linux/net
Marcelo Ricardo Leitner 5bad87348c netfilter: x_tables: avoid warn and OOM killer on vmalloc call
Andrey Konovalov reported that this vmalloc call is based on an
userspace request and that it's spewing traces, which may flood the logs
and cause DoS if abused.

Florian Westphal also mentioned that this call should not trigger OOM
killer.

This patch brings the vmalloc call in sync to kmalloc and disables the
warn trace on allocation failure and also disable OOM killer invocation.

Note, however, that under such stress situation, other places may
trigger OOM killer invocation.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-12-07 13:31:41 +01:00
..
6lowpan 6lowpan: ndisc: no overreact if no short address is available 2016-09-19 20:19:34 +02:00
9p IB/core: add support to create a unsafe global rkey to ib_create_pd 2016-09-23 13:47:44 -04:00
802 net: use core MTU range checking in misc drivers 2016-10-20 14:51:10 -04:00
8021q netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
appletalk appletalk: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:10 -07:00
atm net: remove MTU limits on a few ether_setup callers 2016-10-21 13:57:50 -04:00
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-26 23:42:21 -05:00
bridge netfilter: convert while loops to for loops 2016-12-06 21:42:16 +01:00
caif netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
can can: bcm: fix support for CAN FD frames 2016-11-23 15:22:18 +01:00
ceph libceph: initialize last_linger_id with a large integer 2016-11-10 20:13:08 +01:00
core net_sched: gen_estimator: account for timer drifts 2016-12-03 16:12:17 -05:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
decnet net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
ethernet net: make default TX queue length a defined constant 2016-11-07 20:15:55 -05:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-30 12:42:58 -04:00
ieee802154 genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
ipv4 netfilter: rpfilter: bypass ipv4 lbcast packets with zeronet source 2016-12-07 13:22:50 +01:00
ipv6 netfilter: nft_fib: convert htonl to ntohl properly 2016-12-06 21:42:20 +01:00
ipx
irda genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
iucv Subject: [PATCH] af_iucv: drop skbs rejected by filter 2016-10-12 01:56:04 -04:00
kcm Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-07 15:36:58 -07:00
key netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
l3mdev net: ipv6: Remove l3mdev_get_saddr6 2016-09-10 23:12:53 -07:00
lapb
llc net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
mac802154 mac802154: use rate limited warnings for malformed frames 2016-09-19 20:19:34 +02:00
mpls lwt: Remove unused len field 2016-10-23 17:45:01 -04:00
ncsi net/ncsi: Improve HNCDSC AEN handler 2016-10-20 11:23:08 -04:00
netfilter netfilter: x_tables: avoid warn and OOM killer on vmalloc call 2016-12-07 13:31:41 +01:00
netlabel genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
netrom
nfc genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
phonet netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
rfkill
rose
rxrpc udp: do fwd memory scheduling on dequeue 2016-11-07 13:24:41 -05:00
sched act_mirred: fix a typo in get_dev 2016-12-03 19:28:02 -05:00
sctp sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
strparser strparser: Propagate correct error code in strp_recv() 2016-10-12 01:51:49 -04:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
switchdev Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-30 12:42:58 -04:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
vmw_vsock VSOCK: add loopback to virtio_transport 2016-11-24 11:53:15 -05:00
wimax genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
wireless wireless-drivers-next patches for 4.10 2016-11-27 20:26:59 -05:00
x25 net: x25: remove null checks on arrays calling_ae and called_ae 2016-09-09 18:13:30 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
compat.c
Kconfig bpf: BPF for lightweight tunnel infrastructure 2016-12-02 10:51:49 -05:00
Makefile
socket.c tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING 2016-11-30 10:04:25 -05:00
sysctl_net.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2016-10-06 09:52:23 -07:00