| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Mar 2024 13:14:05 +0100 From: Philipp Stanner <pstanner@...hat.com> To: Bart Van Assche <bvanassche@....org>, Andreas Hindborg <nmi@...aspace.dk>, Jens Axboe <axboe@...nel.dk>, Christoph Hellwig <hch@....de>, Keith Busch <kbusch@...nel.org>, Damien Le Moal <Damien.LeMoal@....com>, Hannes Reinecke <hare@...e.de>, "linux-block@...r.kernel.org" <linux-block@...r.kernel.org> Cc: Andreas Hindborg <a.hindborg@...sung.com>, Niklas Cassel <Niklas.Cassel@....com>, Greg KH <gregkh@...uxfoundation.org>, Matthew Wilcox <willy@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Alice Ryhl <aliceryhl@...gle.com>, Chaitanya Kulkarni <chaitanyak@...dia.com>, Luis Chamberlain <mcgrof@...nel.org>, Yexuan Yang <1182282462@...t.edu.cn>, Sergio González Collado <sergio.collado@...il.com>, Joel Granados <j.granados@...sung.com>, "Pankaj Raghav (Samsung)" <kernel@...kajraghav.com>, Daniel Gomez <da.gomez@...sung.com>, open list <linux-kernel@...r.kernel.org>, "rust-for-linux@...r.kernel.org" <rust-for-linux@...r.kernel.org>, "lsf-pc@...ts.linux-foundation.org" <lsf-pc@...ts.linux-foundation.org>, "gost.dev@...sung.com" <gost.dev@...sung.com> Subject: Re: [RFC PATCH 0/5] Rust block device driver API and null block driver On Wed, 2024-03-13 at 11:02 -0700, Bart Van Assche wrote: > On 3/13/24 04:05, Andreas Hindborg wrote: > > This is the second version of the Rust block device driver API and > > the Rust null > > block driver. The context and motivation can be seen in cover > > letter of the RFC > > v1 [1]. If more context is required, a talk about this effort was > > recorded at > > LPC [2]. I hope to be able to discuss this series at LSF this year > > [3]. > > Memory safety may land in C++ in the near future (see also > https://herbsutter.com/2024/03/). If memory-safe C++ or memory-safe C > would be adopted in the kernel, it would allow writing memory-safe > drivers without having to add complicated bindings between existing C > code and new Rust code. Correct, but it would also most likely allow to just arbitrarily ignore the "modern, memory safe C" (or C++) and write it the old way. Those discussions are, below the surface, frequently in truth about the question: Can you (and do you want to) _force_ people? The Kernel's C already has more memory safety than standardized C: There's devres, and since last year there's the __cleanup attribute. – but the thing is, you can just ignore it and do it the old way. Once you give people freedom (which is necessary frequently), you'll get people who ignore "the right way to do it". You certainly get them once thousands of people are participating in your project. Actually, Rust in userspace has a similar problem: Your coprogrammers can call unwrap(), just ignoring those neat Result types and blow up your thread. So you have to review and reject that. One of the stronger arguments behind the push for Rust is that the language by design forces you to obey, because otherwise the compiler will just reject building. P. > Please do not take this as personal criticism - > I appreciate the effort that has been spent on coming up with great > Rust bindings for the Linux kernel block layer. > > Thanks, > > Bart. > >
Powered by blists - more mailing lists