On Thu, 30 Oct 2025 at 14:23, Shivang Upadhyay <[email protected]> wrote: > Also I noticed a pattern to use `g_malloc` for critical things instead > of `g_try_malloc`. But it will kill the full application if failure happens. > So maybe just `error_report` is fine here(?).
docs/devel/style.rst has some notes on malloc choices, including this: # Care should be taken to avoid introducing places where the guest could # trigger an exit by causing a large allocation. For small allocations, # of the order of 4k, a failure to allocate is likely indicative of an # overloaded host and allowing ``g_malloc`` to ``exit`` is a reasonable # approach. However for larger allocations where we could realistically # fall-back to a smaller one if need be we should use functions like # ``g_try_new`` and check the result. For example this is valid approach # for a time/space trade-off like ``tlb_mmu_resize_locked`` in the # SoftMMU TLB code. Since we're trying to allocate 32MB at once and this is during the guest run rather than at startup, this is probably a reasonable place to use g_try_malloc(). There are other places in this code that use LOG_GUEST_ERROR for things that aren't exactly guest errors, so my suggestion is that we take this patch as-is to fix the logic error. We can consider whether we want to try to improve the error reporting of this group of functions as a separate patch. thanks -- PMM
