[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c38358c418d4db11221093d7c38c080e4c2d737f.camel@redhat.com>
Date: Thu, 14 Mar 2024 13:14:05 +0100
From: Philipp Stanner <pstanner@...hat.com>
To: Bart Van Assche <bvanassche@....org>, Andreas Hindborg
<nmi@...aspace.dk>, Jens Axboe <axboe@...nel.dk>, Christoph Hellwig
<hch@....de>, Keith Busch <kbusch@...nel.org>, Damien Le Moal
<Damien.LeMoal@....com>, Hannes Reinecke <hare@...e.de>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>
Cc: Andreas Hindborg <a.hindborg@...sung.com>, Niklas Cassel
<Niklas.Cassel@....com>, Greg KH <gregkh@...uxfoundation.org>, Matthew
Wilcox <willy@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor
<alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Boqun
Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin
<benno.lossin@...ton.me>, Alice Ryhl <aliceryhl@...gle.com>, Chaitanya
Kulkarni <chaitanyak@...dia.com>, Luis Chamberlain <mcgrof@...nel.org>,
Yexuan Yang <1182282462@...t.edu.cn>, Sergio González
Collado <sergio.collado@...il.com>, Joel Granados <j.granados@...sung.com>,
"Pankaj Raghav (Samsung)" <kernel@...kajraghav.com>, Daniel Gomez
<da.gomez@...sung.com>, open list <linux-kernel@...r.kernel.org>,
"rust-for-linux@...r.kernel.org" <rust-for-linux@...r.kernel.org>,
"lsf-pc@...ts.linux-foundation.org" <lsf-pc@...ts.linux-foundation.org>,
"gost.dev@...sung.com" <gost.dev@...sung.com>
Subject: Re: [RFC PATCH 0/5] Rust block device driver API and null block
driver
On Wed, 2024-03-13 at 11:02 -0700, Bart Van Assche wrote:
> On 3/13/24 04:05, Andreas Hindborg wrote:
> > This is the second version of the Rust block device driver API and
> > the Rust null
> > block driver. The context and motivation can be seen in cover
> > letter of the RFC
> > v1 [1]. If more context is required, a talk about this effort was
> > recorded at
> > LPC [2]. I hope to be able to discuss this series at LSF this year
> > [3].
>
> Memory safety may land in C++ in the near future (see also
> https://herbsutter.com/2024/03/). If memory-safe C++ or memory-safe C
> would be adopted in the kernel, it would allow writing memory-safe
> drivers without having to add complicated bindings between existing C
> code and new Rust code.
Correct, but it would also most likely allow to just arbitrarily ignore
the "modern, memory safe C" (or C++) and write it the old way.
Those discussions are, below the surface, frequently in truth about the
question: Can you (and do you want to) _force_ people?
The Kernel's C already has more memory safety than standardized C:
There's devres, and since last year there's the __cleanup attribute.
– but the thing is, you can just ignore it and do it the old way.
Once you give people freedom (which is necessary frequently), you'll
get people who ignore "the right way to do it". You certainly get them
once thousands of people are participating in your project.
Actually, Rust in userspace has a similar problem: Your coprogrammers
can call unwrap(), just ignoring those neat Result types and blow up
your thread. So you have to review and reject that.
One of the stronger arguments behind the push for Rust is that the
language by design forces you to obey, because otherwise the compiler
will just reject building.
P.
> Please do not take this as personal criticism -
> I appreciate the effort that has been spent on coming up with great
> Rust bindings for the Linux kernel block layer.
>
> Thanks,
>
> Bart.
>
>
Powered by blists - more mailing lists