On Wed, Nov 30, 2016 at 11:39:41PM +0100, Vincent Gross wrote: > About sleeping on malloc : better to err on the safe side with > M_NOWAIT.
Not so sure about that. From a user point of view a crash is fatal. But if an operation sometimes fails, it can also be annoying. We have some ioctl returning an error. A failing ifconfig(8) is not nice, but the user may try it again. Some ioctl throw away the error from vxlan_config() with an explicit (void) cast. That is even worse if you have an unreliable operation leaving the interface in a half configured state. And what about the interface state change? Normally you join the multicast group, but sometimes, when the kernel has low memory, it silently fails. The M_NOWAIT is suitable for operations that may fail and recover, like when dropping an IP packet. But then you must have a higher layer that does a retry later. In this case it is better to review all the callers wether they are running in process context. Most of them like ioctl(2) do it anyway, and I hope all of them do it since we have introduced sleeping timers. We still have to review, wether they can cope with a process switch when they sleep here. But I have just looked into in6_joingroup() and in_addmulti(). They use malloc(9) with M_NOWAIT internally and return ENOBUFS if it fails. It has always been like this, forget everything I have said. Change back ENOMEM to ENOBUFS and commit this with OK bluhm@.
