Re: 2.2/2.4/2.6 VMs: do malloc() ever return NULL?

["Ihar 'Philips' Filipau" <filia@softhome.net>]

Richard B. Johnson wrote:
> 
> As documented, malloc() will never fail as long as there
> is still address space (not memory) available. This is
> the required nature of the over-commit strategy. This is
> necessary because many programs never even touch all the
> memory they allocate.
> 

   We are reading different mans? My man malloc(3) clearly states that 
malloc() can return NULL. (*)

   May I ask you one question? Did you were ever doing once graceful
failure of application under memory pressure? Looks like not.

   I can guess why sendmail allocates memory it never touches - memory
pools. There are situations where you really cannot fail - and memory
allocation failures are really nasty. Do you wanna to lose your e-mails? 
No? So then think twice, while implementing lazy allocators.

   So from my tests I see that by default Linux is not safe. You allocate
memory - malloc() != NULL. Then later you try to write to this memory
and you get killed by oom_killer. What is the point of this? Your
reasoning doesn't sound to me.

   Memory pools used by applications exactly to make grace error
handling under memory pressure - but it looks like this stuff under
Linux gets no testing at all. And default settings could make from
simple bug complete disaster.

 > You can turn OFF over-commit by doing:
 >
 > echo "2" >proc/sys/vm/overcommit_memory
 >
 > However, you will probably find that many programs fail
 > or seg-fault when normally they wouldn't. So, if you don't
 > mind restarting sendmail occasionally, then turn off over-commit.
 >

   I shall try overcommit_memory == 2 tomorrow and say what I see.

P.S. For example application I have ported right now to kernel space has
a limitiation - it must never ever allocate memory: memory consumption
is known, protocol just have no situation like ENOMEM - it _must_ fail
to initialize on start-up. No - not to being killed by oom_killer in
middle of processing. think carrier grade and/or just good programming
technics.

(*) Great optimization opportunities: remove from all programmes checks 
of the return value if malloc(). As by your words - why not?

-- 
Ihar 'Philips' Filipau  / with best regards from Saarbruecken.
--                                                           _ _ _
  Because the kernel depends on it existing. "init"          |_|*|_|
  literally _is_ special from a kernel standpoint,           |_|_|*|
  because its' the "reaper of zombies" (and, may I add,      |*|*|*|
  that would be a great name for a rock band).
                                 -- Linus Torvalds