From 0e399955b06c7a135acc524ae85208fc614ce998 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 1 Nov 2024 05:51:10 +0100 Subject: [PATCH] Adjust default process/threads limit When VM is started with memory hotplug, the initial memory size is quite small. It is used for calculating default threads limit, and that in turns is used to calculate default process count limit per user. For a VM started with 400MB (the default) both limits are too low for some threads/processes-heavy applications like Firefox. Adjust the limits to a static higher value, based on defaults when memory hotplug is disabled (and rounded to a nice number). Fixes QubesOS/qubes-issues#8960 --- debian/qubes-core-agent.install | 2 ++ misc/20-qubes-core.conf | 5 +++++ misc/90-qubes-core.conf | 5 +++++ misc/Makefile | 2 ++ rpm_spec/core-agent.spec.in | 2 ++ 5 files changed, 16 insertions(+) create mode 100644 misc/20-qubes-core.conf create mode 100644 misc/90-qubes-core.conf diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install index a5577522..fecac009 100644 --- a/debian/qubes-core-agent.install +++ b/debian/qubes-core-agent.install @@ -56,6 +56,7 @@ etc/qubes/rpc-config/qubes.VMExecGUI etc/qubes/suspend-post.d/README etc/qubes/suspend-post.d/*.sh etc/qubes/suspend-pre.d/README +etc/security/limits.d/90-qubes-core.conf etc/sudoers.d/qt_x11_no_mitshm etc/sudoers.d/umask etc/sysctl.d/20_tcp_timestamps.conf @@ -106,6 +107,7 @@ lib/systemd/system/sysinit.target.d/30_qubes.conf lib/systemd/system/systemd-timesyncd.service.d/30_qubes.conf lib/systemd/system/systemd-logind.service.d/30_qubes.conf lib/systemd/resolved.conf.d/30_resolved-no-mdns-or-llmnr.conf +usr/lib/sysctl.d/20-qubes-core.conf usr/lib/systemd/user/tracker-extract-3.service.d/30_qubes.conf usr/lib/systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf usr/lib/systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf diff --git a/misc/20-qubes-core.conf b/misc/20-qubes-core.conf new file mode 100644 index 00000000..f1767352 --- /dev/null +++ b/misc/20-qubes-core.conf @@ -0,0 +1,5 @@ +# With memory hotplug enabled, default value is calculated based on the initial +# memory, and is too low for some heavy multi-threads applications like +# Firefox. Raise the limit + +kernel.threads-max = 51200 diff --git a/misc/90-qubes-core.conf b/misc/90-qubes-core.conf new file mode 100644 index 00000000..ac394650 --- /dev/null +++ b/misc/90-qubes-core.conf @@ -0,0 +1,5 @@ +# With memory hotplug enabled, default value is calculated based on the initial +# memory, and is too low (below 1000) for some heavy multi-threads applications +# like Firefox. Raise the limit +@qubes hard nproc 51200 +@qubes soft nproc 51200 diff --git a/misc/Makefile b/misc/Makefile index 8325e772..d8048727 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -52,6 +52,8 @@ install: install -m 0755 -d $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml install -m 0644 -t $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml xfce4-notifyd.xml install -m 0644 -t $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml displays.xml + install -m 0644 -D -t $(DESTDIR)/etc/securit/limits.d 90-qubes-core.conf + install -m 0644 -D -t $(DESTDIR)/usr/lib/sysctl.d 20-qubes-core.conf marker-vm: marker-vm.in printf "$(VERSION)" | cut -f 1,2 -d . | cat $< - > marker-vm diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in index 7f6dbc13..b60a9afc 100644 --- a/rpm_spec/core-agent.spec.in +++ b/rpm_spec/core-agent.spec.in @@ -974,6 +974,8 @@ rm -f %{name}-%{version} %config(noreplace) /etc/dconf/db/local.d/dpi %config(noreplace) /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml %config(noreplace) /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/displays.xml +%config(noreplace) /etc/security/limits.d/90-qubes-core.conf +/usr/lib/sysctl.d/20-qubes-core.conf %_udevrulesdir/50-qubes-mem-hotplug.rules %_unitdir/user@.service.d/90-session-stop-timeout.conf /usr/sbin/qubes-serial-login