Re: CVS commit: src/sys/net

[Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>]

# Sorry, I forgot to subscribe source-changes-d ml, I reply as
# a new mail.

Hi,

> In article <20151210081103.E0FBBFB83%cvs.NetBSD.org@localhost>,
> Kengo NAKAHARA <source-changes-d%NetBSD.org@localhost> wrote:
>>-=-=-=-=-=-
>>
>>Module Name:	src
>>Committed By:	knakahara
>>Date:		Thu Dec 10 08:11:03 UTC 2015
>>
>>Modified Files:
>>	src/sys/net: if_gif.c
>>
>>Log Message:
>>kmem_zalloc(, KM_SLEEP) must not return NULL.
> 
> I would like to solicit opinions about this change and form a general
> policy.
> 
> 1. I would like to reduce the use of KASSERT in the kernel, specially
> in situations like thee above where the test can be centralized (inside
> kmem_alloc) and avoided without being fatal.

OK, this kmem_zalloc() is not fatal. I should avoid KASSERT here.


> 2. Static analyzer models understand allocators, but they are not
> smart enough to determine under which situations they can fail. I
> believe even kmem_alloc with KM_SLEEP can fail when the size is
> large enough.

I have a question. The man of kmem(9) says:
====================
     kmflags  Either of the following:

              KM_SLEEP    If the allocation cannot be satisfied immediately,
                          sleep until enough memory is available.
====================
Is this manual incorrect?
I'm confused... Could you tell me easily comprehensible manual?


> So I propose to always check the return value of allocators with
> an 'if' and not a KASSERT.

There are some codes like "foo = kmem_alloc(size, KM_SLEEP); KASSERT(foo != NULL)".
Should the codes be unified to use not KASSERT' but if'?


Thanks,

-- 
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.

Device Engineering Section,
Core Product Development Department,
Product Division,
Technology Unit

Kengo NAKAHARA <k-nakahara%iij.ad.jp@localhost>