On Sat, 2019-08-31 at 18:19 +0300, Leon Romanovsky wrote:
> On Sat, Aug 31, 2019 at 10:33:13AM -0400, Doug Ledford wrote:
> > On Sat, 2019-08-31 at 10:30 +0300, Leon Romanovsky wrote:
> > > Doug,
> > >
> > > I think that it can be counted as good example why allowing memory
> > > leaks
> > > in drivers (HNS) is not so great idea.
> >
> > Crashing the machine is worse.
>
> The problem with it that you are "punishing" whole subsystem
> because of some piece of crap which anyway users can't buy.
No I'm not. The patch in question was in the hns driver and only leaked
resources assigned to the hns card when the hns card timed out in
freeing those resources. That doesn't punish the entire subsystem, it
only punishes the users of that card, and then only if the card has
flaked out.
> If HNS wants to have memory leaks, they need to do it outside
> of upstream kernel.
Nope.
> In general, if users buy shitty hardware, they need to be ready
> to have kernel panics too. It works with faulty DRAM where kernel
> doesn't hide such failures, so don't see any rationale to invent
> something special for ib_device.
What you are advocating for is not "shitty DRAM crashing the machine",
you are advocating for "having ECC DRAM and then intentionally turning
the ECC off and then crashing the machine". Please repeat after me: WE
DONT CRASH MACHINES. PERIOD. If it is avoidable, we avoid it. That's
why BUG_ONs have to go and why they piss Linus off so much. If you
crash the machine, people are left scratching their head and asking why.
If you don't crash the machine, they have a chance to debug the issue
and resolve it. The entire idea that you are advocating for crashing
the machine as being preferable to leaking a few resources is ludicrous.
WE DONT CRASH MACHINES. PERIOD. Please repeat that until it fully
sinks in.
> Thanks
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: B826A3330E572FDD
Fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
Attachment:
signature.asc
Description: This is a digitally signed message part
