In article <20151210081103.e0fbbf...@cvs.netbsd.org>, Kengo NAKAHARA <source-changes-d@NetBSD.org> wrote: >-=-=-=-=-=- > >Module Name: src >Committed By: knakahara >Date: Thu Dec 10 08:11:03 UTC 2015 > >Modified Files: > src/sys/net: if_gif.c > >Log Message: >kmem_zalloc(, KM_SLEEP) must not return NULL.
I would like to solicit opinions about this change and form a general policy. 1. I would like to reduce the use of KASSERT in the kernel, specially in situations like thee above where the test can be centralized (inside kmem_alloc) and avoided without being fatal. 2. Static analyzer models understand allocators, but they are not smart enough to determine under which situations they can fail. I believe even kmem_alloc with KM_SLEEP can fail when the size is large enough. So I propose to always check the return value of allocators with an 'if' and not a KASSERT. christos
