From: "Danilo Krummrich" <dakr@kernel.org>
To: "Aditya Rajan" <adi.dev.github@gmail.com>
Cc: "Gary Guo" <gary@garyguo.net>, <ojeda@kernel.org>,
<abdiel.janulgue@gmail.com>, <daniel.almeida@collabora.com>,
<robin.murphy@arm.com>, <a.hindborg@kernel.org>,
<boqun@kernel.org>, <bjorn3_gh@protonmail.com>,
<lossin@kernel.org>, <aliceryhl@google.com>, <tmgross@umich.edu>,
<driver-core@lists.linux.dev>, <rust-for-linux@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] rust: dma: return EOVERFLOW instead of ENOMEM on size overflow
Date: Sat, 04 Apr 2026 21:43:33 +0200 [thread overview]
Message-ID: <DHKMLRW67JB9.2VGA6EGTLYSCU@kernel.org> (raw)
In-Reply-To: <DHKJNOFD1P03.15QMM3BFH0KLB@gmail.com>
On Sat Apr 4, 2026 at 7:24 PM CEST, Aditya Rajan wrote:
> On Sat Apr 4, 2026 at 6:15 AM PDT, Gary Guo wrote:
>
>> Thanks for the patch, but the behaviour here is intended.
>>
>> Neither our `KVec` implementation nor upstream Rust distinguishes between
>> allocation error caused by array size exceeding address space or running out of
>> memory to allocate (`AllocError` is returned and it converts to ENOMEM).
>>
>> `kmalloc_array` also just returns `NULL` when overflows, so arguably this
>> behaviour also aligns us with C side.
>>
>> Abstractly, the system is indeed running out memory because it cannot allocate
>> something larger than its address space.
>
> Thanks for the reply, I saw at some similar places where EOVERFLOW is used,
> that is why i thought we should change this error code:
>
> * In nouveau_drv.h, `u_memcpya()` does `check_mul_overflow(nmemb, size,
> &bytes)` and returns ERR_PTR(-EOVERFLOW), it is kind of same multiplication
> overflow on `nmemb*size` before an allocation. Similarly `mm/mmap.c` returns
> EOVERFLOW for arithmetic overflow in offset calculations, it also has a
> comment `/* offset overflow? */`.
>
> * Also I saw existing Rust kernel code already follows similar convention, see
> `rust/kernel/uaccess.rs` it uses `offset.checked_add(count).ok_or(EOVERFLOW)?`
> for the same kind of arithmetic overflow check.
>
> * For `kmalloc_array` i think it conflates overflow with OOM because its
> return type (pointer) can't express distinct errors, maybe it should be
> improved as well ?. When the API can distinguish (like here, or in nouveau),
> the kernel does use (or maybe should use?) `EOVERFLOW`.
You mentioned u_memcpya() from nouveau, which follows memdup_array_user() and
vmemdup_array_user(); and I think there are even more such examples that use
-EOVERFLOW besides those and the also mentioned uaccess code.
That said, they all have on common that they are semantically different compared
to a raw memory allocation, as they also access existing buffers the user wants
those functions to copy from. Thus, a multiplication overflow also implies a
potential out of bounds access of the given buffer. So, it makes sense to
distinguish between -EOVERFLOW and -ENOMEM in those cases.
next prev parent reply other threads:[~2026-04-04 19:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 21:28 [PATCH] rust: dma: return EOVERFLOW instead of ENOMEM on size overflow Aditya Rajan
2026-04-04 13:15 ` Gary Guo
2026-04-04 17:24 ` Aditya Rajan
2026-04-04 19:43 ` Danilo Krummrich [this message]
2026-04-04 20:13 ` Gary Guo
2026-04-04 20:28 ` Danilo Krummrich
2026-04-05 9:51 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHKMLRW67JB9.2VGA6EGTLYSCU@kernel.org \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=adi.dev.github@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=driver-core@lists.linux.dev \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.