Re: [Qemu-devel] [PATCH 1/6] Terminate emulation on memory allocation failure

[Avi Kivity]

Daniel P. Berrange wrote:
> On Thu, Feb 05, 2009 at 01:08:41PM +0200, Avi Kivity wrote:
>   
> > Memory allocation failures are a very rare condition on virtual-memory
> > hosts.  They are also very difficult to handle correctly (especially in a
> > hardware emulation context).  Because of this, it is better to gracefully
> > terminate emulation rather than executing untested or even unwritten recovery
> > code paths.
> >
> > This patch changes the qemu memory allocation routines to terminate emulation
> > if an allocation failure is encountered.
> >
> > Signed-off-by: Avi Kivity <address@hidden>
> > ---
> >  qemu-malloc.c |   16 ++++++++++------
> >  1 files changed, 10 insertions(+), 6 deletions(-)
> >
> > diff --git a/qemu-malloc.c b/qemu-malloc.c
> > index dc74efe..1d00f26 100644
> > --- a/qemu-malloc.c
> > +++ b/qemu-malloc.c
> > @@ -22,6 +22,14 @@
> >   * THE SOFTWARE.
> >   */
> >  #include "qemu-common.h"
> > +#include <stdlib.h>
> > +
> > +static void *oom_check(void *ptr)
> > +{
> > +    if (ptr == NULL)
> > +        exit(13);
> > +    return ptr;
> > +}
> >     
>
> Will all our atexit handlers cope with OOM too? In particular
> we don't want them calling qemu_malloc again, or this becomes
> re-entrant. If we want to go down this route, then abort() is
> probably safer.

abort() is a little messy in leaving a core file (which would likely 
fail anyway if we're out of memory).

Maybe _exit() is better here.

Even exit() will work; if we are unable to allocate in the exit handler, 
worst case we overflow the stack and crash.

In any case, I didn't see any calls to qemu_malloc() in existing atexit 
handlers.

--
error compiling committee.c: too many arguments to function