>> The kfree() function was called in up to five cases
>> by the init_vqs() function during error handling even if
>> the passed variable contained a null pointer.
>>
>> * Return directly after a call of the function "kmalloc_array" failed
>>   at the beginning.
>>
>> * Split a condition check for memory allocation failures so that
>>   each pointer from these function calls will be checked immediately.
>>
>>   See also background information:
>>   Topic "CWE-754: Improper check for unusual or exceptional conditions"
>>   Link: https://cwe.mitre.org/data/definitions/754.html
>>
>> * Adjust jump targets according to the Linux coding style convention.
> 
> So I've seen this series and I'm not yet sure how I feel about the
> patches - f.e. in this one, it adds more lines than it removes to
> achieve the same effect.

I find this consequence still debatable.


> I think the code is currently more readable than after these changes.

Thanks for your constructive feedback.

Can it be that an other software development concern is eventually overlooked?


> And even if kfree is called multiple times, it isn't a huge bother

I know also that the implementation of this function tolerates the passing
of null pointers.


> -- it's error case anyway, very unlikely to trigger, but keeps everything 
> very readble.

I suggest to reconsider this design detail if it is really acceptable
for the safe implementation of such a software module.

* How much will it matter in general that four function call were performed
  in this use case without checking their return values immediately?

* Should it usually be determined quicker if a required resource like
  memory could be acquired before trying the next allocation?

Regards,
Markus
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

Reply via email to