On Tue, Jan 30, 2018 at 9:28 AM, Kirill A. Shutemov <kirill@xxxxxxxxxxxxx> wrote: > On Tue, Jan 30, 2018 at 09:11:27AM +0100, Florian Westphal wrote: >> Michal Hocko <mhocko@xxxxxxxxxx> wrote: >> > On Mon 29-01-18 23:35:22, Florian Westphal wrote: >> > > Kirill A. Shutemov <kirill@xxxxxxxxxxxxx> wrote: >> > [...] >> > > > I hate what I'm saying, but I guess we need some tunable here. >> > > > Not sure what exactly. >> > > >> > > Would memcg help? >> > >> > That really depends. I would have to check whether vmalloc path obeys >> > __GFP_ACCOUNT (I suspect it does except for page tables allocations but >> > that shouldn't be a big deal). But then the other potential problem is >> > the life time of the xt_table_info (or other potentially large) data >> > structures. Are they bound to any process life time. >> >> No. > > Well, IIUC they bound to net namespace life time, so killing all > proccesses in the namespace would help to get memory back. :) ... unless the namespace is mounted into file system. Let's start with NOWARN as that's what kernel generally uses for allocations with user-controllable size. ENOMEM is roughly as informative as the WARNING message in this case. I think we also need to consider setting up memory cgroup for syzkaller test processes (we do RLIMIT_AS, but that's weak). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
