On Monday 2018-01-29 17:57, Florian Westphal wrote: >> > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back >> > > off when the current task is killed") but then became unkillable by commit >> > > b8c8a338f75e052d ("Revert "vmalloc: back off when the current task is >> > > killed""). Therefore, we can't handle this problem from MM side. >> > > Please consider adding some limit from networking side. >> > >> > I don't know what "some limit" would be. I would prefer if there was >> > a way to supress OOM Killer in first place so we can just -ENOMEM user. >> >> Just supressing OOM kill is a bad idea. We still leave a way to allocate >> arbitrary large buffer in kernel. At the very least, mm could limit that kind of "arbitrary". If the machine has x GB (swap included) and the admin tries to make the kernel allocate space for an x GB ruleset, no way is it going to be satisfiable _even with OOM_. >I think we should try to allocate whatever amount of memory is needed >for the given xtables ruleset, given that is what admin requested us to do. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html