From: Mikulas Patocka
Date: Mon Oct 10 2005 - 19:09:45 EST

On Mon, 10 Oct 2005, Andrew Morton wrote:

Anton Altaparmakov <aia21@xxxxxxxxx> wrote:

> Maybe the best solution is neither one nor another. Testing and failing
> gracefully seems better.
> What do you think?

I certainly agree with you there. I neither want a deadlock nor
corruption. (-:

Yup. In the present implementation __getblk_slow() "cannot fail". It's
conceivable that at some future stage we'll change __getblk_slow() so that
it returns NULL on an out-of-memory condition.

The question is if it is desired --- it will make bread return NULL on out-of-memory condition, callers will treat it like an IO error, skipping access to the affected block, causing damage on perfectly healthy filesystem.

I liked what linux-2.0 did in this case --- if the kernel was out of memory, getblk just took another buffer, wrote it if it was dirty and used it. Except for writeable loopback device (where writing one buffer generates more dirty buffers), it couldn't deadlock.


Anyone making such a change
would have to audit all callers to make sure that they handle the NULL

It is appropriate at this time to fix the callers so that they correctly
handle the NULL return. However, it is non-trivial to actually _test_ such
changes, and such changes should be tested. Or at least, they should be
done with considerable care and knowledge of the specific filesystems.

