From: "Danilo Krummrich" <dakr@kernel.org>
To: "Aditya Rajan" <adi.dev.github@gmail.com>
Cc: "Gary Guo" <gary@garyguo.net>, <ojeda@kernel.org>,
<abdiel.janulgue@gmail.com>, <daniel.almeida@collabora.com>,
<robin.murphy@arm.com>, <a.hindborg@kernel.org>,
<boqun@kernel.org>, <bjorn3_gh@protonmail.com>,
<lossin@kernel.org>, <aliceryhl@google.com>, <tmgross@umich.edu>,
<driver-core@lists.linux.dev>, <rust-for-linux@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] rust: dma: return EOVERFLOW instead of ENOMEM on size overflow
Date: Sat, 04 Apr 2026 21:43:33 +0200 [thread overview]
Message-ID: <DHKMLRW67JB9.2VGA6EGTLYSCU@kernel.org> (raw)
In-Reply-To: <DHKJNOFD1P03.15QMM3BFH0KLB@gmail.com>
On Sat Apr 4, 2026 at 7:24 PM CEST, Aditya Rajan wrote:
> On Sat Apr 4, 2026 at 6:15 AM PDT, Gary Guo wrote:
>
>> Thanks for the patch, but the behaviour here is intended.
>>
>> Neither our `KVec` implementation nor upstream Rust distinguishes between
>> allocation error caused by array size exceeding address space or running out of
>> memory to allocate (`AllocError` is returned and it converts to ENOMEM).
>>
>> `kmalloc_array` also just returns `NULL` when overflows, so arguably this
>> behaviour also aligns us with C side.
>>
>> Abstractly, the system is indeed running out memory because it cannot allocate
>> something larger than its address space.
>
> Thanks for the reply, I saw at some similar places where EOVERFLOW is used,
> that is why i thought we should change this error code:
>
> * In nouveau_drv.h, `u_memcpya()` does `check_mul_overflow(nmemb, size,
> &bytes)` and returns ERR_PTR(-EOVERFLOW), it is kind of same multiplication
> overflow on `nmemb*size` before an allocation. Similarly `mm/mmap.c` returns
> EOVERFLOW for arithmetic overflow in offset calculations, it also has a
> comment `/* offset overflow? */`.
>
> * Also I saw existing Rust kernel code already follows similar convention, see
> `rust/kernel/uaccess.rs` it uses `offset.checked_add(count).ok_or(EOVERFLOW)?`
> for the same kind of arithmetic overflow check.
>
> * For `kmalloc_array` i think it conflates overflow with OOM because its
> return type (pointer) can't express distinct errors, maybe it should be
> improved as well ?. When the API can distinguish (like here, or in nouveau),
> the kernel does use (or maybe should use?) `EOVERFLOW`.
You mentioned u_memcpya() from nouveau, which follows memdup_array_user() and
vmemdup_array_user(); and I think there are even more such examples that use
-EOVERFLOW besides those and the also mentioned uaccess code.
That said, they all have on common that they are semantically different compared
to a raw memory allocation, as they also access existing buffers the user wants
those functions to copy from. Thus, a multiplication overflow also implies a
potential out of bounds access of the given buffer. So, it makes sense to
distinguish between -EOVERFLOW and -ENOMEM in those cases.
next prev parent reply other threads:[~2026-04-04 19:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 21:28 [PATCH] rust: dma: return EOVERFLOW instead of ENOMEM on size overflow Aditya Rajan
2026-04-04 13:15 ` Gary Guo
2026-04-04 17:24 ` Aditya Rajan
2026-04-04 19:43 ` Danilo Krummrich [this message]
2026-04-04 20:13 ` Gary Guo
2026-04-04 20:28 ` Danilo Krummrich
2026-04-05 9:51 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHKMLRW67JB9.2VGA6EGTLYSCU@kernel.org \
--to=dakr@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=abdiel.janulgue@gmail.com \
--cc=adi.dev.github@gmail.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=driver-core@lists.linux.dev \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=ojeda@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox