(0.00)[asn:16509, ipnet:54.148.0.0/15, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2019 18:13:34 -0000 On Mon, 2019-09-09 at 09:30 -0700, Rodney W. Grimes wrote: > > On Sat, 2019-09-07 at 09:28 -0700, Cy Schubert wrote: > > > In message <20190907161749.GJ2559@kib.kiev.ua>, Konstantin > > > Belousov writes: > > > > On Sat, Sep 07, 2019 at 08:45:21AM -0700, Cy Schubert wrote: > > > > > I've been able to set the memlock rlimit as low as 20 MB. The > > > > > issue is > > > > > letting it default to 0 which allows ntp to mlockall() > > > > > anything it wants. > > > > > ntpd on my sandbox is currently using 18 MB. > > > > > > > > Default stack size on amd64 is 512M, and default stack gap > > > > percentage is > > > > 3%. This means that the gap can be as large as ~17MB. If 3MB is > > > > enough > > > > for the stack of the main thread of ntpd, then fine. > > > > > > The default stack is 200K, which is also tuneable in ntp.conf. > > > > > > [...] > > > > I haven't seen anyone ask what I consider to be the crucial > > question > > yet: why are we locking ntpd into memory by default at all? > > > > I have seen two rationales for ntpd using mlockall() and > > setrlimit(): > > > > - There are claims that it improves timing performance. > > > > - Because ntpd is a daemon that can run for months at a time, > > setting limits on memory and stack growth can help detect and > > mitigate against memory leak problems in the daemon. > > Doesn't locking this memory down also protect ntpd from OOM kills? > If so that is a MUST preserve functionality, as IMHO killing ntpd > on a box that has it configured is a total no win situation. > Does it have that effect? I don't know. But I would argue that that's a separate issue, and we should make that happen by adding ntpd_oomprotect=YES to /etc/defaults/rc.conf Right now only syslogd has oomprotect set to YES by default. Maybe that's a good choice -- once we start declaring one daemon to be more important than others, you'll discover there's a whole back lot full of bikesheds that need painting. So maybe we should just document ntpd_oomprotect=YES in some more- prominent way. If we were to add a comment block to ntp.conf describing rlimit, that might be a good place to mention setting ntpd_oomprotect in rc.conf. -- Ian