Resource (CPU time and memory) limitation and termination of a process upon violation in Linux

cpucpu usagememorymonitoringprocess

The problem:

Given a process, limit the resources it and its child-processes can use. I.e. set CPU time and virtual memory quotas. When the process group exceeds one of the limits, terminate it, otherwise print the amount of CPU time and virtual memory it has used.

The concrete use case:

Basically I must execute a couple of binaries, which expect input from a file, but I must ensure that their execution process is strictly limited. For example the binary must not allocate more than 256 MB of memory and it should run for less than 0.5 seconds. However I need information about the amount of memory and CPU it has used.

What I have tried:

  1. For a couple of days I have been dealing with this perl script, which is the best solution I have found so far. Unfortunately its memory is buggy and it is not very precise. Also there is an official author post about this script here.
  2. I have tried using both /usr/bin/timeout and timeout Linux tools, which of course help me with the CPU time quota, but not with the termination of the process due to violation of the virtual memory limit.
  3. Using ulimit was attempted as well but as I have said earlier I need not only limitation but feedback for the resource consumption too.

The Question:

What can solve this issue? .

Best Answer

The setrlimit(2) syscall is relevant to limit resources (CPU time -integral number of seconds, so at least 1 sec- with RLIMIT_CPU, file size with RLIMIT_FSIZE, address space with RLIMIT_AS, etc...). You could also set up disk quotas. The wait4(2) syscall tells you -and gives feedback- about some resource usage. And proc(5) tells you a lot more, and also getrusage(2) (you might code some monitor which periodically stops the entire process group using SIGSTOP, call getrusage or query /proc/$PID/, then send SIGCONT -to continue- or SIGTERM -to terminate- to that process group).

The valgrind tool is very useful on Linux to help finding memory leaks. And strace(1) should be helpful too.

If you can recompile the faulty software, you could consider -fsanitize=address and -fsanitize=undefined and other -fsanitize=... options to a recent version of the GCC compiler.

Perhaps you have some batch processing. Look for batch monitors, or simply code your own thing in C, Python, Ocaml, Perl, .... (which forks the command, and loop on monitoring it...). Maybe you want some process accounting (see acct(5) & sa(8)...)

Notice that "amount of memory used" (a program generally allocates with mmap & releases memory with munmap to the kernel while running) and "CPU time" (see time(7), think of multi-threaded programs ...) are very fuzzy concepts.

See also PAM and configure things under /etc/security/ ; perhaps inotify(7) might also be helpful (but probably not).

Read also Advanced Linux Programming and syscalls(2)

Related Question