# Sorry, I forgot to subscribe source-changes-d ml, I reply as # a new mail.
Hi, > In article <20151210081103.E0FBBFB83%cvs.NetBSD.org@localhost>, > Kengo NAKAHARA <source-changes-d%NetBSD.org@localhost> wrote: >>-=-=-=-=-=- >> >>Module Name: src >>Committed By: knakahara >>Date: Thu Dec 10 08:11:03 UTC 2015 >> >>Modified Files: >> src/sys/net: if_gif.c >> >>Log Message: >>kmem_zalloc(, KM_SLEEP) must not return NULL. > > I would like to solicit opinions about this change and form a general > policy. > > 1. I would like to reduce the use of KASSERT in the kernel, specially > in situations like thee above where the test can be centralized (inside > kmem_alloc) and avoided without being fatal. OK, this kmem_zalloc() is not fatal. I should avoid KASSERT here. > 2. Static analyzer models understand allocators, but they are not > smart enough to determine under which situations they can fail. I > believe even kmem_alloc with KM_SLEEP can fail when the size is > large enough. I have a question. The man of kmem(9) says: ==================== kmflags Either of the following: KM_SLEEP If the allocation cannot be satisfied immediately, sleep until enough memory is available. ==================== Is this manual incorrect? I'm confused... Could you tell me easily comprehensible manual? > So I propose to always check the return value of allocators with > an 'if' and not a KASSERT. There are some codes like "foo = kmem_alloc(size, KM_SLEEP); KASSERT(foo != NULL)". Should the codes be unified to use not KASSERT' but if'? Thanks, -- ////////////////////////////////////////////////////////////////////// Internet Initiative Japan Inc. Device Engineering Section, Core Product Development Department, Product Division, Technology Unit Kengo NAKAHARA <k-nakah...@iij.ad.jp>