8000 Change container workload's default OOM Score by alexmwu · Pull Request #522 · google/go-tpm-tools · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Change container workload's default OOM Score #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 6, 2025
Merged

Change container workload's default OOM Score #522

merged 1 commit into from
Jan 6, 2025

Conversation

alexmwu
Copy link
Contributor
@alexmwu alexmwu commented Jan 3, 2025
edited
Loading

We currently rely on the random OOM Killer to delete processes when we have out of memory issues. This can lead to nondeterministic and potentially exploitable behavior where the OOM Killer can delete other sensitive processes. This change now makes the container workload a very likely candidate for the OOMKiller when the CS VM is experiencing out of memory issues.

Manually tested:

Before

wuale@cs-dbg-241000 ~ $ ps -ef --forest
root        1238       1  0 04:54 ?        00:00:00 /usr/bin/containerd-shim-run
root        1258    1238  0 04:54 ?        00:00:00  \_ nginx: master process ng
101         1295    1258  0 04:54 ?        00:00:00      \_ nginx: worker proces
101         1296    1258  0 04:54 ?        00:00:00      \_ nginx: worker proces
wuale@cs-dbg-241000 ~ $ cat /proc/1258/oom_score_adj
-998
wuale@cs-dbg-241000 ~ $ cat /proc/1295/oom_score_adj
-998
wuale@cs-dbg-241000 ~ $ cat /proc/1296/oom_score_adj
-998

After

wuale@cs-dbg-20250103-oomscoreadj ~ $ ps -ef --forest
root        1134       1  0 04:29 ?        00:00:04 /usr/bin/fluent-bit -c /etc/
root        2885       1  0 06:29 ?        00:00:00 /usr/bin/containerd-shim-run
root        2904    2885  0 06:29 ?        00:00:00  \_ nginx: master process ng
101         2938    2904  0 06:29 ?        00:00:00      \_ nginx: worker proces
101         2939    2904  0 06:29 ?        00:00:00      \_ nginx: worker proces
wuale@cs-dbg-20250103-oomscoreadj ~ $ cat /proc/2904/oom_score_adj
1000
wuale@cs-dbg-20250103-oomscoreadj ~ $ cat /proc/2938/oom_score_adj
1000
wuale@cs-dbg-20250103-oomscoreadj ~ $ cat /proc/2939/oom_score_adj
1000
wuale@cs-dbg-20250103-oomscoreadj ~ $

@alexmwu
Copy link
Contributor Author
alexmwu commented Jan 3, 2025

/gcbrun

@alexmwu
Copy link
Contributor Author
alexmwu commented Jan 3, 2025

/gcbrun

@alexmwu
Copy link
Contributor Author
alexmwu commented Jan 3, 2025

/gcbrun

@alexmwu
Copy link
Contributor Author
alexmwu commented Jan 3, 2025

/gcbrun

@alexmwu
Change container workload's default OOM Score
9eb32b0 
This makes the container workload a very likely candidate for the
OOMKiller when the CS VM is experiencing out of memory issues.
@alexmwu
Copy link
Contributor Author
alexmwu commented Jan 3, 2025

/gcbrun

@alexmwu alexmwu requested a review from jkl73 January 3, 2025 06:39
@alexmwu alexmwu merged commit ef8a29b into google:main Jan 6, 2025
11 checks passed
@alexmwu alexmwu deleted the oomscoreadj branch January 6, 2025 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkl73 jkl73 jkl73 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexmwu @jkl73
0