On Wed, Nov 30, 2016 at 11:39:41PM +0100, Vincent Gross wrote:
> About sleeping on malloc : better to err on the safe side with
Not so sure about that. From a user point of view a crash is fatal.
But if an operation sometimes fails, it can also be annoying.
We have some ioctl returning an error. A failing ifconfig(8) is
not nice, but the user may try it again. Some ioctl throw away the
error from vxlan_config() with an explicit (void) cast. That is
even worse if you have an unreliable operation leaving the interface
in a half configured state.
And what about the interface state change? Normally you join the
multicast group, but sometimes, when the kernel has low memory, it
The M_NOWAIT is suitable for operations that may fail and recover,
like when dropping an IP packet. But then you must have a higher
layer that does a retry later.
In this case it is better to review all the callers wether they are
running in process context. Most of them like ioctl(2) do it anyway,
and I hope all of them do it since we have introduced sleeping
timers. We still have to review, wether they can cope with a process
switch when they sleep here.
But I have just looked into in6_joingroup() and in_addmulti(). They
use malloc(9) with M_NOWAIT internally and return ENOBUFS if it
fails. It has always been like this, forget everything I have said.
Change back ENOMEM to ENOBUFS and commit this with OK bluhm@.