Re: qedr memory leak report

[Leon Romanovsky <leon@kernel.org>]

On Sat, Aug 31, 2019 at 01:17:05PM -0400, Doug Ledford wrote:
> On Sat, 2019-08-31 at 18:19 +0300, Leon Romanovsky wrote:
> > On Sat, Aug 31, 2019 at 10:33:13AM -0400, Doug Ledford wrote:
> > > On Sat, 2019-08-31 at 10:30 +0300, Leon Romanovsky wrote:
> > > > Doug,
> > > >
> > > > I think that it can be counted as good example why allowing memory
> > > > leaks
> > > > in drivers (HNS) is not so great idea.
> > >
> > > Crashing the machine is worse.
> >
> > The problem with it that you are "punishing" whole subsystem
> > because of some piece of crap which anyway users can't buy.
>
> No I'm not.  The patch in question was in the hns driver and only leaked
> resources assigned to the hns card when the hns card timed out in
> freeing those resources.  That doesn't punish the entire subsystem, it
> only punishes the users of that card, and then only if the card has
> flaked out.

Unfortunately, but you are.

Our model is based on the fact that destroy operations can't fail and
all allocations performed by IB/core should be released right after call
to relevant destroy callback. The fact that you are allowing to one
driver don't success in destroy, means that you will need to allow
to everyone chance to return errors and skip freeing resources.

>
> > If HNS wants to have memory leaks, they need to do it outside
> > of upstream kernel.
>
> Nope.
>
> > In general, if users buy shitty hardware, they need to be ready
> > to have kernel panics too. It works with faulty DRAM where kernel
> > doesn't hide such failures, so don't see any rationale to invent
> > something special for ib_device.
>
> What you are advocating for is not "shitty DRAM crashing the machine",
> you are advocating for "having ECC DRAM and then intentionally turning
> the ECC off and then crashing the machine".  Please repeat after me: WE
> DONT CRASH MACHINES.  PERIOD.  If it is avoidable, we avoid it.  That's
> why BUG_ONs have to go and why they piss Linus off so much.  If you
> crash the machine, people are left scratching their head and asking why.
> If you don't crash the machine, they have a chance to debug the issue
> and resolve it.  The entire idea that you are advocating for crashing
> the machine as being preferable to leaking a few resources is ludicrous.
> WE DONT CRASH MACHINES.  PERIOD.  Please repeat that until it fully
> sinks in.

I'm not advocating for that and I don't buy explanation that freeing
memory will cause for machine to crash, at the end, freed memory
means that user won't have access to such bad resource.

Thanks

>
> > Thanks
>
> --
> Doug Ledford <dledford@redhat.com>
>     GPG KeyID: B826A3330E572FDD
>     Fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD