Received: by 10.223.176.5 with SMTP id f5csp3526185wra; Mon, 29 Jan 2018 14:40:56 -0800 (PST) X-Google-Smtp-Source: AH8x226RdT2a6VxXDWFSurWXWHgpDRLrCyU9AzWroVjeGx1yYa4HBTvDcEE9zrznvsRAMkxCU5n3 X-Received: by 10.98.153.2 with SMTP id d2mr28674171pfe.44.1517265656746; Mon, 29 Jan 2018 14:40:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517265656; cv=none; d=google.com; s=arc-20160816; b=WOSeQbtbarr7zfZ1PKXT7RvDTy6KhIa3lc5HuTfpt5RbKeOuWFkpecmhzsvaVXHdJo GVMQhkDx0RPj3WXfD95O1Z93+MCyb9nzPbLTpfUQk0hSWFgbptAiI0TaTxAQtALMbHNl 8LuG4z7BpjuZw0GZPIwtxlxd9rp6SI9ZEJUt6tNRDgbc0wP3xFn9J87BwNOIHideMHqA s+DDfIyWrOINlESEyAiiMQp0gh7wwY+hXOpYb8eJx/M2IgI6DVEInXbWUba6oAdv9bBT 3ETmiEQU0c7nDKAPfKfG7Wufr5jgqMbf3fxJ3hPZg6P4EjZJv3jNlBYhP8ZK/75w5qKI 0h7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=vQmoNB7JWmfB8GghWbdmyTgXr+lXPmO/UWDLoY25cR8=; b=naLLGn5ahul2x/n+S/Zyugqdn9PNdNmDdx7ESTqynjvUba6/EopX6lzQ92TVsmU9Bv MfxrLT/6kw3+FkpMZ/9ooJY7UvlzRxUBLQNB/l1kiXo3+ZkX7YLGjrePgZM2428yvVXG gvqN+Fey2ndm4dm8MUbiR1Ycu1CC7VIr19B08dkmPkTVu8kKTi29bMyr3Pw/qObK58ne 31pGSKjEqGWz6sVBJsnPvQq+6tQ+Lfd5u0usAAS0Op/X1CjpLflyaJpeF5fjC4qSx56U CaPAV1wa4w8CFhUJ8qcjhXdO/j+KY4FjJQbaeechbDE5o7OPFyAavcxTSQfxspVVIwWN Lzpw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i2-v6si258049plk.291.2018.01.29.14.40.41; Mon, 29 Jan 2018 14:40:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752438AbeA2Wji (ORCPT + 99 others); Mon, 29 Jan 2018 17:39:38 -0500 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:39638 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751576AbeA2Wia (ORCPT ); Mon, 29 Jan 2018 17:38:30 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2) (envelope-from ) id 1egI1K-0004XY-0T; Mon, 29 Jan 2018 23:35:22 +0100 Date: Mon, 29 Jan 2018 23:35:22 +0100 From: Florian Westphal To: "Kirill A. Shutemov" Cc: Florian Westphal , Tetsuo Handa , davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, aarcange@redhat.com, yang.s@alibaba-inc.com, mhocko@suse.com, syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org, mingo@kernel.org, linux-mm@kvack.org, rientjes@google.com, akpm@linux-foundation.org, guro@fb.com, kirill.shutemov@linux.intel.com Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2) Message-ID: <20180129223522.GG5906@breakpoint.cc> References: <001a1144b0caee2e8c0563d9de0a@google.com> <201801290020.w0T0KK8V015938@www262.sakura.ne.jp> <20180129072357.GD5906@breakpoint.cc> <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name> <20180129165722.GF5906@breakpoint.cc> <20180129182811.fze4vrb5zd5cojmr@node.shutemov.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180129182811.fze4vrb5zd5cojmr@node.shutemov.name> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kirill A. Shutemov wrote: > On Mon, Jan 29, 2018 at 05:57:22PM +0100, Florian Westphal wrote: > > Kirill A. Shutemov wrote: > > > On Mon, Jan 29, 2018 at 08:23:57AM +0100, Florian Westphal wrote: > > > > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back > > > > > off when the current task is killed") but then became unkillable by commit > > > > > b8c8a338f75e052d ("Revert "vmalloc: back off when the current task is > > > > > killed""). Therefore, we can't handle this problem from MM side. > > > > > Please consider adding some limit from networking side. > > > > > > > > I don't know what "some limit" would be. I would prefer if there was > > > > a way to supress OOM Killer in first place so we can just -ENOMEM user. > > > > > > Just supressing OOM kill is a bad idea. We still leave a way to allocate > > > arbitrary large buffer in kernel. > > > > Isn't that what we do everywhere in network stack? > > > > I think we should try to allocate whatever amount of memory is needed > > for the given xtables ruleset, given that is what admin requested us to do. > > Is it correct that "admin" in this case is root in random container? Yes. > I mean, can we get access to it with CLONE_NEWUSER|CLONE_NEWNET? Yes. > This can be fun. Do we prevent "admin in random container" to insert 2m ipv6 routes (alternatively: ipsec tunnels, interfaces etc etc)? > > I also would not know what limit is sane -- I've seen setups with as much > > as 100k iptables rules, and that was 5 years ago. > > > > And even if we add a "Xk rules" limit, it might be too much for > > low-memory systems, or not enough for whatever other use case there > > might be. > > I hate what I'm saying, but I guess we need some tunable here. > Not sure what exactly. Would memcg help? (I don't buy the "run untrusted binaries on linux is safe" thing, so I would not know).