From patchwork Tue Aug  7 19:54:00 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michal Hocko <mhocko@kernel.org>
X-Patchwork-Id: 10559123
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 81934157B
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Tue,  7 Aug 2018 19:54:11 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FFFC295D6
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Tue,  7 Aug 2018 19:54:11 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6230A2A1CD; Tue,  7 Aug 2018 19:54:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E106F295D6
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Tue,  7 Aug 2018 19:54:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 646346B0006; Tue,  7 Aug 2018 15:54:09 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5CF606B0008; Tue,  7 Aug 2018 15:54:09 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 497746B000A; Tue,  7 Aug 2018 15:54:09 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71])
	by kanga.kvack.org (Postfix) with ESMTP id E131A6B0006
	for <linux-mm@kvack.org>; Tue,  7 Aug 2018 15:54:08 -0400 (EDT)
Received: by mail-wr1-f71.google.com with SMTP id r3-v6so11908221wrj.21
        for <linux-mm@kvack.org>; Tue, 07 Aug 2018 12:54:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id;
        bh=CxQUVpWuBYD6zIrYBlhv5veGvGXjxX9j8fkdJ8mIwQ4=;
        b=TZrTIimcbloB+1Sz0CdOyDbPpkvmtIaciN2cfGY7M2OGjPOIJDB9OZNOsoPBP1VoUX
         6DcUthwrM6SNRgftONbecSAVde2LUyvvYLOJ3W/hL43nHM/giCwVbPvi8NLfC3iQ30lq
         TZqpOrJfwKJQy3MqWcrKL0aFPS4ljXEkeJM5A+kyD+NElZJe2CcGDkjeaGtqxUO38mhb
         r1s8B+RSGEu5ScqcmYY17uO7BouGsockN0E8tblQJVpBbfoROCvtXNdlAWDK2CsOQdhL
         z9DvQxbcA6vCrzFEFtkVk7OER+7/CUAft7gnCT/Uh/DEqUQ552E+3iuB7j8RAp+SVMeg
         3nkQ==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mstsxfx@gmail.com designates
 209.85.220.65 as permitted sender) smtp.mailfrom=mstsxfx@gmail.com;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
X-Gm-Message-State: AOUpUlFHvnyUbmJk3IfZVhvT4hxsoDzH6qPfSxutNuPWLNpzCXfKn3g5
	65qgotx0yttnle//SBEl4jRN/PQczKq7LF/Xp46BBNBj4ydh+D2na2llCr1vv+Fz57UK1Nj5FAz
	U+21Q9h4VVs9JX85XnDxn9kSuSQO3BKNjlQTqI/gCM88GNRYv8kyXZhVVG2Tj73KUzioysX512I
	IkxhLJ4agGziDOqwFbYmUyTHhrMeS1+ilcGw88vSOaq51lRYj8AJtEX2WYSDGGtoNq5zNkLS1k1
	r4qHn66nkODaa8e9lnT9Kev9Ysypg8NZVtB3k+Xmde5YeEv4AkoDfFWG0opECUdo21hyQ90SBWn
	X4aJXIx5RMWSlJWM3wWtwv0XeFTj0APhaTc53icHOzMc6to11Qxe1qey8os5hS77IdZPdqdFxg=
	=
X-Received: by 2002:a1c:4d09:: with SMTP id
 o9-v6mr2782138wmh.111.1533671648366;
        Tue, 07 Aug 2018 12:54:08 -0700 (PDT)
X-Received: by 2002:a1c:4d09:: with SMTP id
 o9-v6mr2782087wmh.111.1533671647326;
        Tue, 07 Aug 2018 12:54:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533671647; cv=none;
        d=google.com; s=arc-20160816;
        b=OaY3js6VxmQXsoIsFtsM5jbzHp2S6ak55DPX7eJz4qPVeRD82bbD4L3CGKI3PoCRWJ
         2sMoh5DRRNjT6C+tsYodxOSNI1oRh1X+55zh/lJg+jmNg+bdfnxBwaUsDm2xkp4p0oe3
         Gg6XEwgZYun9ceAnddGYvbA9pYVyZqL/AK7PrOdNXSYaW7N5VNCddGkTfmAjzH/ok7e5
         zw6h+0wDTcREBk/mGY/NKpjsjZxiSCr4ymbfJynEBS06N6CEGwPReotDJmiR1rogZk6K
         zd9sU42mnCPBIWG119cN1fACt4/Jr8OgSm6iTbXmpryG6MwBUa297ZCSVRrqw8tC78a4
         PGkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=message-id:date:subject:cc:to:from:arc-authentication-results;
        bh=CxQUVpWuBYD6zIrYBlhv5veGvGXjxX9j8fkdJ8mIwQ4=;
        b=JaAA+U5D6W+f/cXXyNihQ4GrHvsc7b3T9SVeGl9i1P3YWP9Lq06GhFgmgQ8CB3Lipq
         ZmuDg6485ZlEC6QYAW/3xpyZty3DLp3SoYfHaySmUgq4apo49wXVxpynLu+u/nQUShWr
         LzksP1Y5GAbtzhkUTbPxUmltbO+h0RhlVf8B5sNUnlPXMBs2O8v1hxRru8hSmV1foP+b
         QzcSCpMyB5bbtR9CJKHNAWgKzEvpyL9iraDSABma6SH947iM9fR3H4nj7WdhD5kFNmlv
         YykGzAZRuiO8c+SUPH2yOi4cXLTsrvHG21tEOCSM5fc2swBs+h7P6GljuBDSbSvo5G1D
         CXQg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of mstsxfx@gmail.com designates
 209.85.220.65 as permitted sender) smtp.mailfrom=mstsxfx@gmail.com;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com.
 [209.85.220.65])
        by mx.google.com with SMTPS id
 m13-v6sor905099wrh.48.2018.08.07.12.54.07
        for <linux-mm@kvack.org>
        (Google Transport Security);
        Tue, 07 Aug 2018 12:54:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of mstsxfx@gmail.com designates
 209.85.220.65 as permitted sender) client-ip=209.85.220.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mstsxfx@gmail.com designates
 209.85.220.65 as permitted sender) smtp.mailfrom=mstsxfx@gmail.com;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
X-Google-Smtp-Source: 
 AAOMgpfWGRTeiO76IBAyklMCd9cBZXUoGZc7X4hMxYSy3DGjJWkrydP/elW5BKRvm5JSKm8SFPfnMQ==
X-Received: by 2002:a5d:40c4:: with SMTP id
 b4-v6mr12399952wrq.133.1533671646976;
        Tue, 07 Aug 2018 12:54:06 -0700 (PDT)
Received: from tiehlicka.suse.cz (ip-37-188-187-151.eurotel.cz.
 [37.188.187.151])
        by smtp.gmail.com with ESMTPSA id
 y206-v6sm3171179wmg.45.2018.08.07.12.54.05
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 07 Aug 2018 12:54:06 -0700 (PDT)
From: Michal Hocko <mhocko@kernel.org>
To: Florian Westphal <fw@strlen.de>
Cc: Vlastimil Babka <vbabka@suse.cz>,
	Georgi Nikolov <gnikolov@icdsoft.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"David S. Miller" <davem@davemloft.net>,
	netfilter-devel@vger.kernel.org,
	coreteam@netfilter.org,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	<linux-mm@kvack.org>,
	Michal Hocko <mhocko@suse.com>
Subject: [PATCH] netfilter/x_tables: do not fail xt_alloc_table_info too
 easilly
Date: Tue,  7 Aug 2018 21:54:00 +0200
Message-Id: <20180807195400.23687-1-mhocko@kernel.org>
X-Mailer: git-send-email 2.18.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Michal Hocko <mhocko@suse.com>

eacd86ca3b03 ("net/netfilter/x_tables.c: use kvmalloc()
in xt_alloc_table_info()") has unintentionally fortified
xt_alloc_table_info allocation when __GFP_RETRY has been dropped from
the vmalloc fallback. Later on there was a syzbot report that this
can lead to OOM killer invocations when tables are too large and
0537250fdc6c ("netfilter: x_tables: make allocation less aggressive")
has been merged to restore the original behavior. Georgi Nikolov however
noticed that he is not able to install his iptables anymore so this can
be seen as a regression.

The primary argument for 0537250fdc6c was that this allocation path
shouldn't really trigger the OOM killer and kill innocent tasks. On the
other hand the interface requires root and as such should allow what the
admin asks for. Root inside a namespaces makes this more complicated
because those might be not trusted in general. If they are not then such
namespaces should be restricted anyway. Therefore drop the __GFP_NORETRY
and replace it by __GFP_ACCOUNT to enfore memcg constrains on it.

Fixes: 0537250fdc6c ("netfilter: x_tables: make allocation less aggressive")
Reported-by: Georgi Nikolov <gnikolov@icdsoft.com>
Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
---
 net/netfilter/x_tables.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index d0d8397c9588..aecadd471e1d 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1178,12 +1178,7 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size)
 	if (sz < sizeof(*info) || sz >= XT_MAX_TABLE_SIZE)
 		return NULL;
 
-	/* __GFP_NORETRY is not fully supported by kvmalloc but it should
-	 * work reasonably well if sz is too large and bail out rather
-	 * than shoot all processes down before realizing there is nothing
-	 * more to reclaim.
-	 */
-	info = kvmalloc(sz, GFP_KERNEL | __GFP_NORETRY);
+	info = kvmalloc(sz, GFP_KERNEL_ACCOUNT);
 	if (!info)
 		return NULL;