[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87r0get0no.fsf@metaspace.dk>
Date: Wed, 13 Mar 2024 20:03:07 +0100
From: Andreas Hindborg <nmi@...aspace.dk>
To: Boqun Feng <boqun.feng@...il.com>
Cc: Bart Van Assche <bvanassche@....org>, Jens Axboe <axboe@...nel.dk>,
Christoph Hellwig <hch@....de>, Keith Busch <kbusch@...nel.org>, Damien
Le Moal <Damien.LeMoal@....com>, Hannes Reinecke <hare@...e.de>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>, Andreas
Hindborg <a.hindborg@...sung.com>, Niklas Cassel <Niklas.Cassel@....com>,
Greg KH <gregkh@...uxfoundation.org>, Matthew Wilcox
<willy@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor
<alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Gary
Guo <gary@...yguo.net>, Björn Roy Baron
<bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>, Alice Ryhl
<aliceryhl@...gle.com>, Chaitanya Kulkarni <chaitanyak@...dia.com>, Luis
Chamberlain <mcgrof@...nel.org>, Yexuan Yang <1182282462@...t.edu.cn>,
Sergio González Collado <sergio.collado@...il.com>, Joel
Granados
<j.granados@...sung.com>, "Pankaj Raghav (Samsung)"
<kernel@...kajraghav.com>, Daniel Gomez <da.gomez@...sung.com>, open
list <linux-kernel@...r.kernel.org>, "rust-for-linux@...r.kernel.org"
<rust-for-linux@...r.kernel.org>, "lsf-pc@...ts.linux-foundation.org"
<lsf-pc@...ts.linux-foundation.org>, "gost.dev@...sung.com"
<gost.dev@...sung.com>
Subject: Re: [RFC PATCH 0/5] Rust block device driver API and null block driver
Boqun Feng <boqun.feng@...il.com> writes:
> On Wed, Mar 13, 2024 at 11:02:23AM -0700, Bart Van Assche wrote:
>> On 3/13/24 04:05, Andreas Hindborg wrote:
>> > This is the second version of the Rust block device driver API and the Rust null
>> > block driver. The context and motivation can be seen in cover letter of the RFC
>> > v1 [1]. If more context is required, a talk about this effort was recorded at
>> > LPC [2]. I hope to be able to discuss this series at LSF this year [3].
>>
>> Memory safety may land in C++ in the near future (see also
>> https://herbsutter.com/2024/03/). If memory-safe C++ or memory-safe C
>> would be adopted in the kernel, it would allow writing memory-safe
>> drivers without having to add complicated bindings between existing C
>
> I honestly doubt it, memory-safe is not free, basically you will still
> want unsafe part for the performance reason (or interacting with
> hardware), and provide a safe API for driver development. I don't think
> that part will be gone with a memory-safe C++. So the complication still
> exists. But I'm happy to be proved wrong ;-)
I think it is great that people are starting to realize that bringing
memory safety to other systems languages is a good idea. But from one
person blogging about it to things being ready for production is a long
journey. Language designers have to design ways to express the new
semantics, standards committees has to agree, compiler engineers have to
build and test their compilers. Probably we need a few cycles of this to
get things right. At any rate, it is going to take a while.
Second, as Boqun is saying, interfacing the unsafe C part of the kernel
with memory safe C++ is going to require the same complicated
abstraction logic as the safe Rust APIs are bringing. The complexity in
bringing Rust to the kernel is not coming from interfacing a foreign
language. It stems from the inherent difficulty in designing memory safe
wrappers around unsafe C APIs.
Best regards,
Andreas
Powered by blists - more mailing lists