Bug 179098
Summary: | 'out of vmalloc space' caused by iptables on kernel-smp | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | dieter |
Component: | kernel | Assignee: | Larry Woodman <lwoodman> |
Status: | CLOSED DUPLICATE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | jbaron |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-07-10 19:28:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
dieter
2006-01-27 13:54:57 UTC
Created attachment 123771 [details]
Complete strace log of a failing iptables command
The attached logfile shows the complete output of strace for a failing iptables
command.
Created attachment 123774 [details]
iptables.save file to reproduce 'out of vmalloc space' problem with iptables-restore
You should be able to reproduce the problem with the attached file by running
$ iptables-restore < iptables.save
Created attachment 123775 [details]
iptables.save file to reproduce 'out of vmalloc space' problem with iptables-restore
You should be able to reproduce the problem with the attached compressed file
by running
$ iptables-restore < iptables.save
Is this causing a problem in the real world or is it just toi illustrate that iptables-restore can cause the system to exhaust vmalloc space? The reason I ask it that the kernel's virtual address window used for vmalloc() is smaller on an SMP kernel than it is on a UP kernel. The reason for this is there are per-cpu mapping windows allocated out of that 128MB virtual window when running the SMP kernel but not the UP kernel. These per-cpu mapping windows are used for temporary mapping of highmem pages but they do use and therefore decrease the remaining kernel virtual window size that vmalloc uses. Larry Woodman This is actually a real world problem. We have an application which dynamically inserts/removes lots of iptables rules based on trouble tickets. As a workaround we had to switch to the UP kernel at the customer site. This issue seems to be fixed in recent SPM kernels as we are not able to reproduce the problem again with kernel-smp-2.6.9-42.0.3.EL and the iptables.save file attached to this bug report. |