veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
veilor-os/overlay/etc/systemd/zram-generator.conf
veilor-org 7d2b94b5be feat(hardening): add memory-pressure tuning for zram-only stack 
veilor-os runs zram-only swap (THREAT-MODEL.md — no key leak from
disk swap). With kernel defaults that policy bites: once zram fills
there is no overflow tier, the kernel waits until total exhaustion
to trigger OOM, then picks a victim by oom_score and frequently
kills plasmashell or the foreground terminal instead of the leaking
browser tab. Mouse locks for minutes during the thrash window.

Three co-dependent layers:

1. systemd-oomd enabled — PSI-based pre-OOM killer fires at cgroup
   boundaries before the kernel reaper. Fedora's systemd-oomd-defaults
   ship sane thresholds for user.slice; installed in kickstart and
   layered in bluebuild containerfile, enabled in both unit-toggle
   blocks.

2. zram bumped 8 GiB lzo-rle (Fedora default) -> 16 GiB zstd. zstd
   gives ~3:1 (~48 GiB effective) at negligible CPU cost on any
   post-2018 x86_64. 8 GiB filled in practice on 32+ GiB laptops
   running Chromium + LSP + chat clients.

3. /etc/sysctl.d/95-memory-pressure.conf:
   - vm.swappiness=180 (zram is RAM-fast, swap early; default 60
     assumes HDD)
   - vm.watermark_scale_factor=125 (kswapd reclaim starts ~1.25%
     headroom vs default 0.1%; ~400 MiB head start on 32 GiB)
   - vm.page-cluster=0 (no read-ahead; pointless on RAM-backed swap,
     wastes decompress)

Without any one of the three the system still wedges briefly: oomd
without zram tuning waits for PSI to climb; zram tuning without oomd
gets victim selection wrong.

Verified by new test/boot-checklist.md "Memory pressure" section.
Inline rationale headers in both overlay files so the why survives
doc drift. Trigger event: onyx (Fedora 43, not veilor-os) thrashed
2026-05-11; same defaults shipped to veilor-os, fixed here too.
2026-05-12 10:17:00 +01:00

19 lines
848 B
Text
Raw Blame History

# veilor-os — zram swap override
#
# Replaces the Fedora default config (which would otherwise set
# zram-size = min(ram, 8192) with whatever compression algorithm
# zram-generator picked, historically lzo-rle).
#
# Sizing rationale: 16 GiB compressed (typical 3:1 with zstd → ~48 GiB
# effective). Default 8 GiB filled under sustained pressure on modern
# 32+ GiB laptops running browsers + LSP + chat clients, leaving the
# kernel with no swap headroom and triggering OOM (since veilor-os has
# no disk swap fallback — see THREAT-MODEL.md "no key leak risk").
#
# Algorithm: zstd. lzo-rle is faster but ratio ~2:1; zstd is ~3:1 with
# negligible CPU cost on any post-2018 x86_64. The extra 50% effective
# swap capacity is worth more than the microseconds of compress time.
[zram0]
zram-size = min(ram, 16384)
compression-algorithm = zstd
Reference in a new issue View git blame Copy permalink