On Thu, Dec 10, 2015 at 08:41:50PM -0800, Chuck Silvers wrote: > > | > So I propose to always check the return value of allocators with > > | > an 'if' and not a KASSERT. > > | > > | There are some codes like "foo = kmem_alloc(size, KM_SLEEP); > > | KASSERT(foo != NULL)". > > | Should the codes be unified to use not KASSERT' but if'? > > > > Yes (when it is possible), and the man page for kmem_alloc should be > > changed to reflect that. > > (moving this discussion to tech-kern) > > how about instead we fix the kmem_alloc() implementation to match > the man page? that seems much more practical to me. adding > failure checks and recovery code to the thousands of *alloc() calls > in the kernel would be a vast amount of work for very little > benefit. an attempt to allocate an amount of memory large enough > that it can never succeed sounds like a bug to me, and it seems > better to fix any such bugs rather than add a vast amount of mostly > useless error handling code in hopes of papering over them.
concur -- David A. Holland dholl...@netbsd.org
