lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250219161543.GI19203@1wt.eu>
Date: Wed, 19 Feb 2025 17:15:43 +0100
From: Willy Tarreau <w@....eu>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: James Bottomley <James.Bottomley@...senPartnership.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Dan Carpenter <dan.carpenter@...aro.org>,
        Christoph Hellwig <hch@...radead.org>,
        Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
        rust-for-linux <rust-for-linux@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg KH <gregkh@...uxfoundation.org>, David Airlie <airlied@...il.com>,
        linux-kernel@...r.kernel.org, ksummit@...ts.linux.dev
Subject: Re: Rust kernel policy

On Wed, Feb 19, 2025 at 06:07:23PM +0200, Laurent Pinchart wrote:

> > Regardless I do understand how these cleanups can help in a number of
> > case, at least to avoid some code duplication.
> 
> They're particularly useful to "destroy" local variables that don't need
> to be returned. This allows implementing scope guards, to facilitate
> lock handling for instance. Once a mutex guard is instantiated, the
> mutex is locked, and it will be guaranteed to be unlocked in every
> return path.

Yeah absolutely. However I remember having faced code in the past where
developers had abused this "unlock on return" concept resulting in locks
lazily being kept way too long after an operation. I don't think this
will happen in the kernel thanks to reviews, but typically all the stuff
that's done after a locked retrieval was done normally is down outside
of the lock, while here for the sake of not dealing with unlocks, quite
a few lines were still covered by the lock for no purpose. Anyway
there's no perfect solution.

Ideally when a compiler is smart enough to say "I would have cleaned
up here", it could be cool to just have a warning so that the developer
decides where to perform it. The problem is that it'd quickly becomes
a mess since the compiler cannot guess that you've done your own cleanup
before (without yet other anotations), which precisely is the point of
doing it unconditionally when leaving scope.

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ