Hi, Ted. On Fri, Feb 28, 2025 at 9:34 PM Theodore Ts'o <tytso@xxxxxxx> wrote: > > On Fri, Feb 28, 2025 at 05:30:06PM +0800, Julian Sun wrote: > > > Actually, even with __GFP_NOFAIL set, kcalloc() can still return NULL, > > > such as when the input parameters overflow. > > > > > Yeah, agreed. But IMO an overflow shouldn’t happen in this situation. > > > > If there's something I'm missing, please let me know. > > It's not a matter of missing something; or even Right vs Wrong. > Different maintainers have different tastes about this sort of thing. > > The mm folks have changed the meaning of __GFP_NOFAIL in the past > (TL;DR: they *hate* that concept, and I wouldn't be surprised if they > try to change its behavior in the future) and especially in large code > bases such as the Linux Kernel, I'm a big believer in defensive > programming. > > As Linus has said in a different thread, when a compiler adds warnings > because of what it thinks are "unnecessary" range checks, that's a bad > warning. Adding extra range checks is never a bad thing, and compiler > behaviour that whine about that sort of thing are.... unfortunate. > Similarly, I'd much rather keep the extra check. > > (Also, there exist static program checkers, such as Coverity, that > don't know about the semantics of the GFP_* flags, and so removing the > check would actually cause those tools to complain.) > Got it. Thanks for your detailed explanation, it makes sense to me. By the way, I know you're busy, and I’m not trying to rush you, but when you have some time, could you please take a look at these patches? Thank you! https://lore.kernel.org/linux-ext4/20250107044702.1836852-1-sunjunchao2870@xxxxxxxxx/ > Cheers, > > - Ted Best Regards, -- Julian Sun <sunjunchao2870@xxxxxxxxx>
