From: Vlastimil Babka <vbabka@suse.cz>
To: Andrew Morton <akpm@linux-foundation.org>, gnikolov@icdsoft.com
Cc: bugzilla-daemon@bugzilla.kernel.org, linux-mm@kvack.org,
netfilter-devel@vger.kernel.org, Michal Hocko <mhocko@kernel.org>
Subject: Re: [Bug 200651] New: cgroups iptables-restor: vmalloc: allocation failure
Date: Thu, 26 Jul 2018 09:18:57 +0200 [thread overview]
Message-ID: <cd474b37-263f-b186-2024-507a9a4e12ae@suse.cz> (raw)
In-Reply-To: <20180725125239.b591e4df270145f9064fe2c5@linux-foundation.org>
On 07/25/2018 09:52 PM, Andrew Morton wrote:
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Wed, 25 Jul 2018 11:42:57 +0000 bugzilla-daemon@bugzilla.kernel.org wrote:
>
>> https://bugzilla.kernel.org/show_bug.cgi?id=200651
>>
>> Bug ID: 200651
>> Summary: cgroups iptables-restor: vmalloc: allocation failure
>
> Thanks. Please do note the above request.
>
>> Product: Memory Management
>> Version: 2.5
>> Kernel Version: 4.14
>> Hardware: All
>> OS: Linux
>> Tree: Mainline
>> Status: NEW
>> Severity: normal
>> Priority: P1
>> Component: Other
>> Assignee: akpm@linux-foundation.org
>> Reporter: gnikolov@icdsoft.com
>> Regression: No
>>
>> Created attachment 277505
>> --> https://bugzilla.kernel.org/attachment.cgi?id=277505&action=edit
>> iptables save
>>
>> After creating large number of cgroups and under memory pressure, iptables
>> command fails with following error:
>>
>> "iptables-restor: vmalloc: allocation failure, allocated 3047424 of 3465216
>> bytes, mode:0x14010c0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null)"
This is likely the kvmalloc() in xt_alloc_table_info(). Between 4.13 and
4.17 it shouldn't use __GFP_NORETRY, but looks like commit 0537250fdc6c
("netfilter: x_tables: make allocation less aggressive") was backported
to 4.14. Removing __GFP_NORETRY might help here, but bring back other
issues. Less than 4MB is not that much though, maybe find some "sane"
limit and use __GFP_NORETRY only above that?
> I'm not sure what the problem is here, apart from iptables being
> over-optimistic about vmalloc()'s abilities.
>
> Are cgroups having any impact on this, or is it simply vmalloc arena
> fragmentation, and the iptables code should use some data structure
> more sophisticated than a massive array?
>
> Maybe all that ccgroup metadata is contributing to the arena
> fragmentation, but that allocations will be small and the two systems
> should be able to live alongside, by being realistic about vmalloc.
>
>> System which is used to reproduce the bug is with 2 vcpus and 2GB of ram, but
>> it happens on more powerfull systems.
>>
>> Steps to reproduce:
>>
>> mkdir /cgroup
>> mount cgroup -t cgroup -omemory,pids,blkio,cpuacct /cgroup
>> for a in `seq 1 1000`; do for b in `seq 1 4` ; do mkdir -p
>> "/cgroup/user/$a/$b"; done; done
>>
>> Then in separate consoles
>>
>> cat /dev/vda > /dev/null
>> ./test
>> ./test
>> i=0;while sleep 0 ; do iptables-restore < iptables.save ; i=$(($i+1)); echo $i;
>> done
>>
>> Here is the source of "test" program and attached iptables.save. It happens
>> also with smaller iptables.save file.
>>
>> #include <stdio.h>
>> #include <stdlib.h>
>>
>> int main(void) {
>>
>> srand(time(NULL));
>> int i = 0, j = 0, randnum=0;
>> int arr[6] = { 3072, 7168, 15360 , 31744, 64512, 130048};
>> while(1) {
>>
>> for (i = 0; i < 6 ; i++) {
>>
>> int *ptr = (int*) malloc(arr[i] * 93);
>>
>> for(j = 0 ; j < arr[i] * 93 / sizeof(int); j++) {
>> *(ptr+j) = j+1;
>> }
>>
>> free(ptr);
>> }
>> }
>> }
>>
>
next prev parent reply other threads:[~2018-07-26 7:19 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-200651-27@https.bugzilla.kernel.org/>
2018-07-25 19:52 ` Andrew Morton
2018-07-26 7:18 ` Vlastimil Babka [this message]
2018-07-26 7:26 ` Michal Hocko
2018-07-26 7:34 ` Vlastimil Babka
2018-07-26 7:42 ` Michal Hocko
2018-07-26 7:50 ` Vlastimil Babka
2018-07-26 8:03 ` Michal Hocko
2018-07-26 8:31 ` Vlastimil Babka
2018-07-26 8:48 ` Vlastimil Babka
2018-07-26 9:02 ` Georgi Nikolov
2018-07-30 13:37 ` Georgi Nikolov
2018-07-30 13:57 ` Michal Hocko
2018-07-30 15:54 ` Georgi Nikolov
2018-07-30 18:38 ` Michal Hocko
2018-07-30 18:51 ` Georgi Nikolov
2018-07-31 6:38 ` Vlastimil Babka
2018-07-31 13:55 ` Georgi Nikolov
2018-07-31 14:05 ` Florian Westphal
2018-07-31 14:25 ` Georgi Nikolov
2018-08-01 7:17 ` Vlastimil Babka
2018-08-01 7:34 ` Vlastimil Babka
2018-08-01 8:33 ` Michal Hocko
2018-08-01 16:03 ` Georgi Nikolov
2018-08-02 8:50 ` Michal Hocko
2018-08-02 9:25 ` Pablo Neira Ayuso
2018-08-02 10:44 ` Michal Hocko
2018-08-06 8:42 ` Georgi Nikolov
2018-08-07 11:02 ` Georgi Nikolov
2018-08-07 11:09 ` Michal Hocko
2018-08-07 11:19 ` Florian Westphal
2018-08-07 11:26 ` Michal Hocko
2018-08-07 11:30 ` Florian Westphal
2018-08-07 11:38 ` Michal Hocko
2018-08-07 11:31 ` Vlastimil Babka
2018-08-07 13:35 ` Mike Rapoport
2018-08-07 11:29 ` Vlastimil Babka
2018-08-07 11:37 ` Michal Hocko
2018-08-07 18:23 ` Florian Westphal
2018-08-07 19:30 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cd474b37-263f-b186-2024-507a9a4e12ae@suse.cz \
--to=vbabka@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=gnikolov@icdsoft.com \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox