| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1532416745-9926-1-git-send-email-lirongqing@baidu.com>
Date: Tue, 24 Jul 2018 15:19:05 +0800
From: Li RongQing <lirongqing@...du.com>
To: netdev@...r.kernel.org, pablo@...filter.org,
kadlec@...ckhole.kfki.hu, fw@...len.de
Subject: [PATCH] netfilter: avoid stalls in nf_ct_alloc_hashtable
when system forks a process with CLONE_NEWNET flag under the
high memory pressure, it will trigger memory reclaim and stall
for a long time because nf_ct_alloc_hashtable need to allocate
high-order memory at that time. The calltrace as below:
delay_tsc
__delay
_raw_spin_lock
_spin_lock
mmu_shrink
shrink_slab
zone_reclaim
get_page_from_freelist
__alloc_pages_nodemask
alloc_pages_current
__get_free_pages
nf_ct_alloc_hashtable
nf_conntrack_init_net
setup_net
copy_net_ns
create_new_namespaces
copy_namespaces
copy_process
do_fork
sys_clone
stub_clone
__clone
not use the directly memory reclaim flag to avoid stall
Signed-off-by: Ni Xun <nixun@...du.com>
Signed-off-by: Zhang Yu <zhangyu31@...du.com>
Signed-off-by: Wang Li <wangli39@...du.com>
Signed-off-by: Li RongQing <lirongqing@...du.com>
---
net/netfilter/nf_conntrack_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8a113ca1eea2..672c5960530d 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2120,8 +2120,8 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
return NULL;
sz = nr_slots * sizeof(struct hlist_nulls_head);
- hash = (void *)__get_free_pages(GFP_KERNEL | __GFP_NOWARN | __GFP_ZERO,
- get_order(sz));
+ hash = (void *)__get_free_pages((GFP_KERNEL & ~__GFP_DIRECT_RECLAIM) |
+ __GFP_NOWARN | __GFP_ZERO, get_order(sz));
if (!hash)
hash = vzalloc(sz);
--
2.16.2
Powered by blists - more mailing lists