Verification done on xenial-proposed.
With the new systemd and dbus packages, there are no leaked sessions
after the test-case of ssh loop.
The autopkgtests regressions reported previously are unrelated to this
change (comments #11 to #16).
cheers,
Mauricio
Setup
---
$ sudo snap install --beta --classic multipass
$ multipass launch --cpus 2 --mem 8G --disk 8G --name lp1846787 xenial
$ multipass shell lp1846787
$ lsb_release -cs
xenial
$ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ sudo apt update && sudo apt -y upgrade && sudo reboot
xenial-updates: there are leaked sessions after ssh loop. (bad)
---
$ multipass shell lp1846787
$ dpkg -s systemd dbus | grep ^Version:
Version: 229-4ubuntu21.22
Version: 1.10.6-1ubuntu3.4
$ find /run/systemd/system/ -name 'session-*.scope.d' | wc -l
1
$ find /run/systemd/system/ -name '*.scope.d'
/run/systemd/system/session-1.scope.d
$ for i in {1..1000}; do sleep 0.01; ssh localhost sleep 1 & done
...
[1000] 12191
$ jobs
$
$ find /run/systemd/system/ -name 'session-*.scope.d' | wc -l
32
$ find /run/systemd/system/ -name 'session-*.scope.d'
/run/systemd/system/session-906.scope.d
/run/systemd/system/session-896.scope.d
/run/systemd/system/session-848.scope.d
...
/run/systemd/system/session-1.scope.d
xenial-proposed: there are NO leaked sessions after ssh loop. (good; tested 3x)
---
$ echo 'deb http://archive.ubuntu.com/ubuntu xenial-proposed main' | sudo tee
/etc/apt/sources.list.d/xenial-proposed.list
$ sudo apt update && sudo apt -y install systemd dbus && sudo reboot
$ multipass shell lp1846787
$ dpkg -s systemd dbus | grep ^Version:
Version: 229-4ubuntu21.23
Version: 1.10.6-1ubuntu3.5
$ find /run/systemd/system/ -name 'session-*.scope.d' | wc -l
1
$ find /run/systemd/system/ -name 'session-*.scope.d'
/run/systemd/system/session-1.scope.d
$ for i in {1..1000}; do sleep 0.01; ssh localhost sleep 1 & done
...
[1000] 12462
$ jobs
$
$ find /run/systemd/system/ -name 'session-*.scope.d' | wc -l
1
$ find /run/systemd/system/ -name 'session-*.scope.d'
/run/systemd/system/session-1.scope.d
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1846787
Title:
systemd-logind leaves leftover sessions and scope files
Status in dbus package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Fix Released
Status in dbus source package in Xenial:
Fix Committed
Status in systemd source package in Xenial:
Fix Committed
Bug description:
[Impact]
Scope file leakage can cause SSH delays and reduce performance in systemd
[Description]
The current systemd-logind version present in Xenial can leave abandoned SSH
sessions and scope files in cases where the host sees a lot of concurrent SSH
connections. These leftover sessions can slow down systemd performance
greatly, and can have an impact on sshd handling a great number of concurrent
connections.
To fix this issue, patches are needed in both dbus and systemd. These improve
the
performance of the communication between dbus and systemd, so that they can
handle a better volume of events (e.g. SSH logins). All of those patches are
already present from Bionic onwards, so we only need those fixes for Xenial.
== Systemd ==
Upstream patches:
- core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification
(d8fdc62037b5)
$ git describe --contains d8fdc62037b5
v230~71^2~2
$ rmadison systemd
systemd | 229-4ubuntu4 | xenial | source, ...
systemd | 229-4ubuntu21.21 | xenial-security | source, ...
systemd | 229-4ubuntu21.22 | xenial-updates | source, ... <--------
systemd | 237-3ubuntu10 | bionic | source, ...
systemd | 237-3ubuntu10.29 | bionic-security | source, ...
systemd | 237-3ubuntu10.29 | bionic-updates | source, ...
systemd | 237-3ubuntu10.31 | bionic-proposed | source, ...
== DBus ==
Upstream patches:
- Only read one message at a time if there are fds pending (892f084eeda0)
- bus: Fix timeout restarts (529600397bca)
- DBusMainLoop: ensure all required timeouts are restarted (446b0d9ac75a)
$ git describe --contains 892f084eeda0 529600397bca 446b0d9ac75a
dbus-1.11.10~44
dbus-1.11.10~45
dbus-1.11.16~2
$ rmadison dbus
dbus | 1.10.6-1ubuntu3 | xenial | source, ...
dbus | 1.10.6-1ubuntu3.4 | xenial-security | source, ...
dbus | 1.10.6-1ubuntu3.4 | xenial-updates | source, ... <--------
dbus | 1.12.2-1ubuntu1 | bionic | source, ...
dbus | 1.12.2-1ubuntu1.1 | bionic-security | source, ...
dbus | 1.12.2-1ubuntu1.1 | bionic-updates | source, ...
[Test Case]
1) Simulate a lot of concurrent SSH connections with e.g. a for loop:
multipass@xenial-logind:~$ for i in {1..1000}; do sleep 0.1; ssh localhost
sleep 1 & done
2) Check for leaked sessions in /run/systemd/system/:
multipass@xenial-logind:~$ ls -ld /run/systemd/system/session-*.scope*
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-103.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-104.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-105.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-106.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-110.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-111.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-112.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-113.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-114.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-115.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-116.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-117.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-118.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-119.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-120.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-121.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-122.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-123.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-126.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-131.scope.d
drwxr-xr-x 2 root root 160 Oct 4 15:34 /run/systemd/system/session-134.scope.d
...
[Regression Potential]
As the patches change the communication socket between dbus and systemd,
possible regressions could cause systemd to not be notified of dbus events and
vice-versa. We could see units not getting started properly, and communication
between different services break down (e.g. between systemd-logind and other
processes).
In this case, the regression potential should be low as these patches
have seen extensive testing both upstream and in more recent releases
of Ubuntu. Nonetheless, these new packages will be rigorously tested
through autopkgtest to avoid any possible Xenial-specific regressions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1846787/+subscriptions
--
Mailing list: https://launchpad.net/~sts-sponsors
Post to : sts-sponsors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~sts-sponsors
More help : https://help.launchpad.net/ListHelp
