On Wed, Nov 30, 2016 at 11:39:41PM +0100, Vincent Gross wrote:
> About sleeping on malloc : better to err on the safe side with

Not so sure about that.  From a user point of view a crash is fatal.
But if an operation sometimes fails, it can also be annoying.

We have some ioctl returning an error.  A failing ifconfig(8) is
not nice, but the user may try it again.  Some ioctl throw away the
error from vxlan_config() with an explicit (void) cast.  That is
even worse if you have an unreliable operation leaving the interface
in a half configured state.

And what about the interface state change?  Normally you join the
multicast group, but sometimes, when the kernel has low memory, it
silently fails.

The M_NOWAIT is suitable for operations that may fail and recover,
like when dropping an IP packet.  But then you must have a higher
layer that does a retry later.

In this case it is better to review all the callers wether they are
running in process context.  Most of them like ioctl(2) do it anyway,
and I hope all of them do it since we have introduced sleeping
timers.  We still have to review, wether they can cope with a process
switch when they sleep here.

But I have just looked into in6_joingroup() and in_addmulti().  They
use malloc(9) with M_NOWAIT internally and return ENOBUFS if it
fails.  It has always been like this, forget everything I have said.

Change back ENOMEM to ENOBUFS and commit this with OK bluhm@.

Reply via email to