Re: Out-of-swap killer and SIGTERM signal

From: Ambert <ralph41096_at_protonmail.com>
Date: Wed, 12 Jan 2022 21:42:18 UTC
On 2022-01-12, Peter Jeremy <peterj_at_freebsd.org> wrote:
> There have been lots of discussions about this in the past, starting
> in about 1998, (though I agree that it's been about 4 years since the
> last discussion).  I suggest you search for "freebsd+sigdanger" for
> previous discussions.

Thank you for the keyword.  After a search, I find that the previous
threads containing the keyword "sigdanger" discuss extensively two
subjects:
  1) How to exclude a process from the reach of the OOM killer.  And
     how to ask the OOM killer to kill a given process first.
  2) How to provide feedback about memory usage to processes, to give
     them a hint that they should reduce their memory footprint, if
     possible.  This feedback can be a signal sent to all processes, or
     system-wide flags readable by any process who cares about a
     potential memory shortage.

Those two subjects are interesting, but I am talking about something
else.  My suggestion is almost never mentionned in previous threads.
When it is mentionned [1] [2], there is no objection whatsoever, from
anyone.  There is not even a comment about it.

Sending SIGTERM a few seconds before SIGKILL is useful because it
allows a condemned process to exit gracefully, just like it would
during a shutdown(8).  And it is simple to implement.  There is no need
to change the algorithm selecting condemned processes, and there is no
need to change a single line of code in userland.  For the
administrator, only two tasks require extra work:
 - set up a little bit of extra swap during the installation of
   FreeBSD
 - set a couple of sysctl values: the duration of the grace period
   (vm.grace_period = zero milliseconds by default), and the amount of
   extra swap that will not be usable normally (vm.grace_space = zero
   bytes by default)

Excerpt from a historical thread:
    On 1998-04-27, Jordan K. Hubbard <jkh_at_time.cdrom.com> wrote:
    > All the SIGDANGER (Will Robinson) signal is meant to do is give a
    > process a little _warning_ before it's chosen as the designated
    > sacrifice for the evening and terminated in an untimely fashion.
    >
    > I don't think the question here is "is this a good idea" - it's a
    > perfectly reasonable idea and one which has been proposed before.
    > The question here is really "what are the proposed semantics of
    > this mechanism?", e.g. how long do you wait from the time you
    > SIGDANGER the process and actually shoot it down, and what
    > happens if you're also critically short of resources and don't
    > have much time to wait?

[1]
https://docs.freebsd.org/cgi/getmsg.cgi?fetch=209768+0+archive/1998/freebsd-hackers/19980426.freebsd-hackers

[2]
https://lists.freebsd.org/pipermail/freebsd-current/2008-January/081743.html


Ambert