Now with amended CC. Sorry. On Mon, Mar 4, 2019 at 2:51 PM Marek Majkowski <marek@xxxxxxxxxxxxxx> wrote: > > Hi, > > Current man page doesn't specify that setsockopt can return ENOMEM. > When attaching BPF to a socket using SO_ATTACH_BPF the syscall can > fail when net.core.optmem_max is small. Example: > > setsockopt(11, SOL_SOCKET, SO_ATTACH_BPF, [10], 4) = -1 ENOMEM > (Cannot allocate memory) > > The userspace fix is to bump optmmem_max, like: > > sudo sysctl -w net.core.optmem_max=65565 > > Offending kernel code: > https://github.com/torvalds/linux/blob/40e196a906d969fd10d885c692d2674b3d657006/net/core/filter.c#L1190-L1204 > > I'm not sure where is the best place to document this (perhaps in bpf > man page?), nor why it was decided to count bpf against optmem_max. > I'm not sure when this was introduced. I hit it only recently. I > haven't seen this problem on 4.15. > > Frankly speaking memory accounting of bpf is poorly documented. The > other limit related to bpf - 'ulimit -l' is better known. > > Cheers, > Marek
