From 5918a93355bc17a5ec79557c4555201d86b54266 Mon Sep 17 00:00:00 2001 From: Albert Brox Date: Tue, 13 Jul 2021 13:38:08 -0400 Subject: [PATCH] core: implement RuntimeMaxDeltaSec directive --- docs/TRANSIENT-SETTINGS.md | 2 ++ man/org.freedesktop.systemd1.xml | 12 ++++++++++ man/systemd.scope.xml | 9 +++++++ man/systemd.service.xml | 9 +++++++ src/core/dbus-scope.c | 4 ++++ src/core/dbus-service.c | 4 ++++ src/core/load-fragment-gperf.gperf.in | 2 ++ src/core/scope.c | 26 +++++++++++++++++---- src/core/scope.h | 1 + src/core/service.c | 25 ++++++++++++++++++-- src/core/service.h | 1 + src/shared/bus-unit-util.c | 4 ++++ test/fuzz/fuzz-unit-file/directives.scope | 1 + test/fuzz/fuzz-unit-file/directives.service | 1 + 14 files changed, 95 insertions(+), 6 deletions(-) diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md index d67f7f95e26..218a43c6b7c 100644 --- a/docs/TRANSIENT-SETTINGS.md +++ b/docs/TRANSIENT-SETTINGS.md @@ -320,6 +320,7 @@ Most service unit settings are available for transient units. ✓ RestartSec= ✓ RootDirectoryStartOnly= ✓ RuntimeMaxSec= +✓ RuntimeRandomizedExtraSec= Sockets= ✓ SuccessExitStatus= ✓ TimeoutAbortSec= @@ -395,6 +396,7 @@ such). ``` ✓ RuntimeMaxSec= +✓ RuntimeRandomizedExtraSec= ✓ TimeoutStopSec= ``` diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index e4972104d95..ee968e194d7 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -2317,6 +2317,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { readonly s TimeoutStopFailureMode = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly t RuntimeMaxUSec = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly t RuntimeRandomizedExtraUSec = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t WatchdogUSec = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") @@ -2890,6 +2892,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + @@ -3426,6 +3430,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + @@ -9745,6 +9751,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { readonly s Result = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly t RuntimeMaxUSec = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly t RuntimeRandomizedExtraUSec = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s Slice = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") @@ -9915,6 +9923,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + @@ -10093,6 +10103,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml index 6d991b915fd..acede4a10b2 100644 --- a/man/systemd.scope.xml +++ b/man/systemd.scope.xml @@ -112,6 +112,15 @@ active for longer than the specified time it is terminated and put into a failure state. Pass infinity (the default) to configure no runtime limit. + + + RuntimeRandomizedExtraSec= + + This option modifies RuntimeMaxSec= by increasing the maximum runtime by an + evenly distributed duration between 0 and the specified value (in seconds). If RuntimeMaxSec= is + unspecified, then this feature will be disabled. + + diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 4891f27ebad..5042066d0d1 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -695,6 +695,15 @@ + + RuntimeRandomizedExtraSec= + + This option modifies RuntimeMaxSec= by increasing the maximum runtime by an + evenly distributed duration between 0 and the specified value (in seconds). If RuntimeMaxSec= is + unspecified, then this feature will be disabled. + + + WatchdogSec= Configures the watchdog timeout for a service. diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c index 90ec6a686cd..109ad6f2ef5 100644 --- a/src/core/dbus-scope.c +++ b/src/core/dbus-scope.c @@ -47,6 +47,7 @@ const sd_bus_vtable bus_scope_vtable[] = { SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("RuntimeRandomizedExtraUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_rand_extra_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_SIGNAL("RequestStop", NULL, 0), SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END @@ -74,6 +75,9 @@ static int bus_scope_set_transient_property( if (streq(name, "RuntimeMaxUSec")) return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error); + if (streq(name, "RuntimeRandomizedExtraUSec")) + return bus_set_transient_usec(u, name, &s->runtime_rand_extra_usec, message, flags, error); + if (streq(name, "PIDs")) { _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; unsigned n = 0; diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c index 02628cd39ea..f42d97afac8 100644 --- a/src/core/dbus-service.c +++ b/src/core/dbus-service.c @@ -202,6 +202,7 @@ const sd_bus_vtable bus_service_vtable[] = { SD_BUS_PROPERTY("TimeoutStartFailureMode", "s", property_get_timeout_failure_mode, offsetof(Service, timeout_start_failure_mode), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("TimeoutStopFailureMode", "s", property_get_timeout_failure_mode, offsetof(Service, timeout_stop_failure_mode), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Service, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("RuntimeRandomizedExtraUSec", "t", bus_property_get_usec, offsetof(Service, runtime_rand_extra_usec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("WatchdogUSec", "t", property_get_watchdog_usec, 0, 0), BUS_PROPERTY_DUAL_TIMESTAMP("WatchdogTimestamp", offsetof(Service, watchdog_timestamp), 0), SD_BUS_PROPERTY("PermissionsStartOnly", "b", bus_property_get_bool, offsetof(Service, permissions_start_only), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN), /* 😷 deprecated */ @@ -447,6 +448,9 @@ static int bus_service_set_transient_property( if (streq(name, "RuntimeMaxUSec")) return bus_set_transient_usec(u, name, &s->runtime_max_usec, message, flags, error); + if (streq(name, "RuntimeRandomizedExtraUSec")) + return bus_set_transient_usec(u, name, &s->runtime_rand_extra_usec, message, flags, error); + if (streq(name, "WatchdogUSec")) return bus_set_transient_usec(u, name, &s->watchdog_usec, message, flags, error); diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in index 7bef95bec75..799a179430d 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in @@ -382,6 +382,7 @@ Service.TimeoutAbortSec, config_parse_service_timeout_abort, Service.TimeoutStartFailureMode, config_parse_service_timeout_failure_mode, 0, offsetof(Service, timeout_start_failure_mode) Service.TimeoutStopFailureMode, config_parse_service_timeout_failure_mode, 0, offsetof(Service, timeout_stop_failure_mode) Service.RuntimeMaxSec, config_parse_sec, 0, offsetof(Service, runtime_max_usec) +Service.RuntimeRandomizedExtraSec, config_parse_sec, 0, offsetof(Service, runtime_rand_extra_usec) Service.WatchdogSec, config_parse_sec, 0, offsetof(Service, watchdog_usec) {# The following five only exist for compatibility, they moved into Unit, see above #} Service.StartLimitInterval, config_parse_sec, 0, offsetof(Unit, start_ratelimit.interval) @@ -534,6 +535,7 @@ Path.DirectoryMode, config_parse_mode, {{ CGROUP_CONTEXT_CONFIG_ITEMS('Scope') }} {{ KILL_CONTEXT_CONFIG_ITEMS('Scope') }} Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec) +Scope.RuntimeRandomizedExtraSec, config_parse_sec, 0, offsetof(Scope, runtime_rand_extra_usec) Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec) {# The [Install] section is ignored here #} Install.Alias, NULL, 0, 0 diff --git a/src/core/scope.c b/src/core/scope.c index 560a7d9f3ee..8fdba646aa4 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -9,6 +9,7 @@ #include "load-dropin.h" #include "log.h" #include "process-util.h" +#include "random-util.h" #include "scope.h" #include "serialize.h" #include "special.h" @@ -51,6 +52,21 @@ static void scope_done(Unit *u) { s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); } +static int scope_running_timeout(Scope *s) { + usec_t delta = 0; + + assert(s); + + if (s->runtime_rand_extra_usec != 0) { + delta = random_u64_range(s->runtime_rand_extra_usec); + log_unit_debug(UNIT(s), "Adding delta of %s sec to timeout", FORMAT_TIMESPAN(delta, USEC_PER_SEC)); + } + + return usec_add(usec_add(UNIT(s)->active_enter_timestamp.monotonic, + s->runtime_max_usec), + delta); +} + static int scope_arm_timer(Scope *s, usec_t usec) { int r; @@ -209,7 +225,7 @@ static usec_t scope_coldplug_timeout(Scope *s) { switch (s->deserialized_state) { case SCOPE_RUNNING: - return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec); + return scope_running_timeout(s); case SCOPE_STOP_SIGKILL: case SCOPE_STOP_SIGTERM: @@ -262,10 +278,12 @@ static void scope_dump(Unit *u, FILE *f, const char *prefix) { fprintf(f, "%sScope State: %s\n" "%sResult: %s\n" - "%sRuntimeMaxSec: %s\n", + "%sRuntimeMaxSec: %s\n" + "%sRuntimeRandomizedExtraSec: %s\n", prefix, scope_state_to_string(s->state), prefix, scope_result_to_string(s->result), - prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC)); + prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC), + prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC)); cgroup_context_dump(UNIT(s), f, prefix); kill_context_dump(&s->kill_context, f, prefix); @@ -379,7 +397,7 @@ static int scope_start(Unit *u) { scope_set_state(s, SCOPE_RUNNING); /* Set the maximum runtime timeout. */ - scope_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec)); + scope_arm_timer(s, scope_running_timeout(s)); /* On unified we use proper notifications hence we can unwatch the PIDs * we just attached to the scope. This can also be done on legacy as diff --git a/src/core/scope.h b/src/core/scope.h index 0b0e1f8730f..03a9ba43243 100644 --- a/src/core/scope.h +++ b/src/core/scope.h @@ -25,6 +25,7 @@ struct Scope { ScopeResult result; usec_t runtime_max_usec; + usec_t runtime_rand_extra_usec; usec_t timeout_stop_usec; char *controller; diff --git a/src/core/service.c b/src/core/service.c index 9d8eef1f742..68485a241f4 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -29,6 +29,7 @@ #include "parse-util.h" #include "path-util.h" #include "process-util.h" +#include "random-util.h" #include "serialize.h" #include "service.h" #include "signal-util.h" @@ -514,6 +515,21 @@ static void service_remove_fd_store(Service *s, const char *name) { } } +static int service_running_timeout(Service *s) { + usec_t delta = 0; + + assert(s); + + if (s->runtime_rand_extra_usec != 0) { + delta = random_u64_range(s->runtime_rand_extra_usec); + log_unit_debug(UNIT(s), "Adding delta of %s sec to timeout", FORMAT_TIMESPAN(delta, USEC_PER_SEC)); + } + + return usec_add(usec_add(UNIT(s)->active_enter_timestamp.monotonic, + s->runtime_max_usec), + delta); +} + static int service_arm_timer(Service *s, usec_t usec) { int r; @@ -587,6 +603,9 @@ static int service_verify(Service *s) { if (s->runtime_max_usec != USEC_INFINITY && s->type == SERVICE_ONESHOT) log_unit_warning(UNIT(s), "RuntimeMaxSec= has no effect in combination with Type=oneshot. Ignoring."); + if (s->runtime_max_usec == USEC_INFINITY && s->runtime_rand_extra_usec != 0) + log_unit_warning(UNIT(s), "Service has RuntimeRandomizedExtraSec= setting, but no RuntimeMaxSec=. Ignoring."); + return 0; } @@ -855,8 +874,10 @@ static void service_dump(Unit *u, FILE *f, const char *prefix) { fprintf(f, "%sRuntimeMaxSec: %s\n" + "%sRuntimeRandomizedExtraSec: %s\n" "%sWatchdogSec: %s\n", prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC), + prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC), prefix, FORMAT_TIMESPAN(s->watchdog_usec, USEC_PER_SEC)); kill_context_dump(&s->kill_context, f, prefix); @@ -1118,7 +1139,7 @@ static usec_t service_coldplug_timeout(Service *s) { return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_start_usec); case SERVICE_RUNNING: - return usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec); + return service_running_timeout(s); case SERVICE_STOP: case SERVICE_STOP_SIGTERM: @@ -1989,7 +2010,7 @@ static void service_enter_running(Service *s, ServiceResult f) { service_enter_stop_by_notify(s); else { service_set_state(s, SERVICE_RUNNING); - service_arm_timer(s, usec_add(UNIT(s)->active_enter_timestamp.monotonic, s->runtime_max_usec)); + service_arm_timer(s, service_running_timeout(s)); } } else if (s->remain_after_exit) diff --git a/src/core/service.h b/src/core/service.h index 6d931c3d5e4..eaad95df6d2 100644 --- a/src/core/service.h +++ b/src/core/service.h @@ -111,6 +111,7 @@ struct Service { usec_t timeout_abort_usec; bool timeout_abort_set; usec_t runtime_max_usec; + usec_t runtime_rand_extra_usec; ServiceTimeoutFailureMode timeout_start_failure_mode; ServiceTimeoutFailureMode timeout_stop_failure_mode; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index e33e0c21e02..01b78952cdb 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1999,6 +1999,9 @@ static int bus_append_scope_property(sd_bus_message *m, const char *field, const if (streq(field, "RuntimeMaxSec")) return bus_append_parse_sec_rename(m, field, eq); + if (streq(field, "RuntimeRandomizedExtraSec")) + return bus_append_parse_sec_rename(m, field, eq); + if (streq(field, "TimeoutStopSec")) return bus_append_parse_sec_rename(m, field, eq); @@ -2031,6 +2034,7 @@ static int bus_append_service_property(sd_bus_message *m, const char *field, con "TimeoutStopSec", "TimeoutAbortSec", "RuntimeMaxSec", + "RuntimeRandomizedExtraSec", "WatchdogSec")) return bus_append_parse_sec_rename(m, field, eq); diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope index aa91ebbf588..4552d0b403d 100644 --- a/test/fuzz/fuzz-unit-file/directives.scope +++ b/test/fuzz/fuzz-unit-file/directives.scope @@ -50,6 +50,7 @@ NetClass= RestartKillSignal= RestrictNetworkInterfaces= RuntimeMaxSec= +RuntimeRandomizedExtraSec= SendSIGHUP= SendSIGKILL= Slice= diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service index aeea1d8731c..d9781f0492f 100644 --- a/test/fuzz/fuzz-unit-file/directives.service +++ b/test/fuzz/fuzz-unit-file/directives.service @@ -290,6 +290,7 @@ RuntimeDirectory= RuntimeDirectoryMode= RuntimeDirectoryPreserve= RuntimeMaxSec= +RuntimeRandomizedExtraSec= SELinuxContext= SecureBits= SendSIGHUP=