diff options
| author | Andrey Ryabinin <aryabinin@virtuozzo.com> | 2018-10-22 23:30:40 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-11-01 00:29:46 +0100 |
| commit | ed956f3947a01ff9875cd908d7c1ef1fe7f47bf0 (patch) | |
| tree | 3794e5a4903540e8a8f19d70817ed14ac8448fd2 /net/l2tp | |
| parent | 886503f34d63e681662057448819edb5b1057a97 (diff) | |
| download | linux-ed956f3947a01ff9875cd908d7c1ef1fe7f47bf0.tar.bz2 | |
netfilter: ipset: fix ip_set_list allocation failure
ip_set_create() and ip_set_net_init() attempt to allocate physically
contiguous memory for ip_set_list. If memory is fragmented, the
allocations could easily fail:
vzctl: page allocation failure: order:7, mode:0xc0d0
Call Trace:
dump_stack+0x19/0x1b
warn_alloc_failed+0x110/0x180
__alloc_pages_nodemask+0x7bf/0xc60
alloc_pages_current+0x98/0x110
kmalloc_order+0x18/0x40
kmalloc_order_trace+0x26/0xa0
__kmalloc+0x279/0x290
ip_set_net_init+0x4b/0x90 [ip_set]
ops_init+0x3b/0xb0
setup_net+0xbb/0x170
copy_net_ns+0xf1/0x1c0
create_new_namespaces+0xf9/0x180
copy_namespaces+0x8e/0xd0
copy_process+0xb61/0x1a00
do_fork+0x91/0x320
Use kvcalloc() to fallback to 0-order allocations if high order
page isn't available.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/l2tp')
0 files changed, 0 insertions, 0 deletions