diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-06-27 18:57:24 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-06-27 19:35:57 +0200 |
| commit | 0dc5d23c85db85f96b141d4d32deee8018e56a6a (patch) | |
| tree | 95d1a57ec4a8f21e3494d61baa77b9b6d3bedffb /src/journal | |
| parent | 1f97091d3cb0887c264176b47b0a86c269acf0b5 (diff) | |
coredump: add simple coredump vacuuming
When disk space taken up by coredumps grows beyond a configured limit
start removing the oldest coredump of the user with the most coredumps,
until we get below the limit again.
Diffstat (limited to 'src/journal')
| -rw-r--r-- | src/journal/coredump-vacuum.c | 272 | ||||
| -rw-r--r-- | src/journal/coredump-vacuum.h | 26 | ||||
| -rw-r--r-- | src/journal/coredump.c | 39 | ||||
| -rw-r--r-- | src/journal/coredump.conf | 2 | ||||
| -rw-r--r-- | src/journal/test-coredump-vacuum.c | 32 |
5 files changed, 358 insertions, 13 deletions
diff --git a/src/journal/coredump-vacuum.c b/src/journal/coredump-vacuum.c new file mode 100644 index 0000000000..ad2e2fa7f4 --- /dev/null +++ b/src/journal/coredump-vacuum.c @@ -0,0 +1,272 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2014 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <sys/statvfs.h> + +#include "util.h" +#include "time-util.h" +#include "hashmap.h" +#include "macro.h" + +#include "coredump-vacuum.h" + +#define DEFAULT_MAX_USE_LOWER (off_t) (1ULL*1024ULL*1024ULL) /* 1 MiB */ +#define DEFAULT_MAX_USE_UPPER (off_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ +#define DEFAULT_KEEP_FREE_UPPER (off_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ +#define DEFAULT_KEEP_FREE (off_t) (1024ULL*1024ULL) /* 1 MB */ + +struct vacuum_candidate { + unsigned n_files; + char *oldest_file; + usec_t oldest_mtime; +}; + +static void vacuum_candidate_free(struct vacuum_candidate *c) { + if (!c) + return; + + free(c->oldest_file); + free(c); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(struct vacuum_candidate*, vacuum_candidate_free); + +static void vacuum_candidate_hasmap_free(Hashmap *h) { + struct vacuum_candidate *c; + + while ((c = hashmap_steal_first(h))) + vacuum_candidate_free(c); + + hashmap_free(h); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(Hashmap*, vacuum_candidate_hasmap_free); + +static int uid_from_file_name(const char *filename, uid_t *uid) { + const char *p, *e, *u; + + p = startswith(filename, "core."); + if (!p) + return -EINVAL; + + /* Skip the comm field */ + p = strchr(p, '.'); + if (!p) + return -EINVAL; + p++; + + /* Find end up UID */ + e = strchr(p, '.'); + if (!e) + return -EINVAL; + + u = strndupa(p, e-p); + return parse_uid(u, uid); +} + +static bool vacuum_necessary(int fd, off_t sum, off_t keep_free, off_t max_use) { + off_t fs_size = 0, fs_free = (off_t) -1; + struct statvfs sv; + + assert(fd >= 0); + + if (fstatvfs(fd, &sv) >= 0) { + fs_size = sv.f_frsize * sv.f_blocks; + fs_free = sv.f_frsize * sv.f_bfree; + } + + if (max_use == (off_t) -1) { + + if (fs_size > 0) { + max_use = PAGE_ALIGN(fs_size / 10); /* 10% */ + + if (max_use > DEFAULT_MAX_USE_UPPER) + max_use = DEFAULT_MAX_USE_UPPER; + + if (max_use < DEFAULT_MAX_USE_LOWER) + max_use = DEFAULT_MAX_USE_LOWER; + } + + max_use = DEFAULT_MAX_USE_LOWER; + } else + max_use = PAGE_ALIGN(max_use); + + if (max_use > 0 && sum > max_use) + return true; + + if (keep_free == (off_t) -1) { + + if (fs_size > 0) { + keep_free = PAGE_ALIGN((fs_size * 3) / 20); /* 15% */ + + if (keep_free > DEFAULT_KEEP_FREE_UPPER) + keep_free = DEFAULT_KEEP_FREE_UPPER; + } else + keep_free = DEFAULT_KEEP_FREE; + } else + keep_free = PAGE_ALIGN(keep_free); + + if (keep_free > 0 && fs_free < keep_free) + return true; + + return false; +} + +int coredump_vacuum(int exclude_fd, off_t keep_free, off_t max_use) { + _cleanup_closedir_ DIR *d = NULL; + struct stat exclude_st; + int r; + + if (keep_free <= 0 && max_use <= 0) + return 0; + + if (exclude_fd >= 0) { + if (fstat(exclude_fd, &exclude_st) < 0) { + log_error("Failed to fstat(): %m"); + return -errno; + } + } + + /* This algorithm will keep deleting the oldest file of the + * user with the most coredumps until we are back in the size + * limits. Note that vacuuming for journal files is different, + * because we rely on rate-limiting of the messages there, + * to avoid being flooded. */ + + d = opendir("/var/lib/systemd/coredump"); + if (!d) { + if (errno == ENOENT) + return 0; + + log_error("Can't open coredump directory: %m"); + return -errno; + } + + for (;;) { + _cleanup_(vacuum_candidate_hasmap_freep) Hashmap *h = NULL; + struct vacuum_candidate *worst = NULL; + struct dirent *de; + off_t sum = 0; + + rewinddir(d); + + FOREACH_DIRENT(de, d, goto fail) { + struct vacuum_candidate *c; + struct stat st; + uid_t uid; + usec_t t; + + r = uid_from_file_name(de->d_name, &uid); + if (r < 0) + continue; + + if (fstatat(dirfd(d), de->d_name, &st, AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW) < 0) { + if (errno == ENOENT) + continue; + + log_warning("Failed to stat /var/lib/systemd/coredump/%s", de->d_name); + continue; + } + + if (!S_ISREG(st.st_mode)) + continue; + + if (exclude_fd >= 0 && + exclude_st.st_dev == st.st_dev && + exclude_st.st_ino == st.st_ino) + continue; + + r = hashmap_ensure_allocated(&h, NULL, NULL); + if (r < 0) + return log_oom(); + + t = timespec_load(&st.st_mtim); + + c = hashmap_get(h, UINT32_TO_PTR(uid)); + if (c) { + + if (t < c->oldest_mtime) { + char *n; + + n = strdup(de->d_name); + if (!n) + return log_oom(); + + free(c->oldest_file); + c->oldest_file = n; + c->oldest_mtime = t; + } + + } else { + _cleanup_(vacuum_candidate_freep) struct vacuum_candidate *n = NULL; + + n = new0(struct vacuum_candidate, 1); + if (!n) + return log_oom(); + + n->oldest_file = strdup(de->d_name); + if (!n->oldest_file) + return log_oom(); + + n->oldest_mtime = t; + + r = hashmap_put(h, UINT32_TO_PTR(uid), n); + if (r < 0) + return log_oom(); + + c = n; + n = NULL; + } + + c->n_files++; + + if (!worst || + worst->n_files < c->n_files || + (worst->n_files == c->n_files && c->oldest_mtime < worst->oldest_mtime)) + worst = c; + + sum += st.st_blocks * 512; + } + + if (!worst) + break; + + r = vacuum_necessary(dirfd(d), sum, keep_free, max_use); + if (r <= 0) + return r; + + if (unlinkat(dirfd(d), worst->oldest_file, 0) < 0) { + + if (errno == ENOENT) + continue; + + log_error("Failed to remove file %s: %m", worst->oldest_file); + return -errno; + } else + log_info("Removed old coredump %s.", worst->oldest_file); + } + + return 0; + +fail: + log_error("Failed to read directory: %m"); + return -errno; +} diff --git a/src/journal/coredump-vacuum.h b/src/journal/coredump-vacuum.h new file mode 100644 index 0000000000..7ad4399305 --- /dev/null +++ b/src/journal/coredump-vacuum.h @@ -0,0 +1,26 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +#pragma once + +/*** + This file is part of systemd. + + Copyright 2014 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <sys/types.h> + +int coredump_vacuum(int exclude_fd, off_t keep_free, off_t max_use); diff --git a/src/journal/coredump.c b/src/journal/coredump.c index ab8fd2cf0e..22e1932e2b 100644 --- a/src/journal/coredump.c +++ b/src/journal/coredump.c @@ -42,6 +42,7 @@ #include "stacktrace.h" #include "path-util.h" #include "compress.h" +#include "coredump-vacuum.h" #ifdef HAVE_ACL # include <sys/acl.h> @@ -121,10 +122,11 @@ static DEFINE_CONFIG_PARSE_ENUM(config_parse_coredump_compression, coredump_comp static CoredumpStorage arg_storage = COREDUMP_STORAGE_EXTERNAL; static CoredumpCompression arg_compression = COREDUMP_COMPRESSION_XZ; static unsigned arg_compression_level = LZMA_PRESET_DEFAULT; - static off_t arg_process_size_max = PROCESS_SIZE_MAX; static off_t arg_external_size_max = EXTERNAL_SIZE_MAX; static size_t arg_journal_size_max = JOURNAL_SIZE_MAX; +static off_t arg_keep_free = (off_t) -1; +static off_t arg_max_use = (off_t) -1; static int parse_config(void) { @@ -136,6 +138,8 @@ static int parse_config(void) { { "Coredump", "ProcessSizeMax", config_parse_iec_off, 0, &arg_process_size_max }, { "Coredump", "ExternalSizeMax", config_parse_iec_off, 0, &arg_external_size_max }, { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max }, + { "Coredump", "KeepFree", config_parse_iec_off, 0, &arg_keep_free }, + { "Coredump", "MaxUse", config_parse_iec_off, 0, &arg_max_use }, {} }; @@ -274,14 +278,14 @@ static int maybe_remove_external_coredump(const char *filename, off_t size) { return 1; } +static int save_external_coredump( + const char *info[_INFO_LEN], + uid_t uid, + char **ret_filename, + int *ret_fd, + off_t *ret_size) { -static int save_external_coredump(const char *info[_INFO_LEN], - uid_t uid, - char **ret_filename, - int *ret_fd, - off_t *ret_size) { - - _cleanup_free_ char *p = NULL, *t = NULL, *c = NULL, *fn = NULL, *tmp = NULL; + _cleanup_free_ char *p = NULL, *t = NULL, *c = NULL, *fn = NULL, *tmp = NULL, *u = NULL; _cleanup_close_ int fd = -1; sd_id128_t boot; struct stat st; @@ -300,6 +304,10 @@ static int save_external_coredump(const char *info[_INFO_LEN], if (!p) return log_oom(); + u = filename_escape(info[INFO_UID]); + if (!u) + return log_oom(); + t = filename_escape(info[INFO_TIMESTAMP]); if (!t) return log_oom(); @@ -311,8 +319,9 @@ static int save_external_coredump(const char *info[_INFO_LEN], } r = asprintf(&fn, - "/var/lib/systemd/coredump/core.%s." SD_ID128_FORMAT_STR ".%s.%s000000", + "/var/lib/systemd/coredump/core.%s.%s." SD_ID128_FORMAT_STR ".%s.%s000000", c, + u, SD_ID128_FORMAT_VAL(boot), p, t); @@ -333,12 +342,10 @@ static int save_external_coredump(const char *info[_INFO_LEN], r = copy_bytes(STDIN_FILENO, fd, arg_process_size_max); if (r == -E2BIG) { - log_error("Coredump of %s (%s) is larger than configured processing limit, refusing.", - info[INFO_PID], info[INFO_COMM]); + log_error("Coredump of %s (%s) is larger than configured processing limit, refusing.", info[INFO_PID], info[INFO_COMM]); goto fail; } else if (IN_SET(r, -EDQUOT, -ENOSPC)) { - log_error("Not enough disk space for coredump of %s (%s), refusing.", - info[INFO_PID], info[INFO_COMM]); + log_error("Not enough disk space for coredump of %s (%s), refusing.", info[INFO_PID], info[INFO_COMM]); goto fail; } else if (r < 0) { log_error("Failed to dump coredump to file: %s", strerror(-r)); @@ -646,6 +653,9 @@ int main(int argc, char* argv[]) { IOVEC_SET_STRING(iovec[j++], "MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1"); IOVEC_SET_STRING(iovec[j++], "PRIORITY=2"); + /* Vacuum before we write anything again */ + coredump_vacuum(-1, arg_keep_free, arg_max_use); + /* Always stream the coredump to disk, if that's possible */ r = save_external_coredump(info, uid, &filename, &coredump_fd, &coredump_size); if (r < 0) @@ -666,6 +676,9 @@ int main(int argc, char* argv[]) { IOVEC_SET_STRING(iovec[j++], coredump_filename); } + /* Vacuum again, but exclude the coredump we just created */ + coredump_vacuum(coredump_fd, arg_keep_free, arg_max_use); + /* Now, let's drop privileges to become the user who owns the * segfaulted process and allocate the coredump memory under * his uid. This also ensures that the credentials journald diff --git a/src/journal/coredump.conf b/src/journal/coredump.conf index 9f4edd34d9..050bde6491 100644 --- a/src/journal/coredump.conf +++ b/src/journal/coredump.conf @@ -15,3 +15,5 @@ #ProcessSizeMax=2G #ExternalSizeMax=2G #JournalSizeMax=767M +#MaxUse= +#KeepFree= diff --git a/src/journal/test-coredump-vacuum.c b/src/journal/test-coredump-vacuum.c new file mode 100644 index 0000000000..a4dd00125d --- /dev/null +++ b/src/journal/test-coredump-vacuum.c @@ -0,0 +1,32 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2012 Zbigniew Jędrzejewski-Szmek + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdlib.h> + +#include "coredump-vacuum.h" + +int main(int argc, char *argv[]) { + + if (coredump_vacuum(-1, (off_t) -1, 70 * 1024) < 0) + return EXIT_FAILURE; + + return EXIT_SUCCESS; +} |