Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp359646pxb; Wed, 14 Apr 2021 17:47:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwE0H+VLGtPLVk5gdNN3trfy9jX16tEn3g3tOcfeiDAJ2AfiZPq7W49q0UswLIPVVPg01Ba X-Received: by 2002:a17:90b:4a46:: with SMTP id lb6mr890090pjb.45.1618447679117; Wed, 14 Apr 2021 17:47:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618447679; cv=none; d=google.com; s=arc-20160816; b=nBJnpjd1bJTsfdZBwbQ3GY2+Nc7RK6CKYOl8ACgdFN2A5FlNj/JXQu3TB8b1jbAhk+ LL5cFWSMq5gI0+Tb3uCb4fL7WRGlLsaPOdTZATRlqGgfIEEjuak9USnJsiNsm8Bcwy1x lpaUYgNuQNkbtymci8fXgBr89BaATiEOdVKRNXpm3sJqM9g/4CHfJhv4Ad2v6Ldboi4H k/ra5tY+uS7l0fcElpKzOUnSDV/xLh0J9Iux+zgfMDS9TJ8L4/geuOVNZ7TehSASaOJ3 AGAiGcIaNhRH014OsiJbYZwrBVRuPtzZ+IfTVWgbzLWC5cpulfoz0mrJog74oUSazmZ2 ZKqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=9moKvPhRUkjJJO4Wvya+mBkbGwe1JBe817tqjOIbz+0=; b=AWxEoJeSZWFOD0EqWM0LGP8fAbDjvM11SF2YT3wndTRmiNtci9jYOpxQmDNjVNqXaa Ojv1UCxFs8gpZUOegW03xlKdGSIlgAFOm588WX6OmLfEeDjG31+hOc73cOR2E9oMTB7E y8EtiXZNHnN6W2NZUYvZAnRmPpb23Au/Y/C5RJs8tea1L2Cx5y3xCjlwoAV7iGNoAEXp PQKSo5jzHqIie1//dKxCfKLm2+suHejvMsFEJa4PuoiYAa5Y91Kj2bYDZvkeeplNnJM4 wyHZ/0MA+bf3kMtF1Ukwh/ZamYZDjoAwyoy1ZaalVSu7Gi+6YYbXOe/+PiQJhmq/eXF1 i3fg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s6si1315982plp.81.2021.04.14.17.47.46; Wed, 14 Apr 2021 17:47:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344460AbhDNUrQ (ORCPT + 99 others); Wed, 14 Apr 2021 16:47:16 -0400 Received: from mslow1.mail.gandi.net ([217.70.178.240]:40119 "EHLO mslow1.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231415AbhDNUrP (ORCPT ); Wed, 14 Apr 2021 16:47:15 -0400 Received: from relay9-d.mail.gandi.net (unknown [217.70.183.199]) by mslow1.mail.gandi.net (Postfix) with ESMTP id 842FDC15D0; Wed, 14 Apr 2021 20:35:41 +0000 (UTC) X-Originating-IP: 50.39.163.217 Received: from localhost (unknown [50.39.163.217]) (Authenticated sender: josh@joshtriplett.org) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id A9393FF804; Wed, 14 Apr 2021 20:35:15 +0000 (UTC) Date: Wed, 14 Apr 2021 13:35:13 -0700 From: Josh Triplett To: Linus Torvalds Cc: Matthew Wilcox , ojeda@kernel.org, Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, Linux Kbuild mailing list , "open list:DOCUMENTATION" , Linux Kernel Mailing List Subject: Re: [PATCH 00/13] [RFC] Rust support Message-ID: References: <20210414184604.23473-1-ojeda@kernel.org> <20210414200953.GX2531743@casper.infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 14, 2021 at 01:21:52PM -0700, Linus Torvalds wrote: > On Wed, Apr 14, 2021 at 1:10 PM Matthew Wilcox wrote: > > > > There's a philosophical point to be discussed here which you're skating > > right over! Should rust-in-the-linux-kernel provide the same memory > > allocation APIs as the rust-standard-library, or should it provide a Rusty > > API to the standard-linux-memory-allocation APIs? > > Yeah, I think that the standard Rust API may simply not be acceptable > inside the kernel, if it has similar behavior to the (completely > broken) C++ "new" operator. > > So anything that does "panic!" in the normal Rust API model needs to > be (statically) caught, and never exposed as an actual call to > "panic()/BUG()" in the kernel. Rust has both kinds of allocation APIs: you can call a method like `Box::new` that panics on allocation failure, or a method like `Box::try_new` that returns an error on allocation failure. With some additional infrastructure that's still in progress, we could just not supply the former kind of methods at all, and *only* supply the latter, so that you're forced to handle allocation failure. That just requires introducing some further ability to customize the Rust standard library. (There are some cases of methods in the standard library that don't have a `try_` equivalent, but we could fix that. Right now, for instance, there isn't a `try_` equivalent of every Vec method, and you're instead expected to call `try_reserve` to make sure you have enough memory first; however, that could potentially be changed.)