[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.0] qga-posix: Avoid crashing process when failing to al
|
From: |
Markus Armbruster |
|
Subject: |
Re: [PATCH-for-5.0] qga-posix: Avoid crashing process when failing to allocate memory |
|
Date: |
Mon, 30 Mar 2020 16:11:58 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Philippe Mathieu-Daudé <address@hidden> writes:
> On 3/25/20 7:19 AM, Dietmar Maurer wrote:
>> but error_setg() also calls malloc, so this does not help at all?
>
> IIUC the problem, you can send a QMP command to ask to read let's say
> 3GB of a file, and QEMU crashes. But this doesn't mean there the .heap
> is empty, there is probably few bytes still available, enough to
> respond with an error message.
We've discussed how to handle out-of-memory conditions many times.
Here's one instance:
Subject: When it's okay to treat OOM as fatal?
Message-ID: <address@hidden>
https://lists.nongnu.org/archive/html/qemu-devel/2018-10/msg03212.html
No improvement since then; there's no guidance on when to check for OOM.
Actual code tends to check only "large" allocations (for subjective
values of "large").
I reiterate my opinion that whatever OOM handling we have is too
unreliable to be worth much, since it can only help when (1) allocations
actually fail (they generally don't[*]), and (2) the allocation that
fails is actually handled (they generally aren't), and (3) the handling
actually works (we don't test OOM, so it generally doesn't).
[*] Linux overcommits memory, which means malloc() pretty much always
succeeds, but when you try to use "too much" of the memory you
supposedly allocated, a lethal signal is coming your way. Reasd the
thread I quoted for examples.
Re: [PATCH-for-5.0] qga-posix: Avoid crashing process when failing to allocate memory, Daniel P . Berrangé, 2020/03/30