>> The kfree() function was called in up to five cases
>> by the init_vqs() function during error handling even if
>> the passed variable contained a null pointer.
>> * Return directly after a call of the function "kmalloc_array" failed
>> at the beginning.
>> * Split a condition check for memory allocation failures so that
>> each pointer from these function calls will be checked immediately.
>> See also background information:
>> Topic "CWE-754: Improper check for unusual or exceptional conditions"
>> Link: https://cwe.mitre.org/data/definitions/754.html
>> * Adjust jump targets according to the Linux coding style convention.
> So I've seen this series and I'm not yet sure how I feel about the
> patches - f.e. in this one, it adds more lines than it removes to
> achieve the same effect.
I find this consequence still debatable.
> I think the code is currently more readable than after these changes.
Thanks for your constructive feedback.
Can it be that an other software development concern is eventually overlooked?
> And even if kfree is called multiple times, it isn't a huge bother
I know also that the implementation of this function tolerates the passing
of null pointers.
> -- it's error case anyway, very unlikely to trigger, but keeps everything
> very readble.
I suggest to reconsider this design detail if it is really acceptable
for the safe implementation of such a software module.
* How much will it matter in general that four function call were performed
in this use case without checking their return values immediately?
* Should it usually be determined quicker if a required resource like
memory could be acquired before trying the next allocation?