Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2)

From: Jan Engelhardt
Date: Mon Jan 29 2018 - 13:33:11 EST

Next message: H. Peter Anvin: "Re: selftests/x86/fsgsbase_64 test problem"
Previous message: Kirill A. Shutemov: "Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2)"
In reply to: Michal Hocko: "Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 2018-01-29 17:57, Florian Westphal wrote:
>> > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back
>> > > off when the current task is killed") but then became unkillable by commit
>> > > b8c8a338f75e052d ("Revert "vmalloc: back off when the current task is
>> > > killed""). Therefore, we can't handle this problem from MM side.
>> > > Please consider adding some limit from networking side.
>> >
>> > I don't know what "some limit" would be. I would prefer if there was
>> > a way to supress OOM Killer in first place so we can just -ENOMEM user.
>>
>> Just supressing OOM kill is a bad idea. We still leave a way to allocate
>> arbitrary large buffer in kernel.

At the very least, mm could limit that kind of "arbitrary". If the machine has
x GB (swap included) and the admin tries to make the kernel allocate space for
an x GB ruleset, no way is it going to be satisfiable _even with OOM_.

>I think we should try to allocate whatever amount of memory is needed
>for the given xtables ruleset, given that is what admin requested us to do.

Next message: H. Peter Anvin: "Re: selftests/x86/fsgsbase_64 test problem"
Previous message: Kirill A. Shutemov: "Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2)"
In reply to: Michal Hocko: "Re: [netfilter-core] kernel panic: Out of memory and no killable processes... (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]