Neil Horman <nhorman@xxxxxxxxxxxxx> wrote: [ trimming CCs ] > On Mon, Nov 28, 2016 at 06:47:10PM +0100, Florian Westphal wrote: > > Neil Horman <nhorman@xxxxxxxxxxxxx> wrote: > > > I'm not sure I agree with that. Generally speaking it seems like the right > > > thing to do, if you want to avoid filling logs with warnings, but this is the > > > sort of error that is going to be accompanied by severe service interruption. > > > I'd rather see a reason behind that in the logs, than just have it occur > > > silently. > > > > Its not silent -- the setsockopt call will fail and userspace should > > display an error. > > > Thats not true. If the OOM succedes in freeing enough memory to fulfill the > request the setsockopt may complete without error, you're just left with a > killed process...somewhere. Thats seems a bit dodgy to me We should prevent OOM killer from running in first place (GFP_NORETRY should work). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html