Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp357701pxb; Wed, 14 Apr 2021 17:44:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBk8hmRGN0ldrZ4j3/NZ15XJlSwOyr7pUgMlxMV2r06ip/9R3ezmvxA+hX1YAsyVtDPOnS X-Received: by 2002:a17:906:f8d7:: with SMTP id lh23mr734153ejb.77.1618447449327; Wed, 14 Apr 2021 17:44:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618447449; cv=none; d=google.com; s=arc-20160816; b=ugaxI0+N+jL6h9Th78UHE5wml9iK2wFER8mOfGbhfxhGG5tqXxJh/saGQVULvRzcsS tc60vDJITa3GN+z8PhQDaDenwJ2TcBpXGI/VbHPzoy08Bhy9xgt4X37ErSu2Mg0GknRi 60pMvOhIp9UD02PoR5/VCLN/z3VJ/WUg4rpXo4KCzYemumMaqX1twrCb5PLr/9UykSod eHct+9v6m+/gf3uyYoSLBPzGAVkyn782T4Qy+WFID1oKmU9QARNd3Pm0ydAQMSusEznG z3N220IPugkgN+u/mW2n89tjuYyBS+1f7CVOVJcXxiB/M9awhv7sfddYVuEHk2M+8ghe qfCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8tmkl21nBTrgg+zi0wiLnvNOnvLGFNGElqoYB3gSO4k=; b=u6m/rEeMwk8iFNWqQd4hvTVo4qsqJdHZVm8AOAVjSrSubhFRxt3k38x0N6MdqcA5jJ 5NvuoODREtoA1i+jGS6Y567pEioG05T3pERxJZMo8gjD5zCm+W06UsJf5IXt11foXOK4 62R2nPSQgO3HOVo4a6zeVIOeCxb303croSE3PzoK+wDEmIgIv4dDH33cUffiZP7LZAxe fsL2k0p1+jfk7nL1z5LalQXXoX3Cv/g2bbhuKMCe+HdrvmBmI7Mki6qJ1oQdiMO8Yngt 4AbOZrGXruJCKWtQCmW0AwZ68lb4SJNJDqauV4LsgYtWvuM6MhftC/KIxmgHXxhidSkv Ix3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="fcsPK/9h"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n21si705478ejs.731.2021.04.14.17.43.42; Wed, 14 Apr 2021 17:44:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="fcsPK/9h"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353398AbhDNTby (ORCPT + 99 others); Wed, 14 Apr 2021 15:31:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353397AbhDNTbx (ORCPT ); Wed, 14 Apr 2021 15:31:53 -0400 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 120C6C06175F for ; Wed, 14 Apr 2021 12:31:29 -0700 (PDT) Received: by mail-lj1-x234.google.com with SMTP id u4so24503795ljo.6 for ; Wed, 14 Apr 2021 12:31:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8tmkl21nBTrgg+zi0wiLnvNOnvLGFNGElqoYB3gSO4k=; b=fcsPK/9hZwnNtEOdCgJlxw05JK+JnScQC6KTDZz/6X9MVaflY6Jqqe4mj4BbDYGIn6 D5cRaqLVGf110aJOYDRuUskjfvklEd0pqbbD6FIOHNNLHu3Y3CC1Te8apRSktxKYlGWX ozpACYQ9P5BsjDg3WbdRsGj5aS6Iw1MmwYSsk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8tmkl21nBTrgg+zi0wiLnvNOnvLGFNGElqoYB3gSO4k=; b=jO2TSOjRp7JfxGU0t2t9hABO1jas5EhEaG+xk+3hsMbVQ6X/cQaKq/Dd/4cno/7QuE DbUJk6pwf2Rrt/ycZqviBfYU/nRnOEN9LoHLHy0K5EkUrS/L2ZxdmCyXGLVYgDcg1uwV oQtcoGN5MjOWjASk4uqjVZsPCv/UwRsfJWdAUpYxUQimVeBkIeMz1QvKL7MbV5DYBLb0 CpQnPlwwIkknAhwN7qHdlq+En53w2TviGYID8NGZlG2WPXn9xzpsVIHr24D7kiA0trUh L51fnb7Qhm/vs1XrgC365FZmHiI+DrKmjNz4LZoxgx0LLYFLQxAHC/RNUNvLRZv6sDf2 kbAw== X-Gm-Message-State: AOAM533zmpGK//kvemA1ZJzSl0yt1aX8OhHzbVGLUpd0iFG5rToIlbf6 Qq8UJAh6XKkyHDxT8bPy3ZaRc0H77/iZ1kuA X-Received: by 2002:a05:651c:386:: with SMTP id e6mr24242286ljp.468.1618428687133; Wed, 14 Apr 2021 12:31:27 -0700 (PDT) Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com. [209.85.208.174]) by smtp.gmail.com with ESMTPSA id k6sm157165lfm.216.2021.04.14.12.31.26 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 14 Apr 2021 12:31:26 -0700 (PDT) Received: by mail-lj1-f174.google.com with SMTP id a25so11208613ljm.11 for ; Wed, 14 Apr 2021 12:31:26 -0700 (PDT) X-Received: by 2002:a2e:8893:: with SMTP id k19mr9184503lji.465.1618428685906; Wed, 14 Apr 2021 12:31:25 -0700 (PDT) MIME-Version: 1.0 References: <20210414184604.23473-1-ojeda@kernel.org> <20210414184604.23473-8-ojeda@kernel.org> In-Reply-To: <20210414184604.23473-8-ojeda@kernel.org> From: Linus Torvalds Date: Wed, 14 Apr 2021 12:31:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 07/13] Rust: Kernel crate To: ojeda@kernel.org Cc: Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, Linux Kbuild mailing list , "open list:DOCUMENTATION" , Linux Kernel Mailing List , Alex Gaynor , Geoffrey Thomas , Finn Behrens , Adam Bratschi-Kaye , Wedson Almeida Filho , Michael Ellerman Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 14, 2021 at 11:47 AM wrote: > > +#[alloc_error_handler] > +fn oom(_layout: Layout) -> ! { > + panic!("Out of memory!"); > +} > + > +#[no_mangle] > +pub fn __rust_alloc_error_handler(_size: usize, _align: usize) -> ! { > + panic!("Out of memory!"); > +} Again, excuse my lack of internal Rust knowledge, but when do these end up being an issue? If the Rust compiler ends up doing hidden allocations, and they then cause panics, then one of the main *points* of Rustification is entirely broken. That's 100% the opposite of being memory-safe at build time. An allocation failure in some random driver must never ever be something that the compiler just turns into a panic. It must be something that is caught and handled synchronously and results in an ENOMEM error return. So the fact that the core patches have these kinds of panic!("Out of memory!"); things in them as part of just the support infrastructure makes me go "Yeah, that's fundamentally wrong". And if this is some default that is called only when the Rust code doesn't have error handling, then once again - I think it needs to be a *build-time* failure, not a runtime one. Because having unsafe code that will cause a panic only under very special situations that are hard to trigger is about the worst possible case. Linus