On Fri 19-07-24 23:05:48, Barry Song wrote: [...] > BTW, we are really exposing potential exploits. Rather than an early > stage BUG_ON(), is it reasonable to BUG_ON when we really return > NULL for NOFAIL at the last moment? This will crash the system but it > is still safer than exposing exploits. I believe the whole discssion here revolves around either using BUG_ON or retrying without any sleep. But I guess you are specifically talking about those two original k[v]malloc_array* interfaces which have introduced the early break. For those BUG_ON is a safer option than WARN_ON definitely. Please involve Kees who has introduced those. kvmalloc_node_noprof would require something similar. It checks for INT_MAX. You can test whether Linus is OK with such a change that way ;) Good luck -- Michal Hocko SUSE Labs
