Add M_CANFAIL malloc(9) flag. This flag changes behaviour in M_WAITOK

case when the requested memory size can't ever be granted - instead
of panic, malloc(9) would return failure (NULL).
Note kernel code should do proper bound checking, rather than
depend on M_CANFAIL. This flag is only supposed to be used in very
special cases, where common bound checking is not appropriate.

Discussed on tech-kern@, name ``M_CANFAIL'' suggested by Chuck Cranor.

sys/kern/kern_malloc.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_malloc.c,v 1.67 2001/11/30 01:54:21 enami Exp $	*/
+/*	$NetBSD: kern_malloc.c,v 1.68 2001/12/04 20:13:19 jdolecek Exp $	*/
 
 /*
  * Copyright (c) 1996 Christopher G. Demetriou.  All rights reserved.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.67 2001/11/30 01:54:21 enami Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.68 2001/12/04 20:13:19 jdolecek Exp $");
 
 #include "opt_lockdebug.h"
 
@@ -279,7 +279,7 @@ malloc(size, type, flags)
 			 * are completely free and which are in buckets
 			 * with too many free elements.)
 			 */
-			if ((flags & M_NOWAIT) == 0)
+			if ((flags & (M_NOWAIT|M_CANFAIL)) == 0)
 				panic("malloc: out of space in kmem_map");
 			splx(s);
 			return ((void *) NULL);

sys/sys/malloc.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: malloc.h,v 1.68 2001/11/17 03:50:27 lukem Exp $	*/
+/*	$NetBSD: malloc.h,v 1.69 2001/12/04 20:13:20 jdolecek Exp $	*/
 
 /*
  * Copyright (c) 1987, 1993
@@ -48,10 +48,11 @@
 /*
  * flags to malloc
  */
-#define	M_WAITOK	0x0000
-#define	M_NOWAIT	0x0001
+#define	M_WAITOK	0x0000	/* can wait for resources */
+#define	M_NOWAIT	0x0001	/* do not wait for resources */
 #define	M_ZERO		0x0002	/* zero the allocation */
-
+#define	M_CANFAIL	0x0004	/* can fail if requested memory can't ever
+				 * be allocated */
 /*
  * Types of memory to be allocated
  */