Re: [Bug 200651] New: cgroups iptables-restor: vmalloc: allocation failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu 02-08-18 11:25:49, Pablo Neira Ayuso wrote:
> On Thu, Aug 02, 2018 at 10:50:43AM +0200, Michal Hocko wrote:
[...]
> > diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> > index d0d8397c9588..b769408e04ab 100644
> > --- a/net/netfilter/x_tables.c
> > +++ b/net/netfilter/x_tables.c
> > @@ -1178,12 +1178,7 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size)
> >  	if (sz < sizeof(*info) || sz >= XT_MAX_TABLE_SIZE)
> >  		return NULL;
> >  
> > -	/* __GFP_NORETRY is not fully supported by kvmalloc but it should
> > -	 * work reasonably well if sz is too large and bail out rather
> > -	 * than shoot all processes down before realizing there is nothing
> > -	 * more to reclaim.
> > -	 */
> > -	info = kvmalloc(sz, GFP_KERNEL | __GFP_NORETRY);
> > +	info = kvmalloc(sz, GFP_KERNEL | __GFP_ACCOUNT);
> 
> I guess the large number of cgroups match is helping to consume a lot
> of memory very quickly? We have a PATH_MAX in struct xt_cgroup_info_v1.

I really fail to see how that is related to the patch here.
-- 
Michal Hocko
SUSE Labs




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux