On Thu, Jul 18, 2024 at 8:32 PM Michal Hocko <mhocko@xxxxxxxx> wrote: > > On Thu 18-07-24 20:18:02, Barry Song wrote: > > So the purpose is making sure the semantics - NOFAIL means no failure > > and we don't need to check ret. If we can't really succeed, it should throw > > a BUG to stop any potential exploits. > > This would require to panic consistently on failure in all allocator > path that can bail out. E.g. page allocator on GFP_NOWAIT|GFP_NOFAIL > req. not sure how many more. Right, this GFP_NOFAIL issue seems quite messy. However, at least vmalloc will retry by itself, even if alloc_pages might have failed with GFP_NOWAIT | GFP_NOFAIL. But isn't that the definition of __GFP_NOFAIL? * %__GFP_NOFAIL: The VM implementation _must_ retry infinitely: the caller * cannot handle allocation failures. The allocation could block * indefinitely but will never return with failure. Testing for * failure is pointless." So I believe any code that doesn't retry and ends up returning NULL should be fixed. Otherwise, we should rename __GFP_NOFAIL to __GFP_UNLIKELY_FAIL in the documentation and explain when it might fail. > -- > Michal Hocko > SUSE Labs Thanks Barry
