Received: by 10.223.176.5 with SMTP id f5csp3225646wra;
        Mon, 29 Jan 2018 10:26:08 -0800 (PST)
X-Google-Smtp-Source: AH8x226uTaXeH51CUAD850+b5NA1RUQlht3PSyX2ORLSYGVcLi+KDgQJBjs7pbc4BXtvBqrdBrDA
X-Received: by 10.101.90.138 with SMTP id c10mr20771468pgt.6.1517250368157;
        Mon, 29 Jan 2018 10:26:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517250368; cv=none;
        d=google.com; s=arc-20160816;
        b=DnAi8NJxy4BrZHG3FSKtJ58fOR0jpWDG2r89aIqnTPNXYos70qcEB7ju/x4a+Wa3KJ
         Ary08DF+pWIJZ6PIxfHSnuGqBgM4r+zEZJc8ZB9q9J0pESx7HyGEUfiZfEvDGJUT4k7m
         kzsh+pbLCASjI9ENUCgGa7svH150t71LeNJOCizgR3odp6RlVLrhUe0zXeeoke8IBeEG
         YvU9d6dgn4gIyz80bciTM2zrU3rgUvfCVtvQK0zGRASsKlvU+KRgbB4Hfz/oIQWqIqJS
         weSYs6Q3k+HpB1ybIKMFlCtWa7GCx/O4lGGa/27cNE0W0X1x9WNNBXDbwSLDaqbmAiOT
         8tMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=37WSZNDuQjqC4vh8K80fV5ARymmdSzBK2E/u5rIM7eg=;
        b=nV84e7yNatzH6hvsrcqqLoMm/Ah3xA/Vq9v+MkIC9tG97A15+iQMz9SWMqFz0NOw45
         FXLdfCntG83Bp4wlky6OGkaCntGbc3buPktr/8O7DBtVZMPv4v5pQtUxAiE33/jNeHL9
         TEdXOXIATw/iCaqGqta0+9Ag94VKLTlKc4rJGlJu9+yt8sWW4E8ZeqOvI+Bx7bhjiC01
         gmb9BTPqcpLFQdXEcR4hxhn/1P0Ymzv2nk+CKpAM9L3frOCDouN5ytTRt4SptPvyZ/VT
         321FH2wH2uge8N2g8/pJs8p6VmJyWirZWV5vz+4OpQlRnEyP87dVpU0AheGDadINkTxD
         X+/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o14si7758857pgr.340.2018.01.29.10.25.53;
        Mon, 29 Jan 2018 10:26:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751562AbeA2SZ0 (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 29 Jan 2018 13:25:26 -0500
Received: from mx2.suse.de ([195.135.220.15]:39482 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751249AbeA2SZZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jan 2018 13:25:25 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 88BC8ACF0;
        Mon, 29 Jan 2018 18:25:23 +0000 (UTC)
Date:   Mon, 29 Jan 2018 19:25:21 +0100
From:   Michal Hocko <mhocko@kernel.org>
To:     Florian Westphal <fw@strlen.de>
Cc:     "Kirill A. Shutemov" <kirill@shutemov.name>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        davem@davemloft.net, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org, netdev@vger.kernel.org,
        aarcange@redhat.com, yang.s@alibaba-inc.com,
        syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
        mingo@kernel.org, linux-mm@kvack.org, rientjes@google.com,
        akpm@linux-foundation.org, guro@fb.com,
        kirill.shutemov@linux.intel.com
Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable
 processes... (2)
Message-ID: <20180129182521.GI21609@dhcp22.suse.cz>
References: <001a1144b0caee2e8c0563d9de0a@google.com>
 <201801290020.w0T0KK8V015938@www262.sakura.ne.jp>
 <20180129072357.GD5906@breakpoint.cc>
 <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name>
 <20180129165722.GF5906@breakpoint.cc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180129165722.GF5906@breakpoint.cc>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon 29-01-18 17:57:22, Florian Westphal wrote:
> Kirill A. Shutemov <kirill@shutemov.name> wrote:
> > On Mon, Jan 29, 2018 at 08:23:57AM +0100, Florian Westphal wrote:
> > > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back
> > > > off when the current task is killed") but then became unkillable by commit
> > > > b8c8a338f75e052d ("Revert "vmalloc: back off when the current task is
> > > > killed""). Therefore, we can't handle this problem from MM side.
> > > > Please consider adding some limit from networking side.
> > > 
> > > I don't know what "some limit" would be.  I would prefer if there was
> > > a way to supress OOM Killer in first place so we can just -ENOMEM user.
> > 
> > Just supressing OOM kill is a bad idea. We still leave a way to allocate
> > arbitrary large buffer in kernel.
> 
> Isn't that what we do everywhere in network stack?
> 
> I think we should try to allocate whatever amount of memory is needed
> for the given xtables ruleset, given that is what admin requested us to do.

If this is a root only thing then __GFP_NORETRY sounds like the most
straightforward way to go.
-- 
Michal Hocko
SUSE Labs