Received: by 10.223.176.5 with SMTP id f5csp3983784wra;
        Mon, 29 Jan 2018 23:54:05 -0800 (PST)
X-Google-Smtp-Source: AH8x226z/72FBNNBBo1tDvuTE02qchgc5YNnIzmDBsu+4IbtZVkUOyow4O0e0G5tkGl+EGFAGce/
X-Received: by 10.101.78.139 with SMTP id b11mr5442243pgs.229.1517298845196;
        Mon, 29 Jan 2018 23:54:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517298845; cv=none;
        d=google.com; s=arc-20160816;
        b=XAjjR/tdDG3z+haveMCDd8bY6/mf9yA5Mg74N4CZFE4h8hRP4nGGm5LYqY8QWOu9ID
         gB0zShVIYohvDf95lQ5qhATLNfu2zN3XKfBVCGJCjx8toRqkKccD+sYhTUZb7zL3K4LW
         ovZfSemQRoBATTcCi7hL4k/1Daja1NkHYzKVqVHsRgUYpH7h2ma1nTh3HwscnOL0WoIz
         B2keixuBQTShLLOcH7yzR6O5rVe0zWr6XdVaKLcHqsC4ucvhMa04KgWx6HFBAH7rkEo9
         HCD5gjekC6v7qSTAqDpTr7erXswxJt2K9Z+N74cYNeipgVJKM37pVFcqyOzQ0wkt69zu
         ufoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=eEkBqi+gE7/Lfhr0V7W+btdzbFOyto8PGQjcUL37cEw=;
        b=OdcflYNW732Fc/i6JLpyAUEwHKUDe5kULEXJRASdiKEjPFiLcDAedf2m3sgXVzSe1c
         7zYAPKyrGjOeD62ud3rGtFar4qGqGx/OvcMu+qJUM2ZEAfMbQPdKpAxh+dV3HwYEan6Y
         p0CXIDmsI+JKlX4DpbhU10t6M7XDoBHbXX9osuj00gSuZg/UTJ4vUFgatvJcdZBUxZEN
         u+vXduAAGw9O9iQxptHDmK5T3tGpIPK8Q/E6M5syHfqSxFVd1OhaX+aNDAkokKmtvt6k
         Na9AsC2loyb1/TmHJcNn47p9xx/rQqF4ptH9fOvUTCw752vD7WyNLAgZsHYbjGBuTEs6
         FYGA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g21si13623486pfh.9.2018.01.29.23.53.50;
        Mon, 29 Jan 2018 23:54:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751900AbeA3Hwc (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Tue, 30 Jan 2018 02:52:32 -0500
Received: from mx2.suse.de ([195.135.220.15]:54491 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751822AbeA3Hwa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Jan 2018 02:52:30 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id F093EACAE;
        Tue, 30 Jan 2018 07:52:28 +0000 (UTC)
Date:   Tue, 30 Jan 2018 08:52:26 +0100
From:   Michal Hocko <mhocko@kernel.org>
To:     Florian Westphal <fw@strlen.de>
Cc:     "Kirill A. Shutemov" <kirill@shutemov.name>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        davem@davemloft.net, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org, netdev@vger.kernel.org,
        aarcange@redhat.com, yang.s@alibaba-inc.com,
        syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
        mingo@kernel.org, linux-mm@kvack.org, rientjes@google.com,
        akpm@linux-foundation.org, guro@fb.com,
        kirill.shutemov@linux.intel.com
Subject: Re: [netfilter-core] kernel panic: Out of memory and no killable
 processes... (2)
Message-ID: <20180130075226.GL21609@dhcp22.suse.cz>
References: <001a1144b0caee2e8c0563d9de0a@google.com>
 <201801290020.w0T0KK8V015938@www262.sakura.ne.jp>
 <20180129072357.GD5906@breakpoint.cc>
 <20180129082649.sysf57wlp7i7ltb2@node.shutemov.name>
 <20180129165722.GF5906@breakpoint.cc>
 <20180129182811.fze4vrb5zd5cojmr@node.shutemov.name>
 <20180129223522.GG5906@breakpoint.cc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180129223522.GG5906@breakpoint.cc>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon 29-01-18 23:35:22, Florian Westphal wrote:
> Kirill A. Shutemov <kirill@shutemov.name> wrote:
[...]
> > I hate what I'm saying, but I guess we need some tunable here.
> > Not sure what exactly.
> 
> Would memcg help?

That really depends. I would have to check whether vmalloc path obeys
__GFP_ACCOUNT (I suspect it does except for page tables allocations but
that shouldn't be a big deal). But then the other potential problem is
the life time of the xt_table_info (or other potentially large) data
structures. Are they bound to any process life time. Because if they are
not then the OOM killer will not help. The OOM panic earlier in this
thread suggests it doesn't because the test case managed to eat all the
available memory and killed all the eligible tasks which didn't help.

So in some sense the memcg would help to stop the excessive allocation,
but it wouldn't resolve it other than kill all tasks in the affected
memcg/container. Whether this is sufficient or not, I dunno. It sounds
quite suboptimal to me. But it is true this would be less tricky then
adding a global knob...
-- 
Michal Hocko
SUSE Labs