On Fri, Feb 28, 2025 at 05:30:06PM +0800, Julian Sun wrote: > > Actually, even with __GFP_NOFAIL set, kcalloc() can still return NULL, > > such as when the input parameters overflow. > > > Yeah, agreed. But IMO an overflow shouldn’t happen in this situation. > > If there's something I'm missing, please let me know. It's not a matter of missing something; or even Right vs Wrong. Different maintainers have different tastes about this sort of thing. The mm folks have changed the meaning of __GFP_NOFAIL in the past (TL;DR: they *hate* that concept, and I wouldn't be surprised if they try to change its behavior in the future) and especially in large code bases such as the Linux Kernel, I'm a big believer in defensive programming. As Linus has said in a different thread, when a compiler adds warnings because of what it thinks are "unnecessary" range checks, that's a bad warning. Adding extra range checks is never a bad thing, and compiler behaviour that whine about that sort of thing are.... unfortunate. Similarly, I'd much rather keep the extra check. (Also, there exist static program checkers, such as Coverity, that don't know about the semantics of the GFP_* flags, and so removing the check would actually cause those tools to complain.) Cheers, - Ted
