On Mon, Mar 04, 2024 at 09:45:48AM +1100, NeilBrown wrote: > I have in mind a more explicit statement of how much waiting is > acceptable. > > GFP_NOFAIL - wait indefinitely > GFP_KILLABLE - wait indefinitely unless fatal signal is pending. > GFP_RETRY - may retry but deadlock, though unlikely, is possible. So > don't wait indefinitely. May abort more quickly if fatal > signal is pending. > GFP_NO_RETRY - only try things once. This may sleep, but will give up > fairly quickly. Either deadlock is a significant > possibility, or alternate strategy is fairly cheap. > GFP_ATOMIC - don't sleep - same as current. > > I don't see how "GFP_KERNEL" fits into that spectrum. The definition of > "this will try really hard, but might fail and we can't really tell you > what circumstances it might fail in" isn't fun to work with. Well, lots of things "aren't fun to work with", but error handling is just a part of life. Your "GFP_KILLABLE" has the exact same problem of "this thing will be rarely hit and difficult to test" - if anything moreso. We just need to make sure error paths are getting tested - we need more practical fault injection, that's all.
