earlyoom: add recipe
This daemon kills processes that use too much memory in order to prevent
the system from becoming unresponsive.
Only add the recipe for now. Platforms have to opt in to get earlyoom.
Tested: Built the recipe and inspected the resulting files
Fusion-Link: n/a, no effect yet
Platforms-Affected: none
Google-Bug-Id: 391462556
Change-Id: I1c8f17cfa09a44f639d9740c71e104b19f169392
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
diff --git a/recipes-extended/earlyoom/earlyoom_git.bb b/recipes-extended/earlyoom/earlyoom_git.bb
new file mode 100644
index 0000000..e302bf2
--- /dev/null
+++ b/recipes-extended/earlyoom/earlyoom_git.bb
@@ -0,0 +1,32 @@
+DESCRIPTION = "Early OOM Daemon for Linux"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=875c33872f2633c48ce20e87d8cd3270"
+
+inherit systemd
+inherit obmc-phosphor-systemd
+
+DEPENDS += "systemd"
+
+RDEPENDS:${PN} += "bash"
+
+SRC_URI = " \
+ git://github.com/rfjakob/earlyoom.git;branch=master;protocol=https \
+ file://0001-Allow-process_mrelease-system-call.patch \
+ file://earlyoom.default \
+"
+
+SRCREV = "90f1a6704e505d2b3d41dcc1677e23af80d6319a"
+S = "${WORKDIR}/git"
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "earlyoom.service"
+
+EXTRA_OEMAKE += "PREFIX=/usr DESTDIR=${D}"
+
+do_install() {
+ oe_runmake install
+
+ install -d ${D}/etc/default
+ install -m 0644 ${WORKDIR}/earlyoom.default ${D}/etc/default/earlyoom
+}
diff --git a/recipes-extended/earlyoom/files/0001-Allow-process_mrelease-system-call.patch b/recipes-extended/earlyoom/files/0001-Allow-process_mrelease-system-call.patch
new file mode 100644
index 0000000..9c48061
--- /dev/null
+++ b/recipes-extended/earlyoom/files/0001-Allow-process_mrelease-system-call.patch
@@ -0,0 +1,51 @@
+From 498f7e1ad6ca9a3fcca728f008e0025fa558c540 Mon Sep 17 00:00:00 2001
+From: Benjamin Fair <benjaminfair@google.com>
+Date: Tue, 21 Jan 2025 21:48:53 +0000
+Subject: [PATCH] Allow process_mrelease system call
+
+We found that earlyoom called process_mrelease when executing the kill
+process, but it was terminated by the systemd syscall filter with the
+SIGSYS signal. The process_mrelease needs to be added to the filter list
+to prevent the above situation from happening.
+
+tested:
+```
+root@bmc:~# tail /dev/zero
+Terminated
+root@bmc:~# journalctl -u earlyoom
+Sep 22 07:54:08 bmc systemd[1]: Started Early OOM Daemon.
+Sep 22 07:54:08 bmc (earlyoom)[340]: earlyoom.service: PrivateNetwork=yes is configured, but the kernel does not support or we lack privileges for network namespace, proceeding without.
+Sep 22 07:54:08 bmc (earlyoom)[340]: earlyoom.service: ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.
+Sep 22 07:54:09 bmc earlyoom[340]: earlyoom v1.7-41-g90f1a67
+Sep 22 07:54:09 bmc earlyoom[340]: mem total: 701 MiB, user mem total: 635 MiB, swap total: 0 MiB
+Sep 22 07:54:09 bmc earlyoom[340]: sending SIGTERM when mem <= 10.00% and swap <= 10.00%,
+Sep 22 07:54:09 bmc earlyoom[340]: SIGKILL when mem <= 5.00% and swap <= 5.00%
+Sep 22 07:56:36 bmc earlyoom[340]: mem avail: 56 of 593 MiB ( 9.58%), swap free: 0 of 0 MiB ( 0.00%)
+Sep 22 07:56:36 bmc earlyoom[340]: low memory! at or below SIGTERM limits: mem 10.00%, swap 10.00%
+Sep 22 07:56:36 bmc earlyoom[340]: sending SIGTERM to process 1323 uid 0 "tail": badness 1122, VmRSS 479 MiB
+Sep 22 07:56:36 bmc earlyoom[340]: process 1323 cmdline "tail /dev/zero"
+Sep 22 07:56:36 bmc earlyoom[340]: process 1323 exited after 0.268 seconds
+```
+
+Google-Bug-Id: 317729352
+Signed-off-by: Jerry Wan <jerry.wan@quanta.corp-partner.google.com>
+Signed-off-by: Benjamin Fair <benjaminfair@google.com>
+---
+ earlyoom.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/earlyoom.service.in b/earlyoom.service.in
+index 7919dff..4c32641 100644
+--- a/earlyoom.service.in
++++ b/earlyoom.service.in
+@@ -45,6 +45,7 @@ RestrictAddressFamilies=AF_UNIX
+
+ SystemCallArchitectures=native
+ SystemCallFilter=@system-service
++SystemCallFilter=process_mrelease
+ SystemCallFilter=~@resources @privileged
+
+ [Install]
+--
+2.48.0.rc2.279.g1de40edade-goog
+
diff --git a/recipes-extended/earlyoom/files/earlyoom.default b/recipes-extended/earlyoom/files/earlyoom.default
new file mode 100644
index 0000000..c58b5b7
--- /dev/null
+++ b/recipes-extended/earlyoom/files/earlyoom.default
@@ -0,0 +1 @@
+EARLYOOM_ARGS="-r 0"
