[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aEqWvIffNhh6Kzp8@google.com>
Date: Thu, 12 Jun 2025 08:58:36 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: Burak Emir <bqe@...gle.com>
Cc: Yury Norov <yury.norov@...il.com>, Kees Cook <kees@...nel.org>,
Rasmus Villemoes <linux@...musvillemoes.dk>, Viresh Kumar <viresh.kumar@...aro.org>,
Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
"Björn Roy Baron" <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>,
Andreas Hindborg <a.hindborg@...nel.org>, Trevor Gross <tmgross@...ch.edu>,
"Gustavo A . R . Silva" <gustavoars@...nel.org>, Carlos LLama <cmllamas@...gle.com>,
Pekka Ristola <pekkarr@...tonmail.com>, rust-for-linux@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v12 4/5] rust: add find_bit_benchmark_rust module.
On Wed, Jun 11, 2025 at 07:48:37PM +0000, Burak Emir wrote:
> + let mut bitmap = Bitmap::new(BITMAP_LEN, GFP_KERNEL).expect("alloc sparse bitmap failed");
> + let nbits = BITMAP_LEN / SPARSENESS;
> + for _i in 0..nbits {
> + // SAFETY: BITMAP_LEN fits in 32 bits.
> + let bit: usize =
> + unsafe { bindings::__get_random_u32_below(BITMAP_LEN.try_into().unwrap()) as _ };
This safety comment argues why the .unwrap() will not result in a panic,
but it should instead argue why the call to __get_random_u32_below() is
okay. I guess that it's because __get_random_u32_below() is always safe
to call?
I'm not a big fan of these .try_into().unwrap() conversions. I would
probably just have written `BITMAP_LEN as u32`. But I know that this is
a point of disagreement with other Rust maintainers.
Alice
Powered by blists - more mailing lists