Solutions

Why the value of kernel.pid_max is seen as 4194304 on systems of Rocky Linux 8?

by ,


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

Operating System and Software

  • Rocky Linux (RHEL) 8
  • systemd-239-29.el8.x86_64 and later.

Problem

  • After updating to Rocky Linux 8.2, the value of pid_max after every reboot is seen as 4194304, why?
# sysctl -a|grep pid_max
kernel.pid_max = 4194304
  • If CentOS 7 is installed on the same server, the value is seen as 32768 for same number of cpu’s.
  • On Rocky Linux 8, journal logs show the pid_max value as 32768, but how the value gets changed to 4194304.
kernel: pid_max: default: 32768 minimum: 301

How to Fix

  • This is because of a seperate entry maintained by systemd under file /usr/lib/sysctl.d/50-pid-max.conf:
# cat /usr/lib/sysctl.d/50-pid-max.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for documentation.

# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.

# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
# of 2^16), to make PID collisions less likely.
kernel.pid_max = 4194304
  • If one would like to set the default pid_max of 32768, then comment the entry from file 50-pid-max.conf and rebuild the initramfs and then reboot the system.

Origin of the Problem

  • From systemd-239-29.el8.x86_64 and later, a new file is added /usr/lib/sysctl.d/50-pid-max.conf which is setting pid_max
    to maximum allowed limit.
  • Due to this entry, the service systemd-sysctl changes the value to 4194304 which is the maximum allowed limit of pid_max
    based on following kernel code.
/*
 * A maximum of 4 million PIDs should be enough for a while.
 * [NOTE: PID/TIDs are limited to 2^29 ~= 500+ million, see futex.h.]
 */
#define PID_MAX_LIMIT (CONFIG_BASE_SMALL ? PAGE_SIZE * 8 : \
        (sizeof(long) > 4 ? 4 * 1024 * 1024 : PID_MAX_DEFAULT))
  • Notice the value 4 * 1024 * 1024 which comes out to 4194304.
  • Upstream commit has introduced this change.
$ git show 0e0d424c0f5e1b8cff32ed51033ee6e2f70a5676
commit 0e0d424c0f5e1b8cff32ed51033ee6e2f70a5676
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
Date:   Sun May 19 22:55:35 2019 +0900

    sysctl: bump pid range only on 64-bit systems

    Closes #12604.

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for documentation.

# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.

# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
# of 2^16), to make PID collisions less likely.
kernel.pid_max = 4194304        =>>>>
  • The reason behind this change is explained in the following commit:
$ git show 6af905832418cbb68ddebfced3a876c57808132c
commit 6af905832418cbb68ddebfced3a876c57808132c
Author: Lennart Poettering <lennart@poettering.net>
Date:   Fri Apr 12 12:01:41 2019 +0200

    NEWS: document kernel.pid_max change

CHANGES WITH 243 in spe:

        * The "kernel.pid_max" sysctl is now bumped to 4194304 by default,
          i.e. the full 22bit range the kernel allows, up from the old 16bit
          range. This should improve security and robustness a bit, as PID
          collisions are made less likely (though certainly still
          possible). There are rumours this might create compatibility
          problems, though at this moment no practical ones are known to
          us. Downstream distributions are hence advised to undo this change in
          their builds if they are concerned about maximum compatibility, but
          for everybody else we recommend leaving the value bumped. Besides
          improving security and robustness this should also simplify things as
          the maximum number of allowed concurrent tasks was previously bounded
          by both "kernel.pid_max" and "kernel.threads-max" and now only a
          single knob is left ("kernel.threads-max"). There have been concerns
          that usability is affected by this change because larger PID numbers
          are harder to type, but we believe the change from 5 digit PIDs to 7
          digit PIDs is not too hampering for usability.

Diagnostic Steps

  • Verify journal logs as well as systemd version:
# journalctl -b|grep pid_max
# rpm -q systemd
  • Verify the entry from file /usr/lib/sysctl.d/50-pid-max.conf:
# grep pid_max /usr/lib/sysctl.d/50-pid-max.conf

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: