On Tue, Jan 30, 2018 at 09:11:27AM +0100, Florian Westphal wrote: > Michal Hocko <mhocko@xxxxxxxxxx> wrote: > > On Mon 29-01-18 23:35:22, Florian Westphal wrote: > > > Kirill A. Shutemov <kirill@xxxxxxxxxxxxx> wrote: > > [...] > > > > I hate what I'm saying, but I guess we need some tunable here. > > > > Not sure what exactly. > > > > > > Would memcg help? > > > > That really depends. I would have to check whether vmalloc path obeys > > __GFP_ACCOUNT (I suspect it does except for page tables allocations but > > that shouldn't be a big deal). But then the other potential problem is > > the life time of the xt_table_info (or other potentially large) data > > structures. Are they bound to any process life time. > > No. Well, IIUC they bound to net namespace life time, so killing all proccesses in the namespace would help to get memory back. :) -- Kirill A. Shutemov -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
