Received: by 10.223.176.5 with SMTP id f5csp3236522wra; Mon, 29 Jan 2018 10:33:46 -0800 (PST) X-Google-Smtp-Source: AH8x2251Fzrb7tP4Jnyiz5QU2axmmSK++Q0ILKGR670/klhtRbmXM8oRps2qcXPPoParbwVrkCy0 X-Received: by 2002:a17:902:3183:: with SMTP id x3-v6mr22627893plb.290.1517250826170; Mon, 29 Jan 2018 10:33:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517250826; cv=none; d=google.com; s=arc-20160816; b=lYft3+C1+yJdm4l/vPszDoeg+PaaYeVCRo8GBx2aW0AXWmO5eJhWNZJJzCqSkpe35t RhMvljo24ebX977n0VFeleHjTs3BeaNo9FTPawnVp8ZffrLpGgNjzmsXKBaAlNXM925P a4+kLn9PB17VqjkoVyzo3y77vl7GdCwbl1+2jWhgR7EB0u8rrdrZCET3jn0PwbXEnzcP CO3wTuUW/bNUm45BSlA2wwg52crkFd3MRN5/GwjYnpOYU8LW8PGqULE2WNrDjvEHN5wf 5O4C8Anm9Qm4Uegu3dsT3+1/+0e1+JhVvJ01s0yo7yCcZyGedfZox6waxvR73yEYa0M4 TmOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=bjECRx1RlsjpZANyWk1hGYrOph4NB77nHlvuVrD9xMI=; b=W/b8P5HjZVxQoMoE8D9xJ2AWEwV65KKyRvjmXTw99Sdo0vFdlKWsvlnBZMJrkHg5La x2MtJUigLvgv6NoL0K/rLJev8Wx/3GVAysXvK33sT+7sgA4eJs1ZSEITTls1WDJpm74F AtOsyIkMAhP+xP3uTn8VLLvuzDIpLDnU6lO88XiLgibLvXJHDCn2x7EwrYBc1UKmKsjL 8opLKsjRW3wjQaP7r9cNqY5qLts0q1DNXKnq6WToSMXQoeV8+G/gJCWCQKWJkajDAc9e qv8GMpGzRM/gIFG+IRdS1AlMMlSXEZWmI/fLJaXwqCYAraGhbL/aDEdW8s6NczVQkDPY Zu0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h32-v6si119385pld.717.2018.01.29.10.33.31; Mon, 29 Jan 2018 10:33:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751521AbeA2SdG (ORCPT + 99 others); Mon, 29 Jan 2018 13:33:06 -0500 Received: from a3.inai.de ([88.198.180.161]:52674 "EHLO a3.inai.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751249AbeA2SdF (ORCPT ); Mon, 29 Jan 2018 13:33:05 -0500 X-Greylist: delayed 543 seconds by postgrey-1.27 at vger.kernel.org; Mon, 29 Jan 2018 13:33:05 EST Received: by a3.inai.de (Postfix, from userid 25121) id 0CDA7192CC590; Mon, 29 Jan 2018 19:24:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by a3.inai.de (Postfix) with ESMTP id 0A54417AC85C; Mon, 29 Jan 2018 19:24:01 +0100 (CET) Date: Mon, 29 Jan 2018 19:24:01 +0100 (CET) From: Jan Engelhardt To: Florian Westphal cc: "Kirill A. Shutemov" , Tetsuo Handa , davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, aarcange@redhat.com, yang.s@alibaba-inc.com, mhocko@suse.com, syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org, mingo@kernel.org, linux-mm@kvack.org, rientjes@google.com, akpm@linux-foundation.org, guro@fb.com, kirill.shutemov@linux.intel.com Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2) In-Reply-To: <20180129165722.GF5906@breakpoint.cc> Message-ID: References: <001a1144b0caee2e8c0563d9de0a@google.com> <201801290020.w0T0KK8V015938@www262.sakura.ne.jp> <20180129072357.GD5906@breakpoint.cc> <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name> <20180129165722.GF5906@breakpoint.cc> User-Agent: Alpine 2.20 (LSU 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Monday 2018-01-29 17:57, Florian Westphal wrote: >> > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back >> > > off when the current task is killed") but then became unkillable by commit >> > > b8c8a338f75e052d ("Revert "vmalloc: back off when the current task is >> > > killed""). Therefore, we can't handle this problem from MM side. >> > > Please consider adding some limit from networking side. >> > >> > I don't know what "some limit" would be. I would prefer if there was >> > a way to supress OOM Killer in first place so we can just -ENOMEM user. >> >> Just supressing OOM kill is a bad idea. We still leave a way to allocate >> arbitrary large buffer in kernel. At the very least, mm could limit that kind of "arbitrary". If the machine has x GB (swap included) and the admin tries to make the kernel allocate space for an x GB ruleset, no way is it going to be satisfiable _even with OOM_. >I think we should try to allocate whatever amount of memory is needed >for the given xtables ruleset, given that is what admin requested us to do.