mirror of https://github.com/torvalds/linux.git
fa23e0d4b7
Sven Auhagen reports transaction failures with following error: ./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left This points to failing pcpu allocation with GFP_ATOMIC flag. However, transactions happen from user context and are allowed to sleep. One case where we can call into percpu allocator with GFP_ATOMIC is nft_counter expression. Normally this happens from control plane, so this could use GFP_KERNEL instead. But one use case, element insertion from packet path, needs to use GFP_ATOMIC allocations (nft_dynset expression). At this time, .clone callbacks always use GFP_ATOMIC for this reason. Add gfp_t argument to the .clone function and pass GFP_KERNEL or GFP_ATOMIC flag depending on context, this allows all clone memory allocations to sleep for the normal (transaction) case. Cc: Sven Auhagen <sven.auhagen@voleatech.de> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| br_netfilter.h | ||
| nf_bpf_link.h | ||
| nf_conntrack.h | ||
| nf_conntrack_acct.h | ||
| nf_conntrack_act_ct.h | ||
| nf_conntrack_bpf.h | ||
| nf_conntrack_bridge.h | ||
| nf_conntrack_core.h | ||
| nf_conntrack_count.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_labels.h | ||
| nf_conntrack_seqadj.h | ||
| nf_conntrack_synproxy.h | ||
| nf_conntrack_timeout.h | ||
| nf_conntrack_timestamp.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack_zones.h | ||
| nf_dup_netdev.h | ||
| nf_flow_table.h | ||
| nf_hooks_lwtunnel.h | ||
| nf_log.h | ||
| nf_nat.h | ||
| nf_nat_helper.h | ||
| nf_nat_masquerade.h | ||
| nf_nat_redirect.h | ||
| nf_queue.h | ||
| nf_reject.h | ||
| nf_socket.h | ||
| nf_synproxy.h | ||
| nf_tables.h | ||
| nf_tables_core.h | ||
| nf_tables_ipv4.h | ||
| nf_tables_ipv6.h | ||
| nf_tables_offload.h | ||
| nf_tproxy.h | ||
| nft_fib.h | ||
| nft_meta.h | ||
| nft_reject.h | ||
| xt_rateest.h | ||