From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info Date: Mon, 28 Nov 2016 19:09:25 +0100 Message-ID: <20161128180925.GF28510@breakpoint.cc> References: <20161128141340.GA29839@hmsreliant.think-freely.org> <20161128143931.GB29839@hmsreliant.think-freely.org> <20161128151312.GA13172@localhost.localdomain> <20161128174647.GC29839@hmsreliant.think-freely.org> <20161128174710.GE28510@breakpoint.cc> <20161128175626.GD29839@hmsreliant.think-freely.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Florian Westphal , Marcelo Ricardo Leitner , netdev , LKML , netfilter-devel@vger.kernel.org To: Neil Horman Return-path: Content-Disposition: inline In-Reply-To: <20161128175626.GD29839@hmsreliant.think-freely.org> Sender: linux-kernel-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org Neil Horman wrote: [ trimming CCs ] > On Mon, Nov 28, 2016 at 06:47:10PM +0100, Florian Westphal wrote: > > Neil Horman wrote: > > > I'm not sure I agree with that. Generally speaking it seems like the right > > > thing to do, if you want to avoid filling logs with warnings, but this is the > > > sort of error that is going to be accompanied by severe service interruption. > > > I'd rather see a reason behind that in the logs, than just have it occur > > > silently. > > > > Its not silent -- the setsockopt call will fail and userspace should > > display an error. > > > Thats not true. If the OOM succedes in freeing enough memory to fulfill the > request the setsockopt may complete without error, you're just left with a > killed process...somewhere. Thats seems a bit dodgy to me We should prevent OOM killer from running in first place (GFP_NORETRY should work).