lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <yq1bjuxncf5.fsf@ca-mkp.ca.oracle.com>
Date: Wed, 19 Feb 2025 12:00:19 -0500
From: "Martin K. Petersen" <martin.petersen@...cle.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>,
        Dan Carpenter
 <dan.carpenter@...aro.org>,
        Christoph Hellwig <hch@...radead.org>,
        Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
        rust-for-linux
 <rust-for-linux@...r.kernel.org>,
        Linus Torvalds
 <torvalds@...ux-foundation.org>,
        Greg KH <gregkh@...uxfoundation.org>, David Airlie <airlied@...il.com>,
        <linux-kernel@...r.kernel.org>, <ksummit@...ts.linux.dev>
Subject: Re: Rust kernel policy


James,

>> I like using cleanup attributes for some error handling. However, I'm
>> finding that in many cases I want to do a bit more than a simple
>> kfree(). And at that point things get syntactically messy in the
>> variable declarations and harder to read than just doing a classic
>> goto style unwind.
>
> So the way systemd solves this is that they define a whole bunch of
> _cleanup_<type>_ annotations which encode the additional logic.  It
> does mean you need a globally defined function for each cleanup type,
> but judicious use of cleanup types seems to mean they only have a few
> dozen of these.

Yep, I'm just observing that - at least for the project where I most
recently used this - the attribute boilerplate stuff got in the way of
the code being readable.

In addition, the most common cleanup scenario for me has been "twiddle
something and then free" for a series of one-off local variables for
which it makes no sense to have a type-specific definition.

The proposed "defer" approach is a bit more flexible:

  https://gustedt.wordpress.com/2025/01/06/simple-defer-ready-to-use/

I have experimented at length with __attribute__(__cleanup__) and defer.
I am sympathetic to the idea, but none of the approaches I tried lead to
code that was particularly pleasing to my eyes.

I find that mixing regular code flow and error handling by interleaving
defer statements throughout the function often makes the regular code
path harder to follow. Once a cleanup becomes more than a simple free()
in the variable declaration, the mixing of happy and unhappy code can
make things quite muddy.

Note that none of this should be seen as opposition to using cleanup or
defer. I use them both where applicable. I am just saying I was more
enthusiastic until I actually started using them. After converting a
fairly large code base, I ended up reverting to a classic unroll in
several places because I found it was much clearer.

-- 
Martin K. Petersen	Oracle Linux Engineering

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ