Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp5237537rwb; Wed, 17 Aug 2022 13:46:58 -0700 (PDT) X-Google-Smtp-Source: AA6agR6ufbbYvfi211Oh9Zs3pv5QBN/vvZIZBDspLaqZOJEFeDwOXLoiXNH4e3CPDx5g4uUQ2HCm X-Received: by 2002:a17:903:2403:b0:170:c6e2:5f87 with SMTP id e3-20020a170903240300b00170c6e25f87mr28401498plo.108.1660769218545; Wed, 17 Aug 2022 13:46:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660769218; cv=none; d=google.com; s=arc-20160816; b=tESNN3WHJayqBvTkZMjIvAfiDErLpy2ITINL84UqVD7hFT5HXyWI0eTfYTxpO5Yygv czXwM4PQxJYySaZ61+xOGi73DiSaRC9wLF669k8KVw1fJgV9oCPMlH0tLXKcSumVsWEb hXzNfY/liepvRBthm2IyRhEXaU5YnAYBZd31B1GHucOua6IzoqJRZPYyBKKbv/MNPO2V 1uGEr3ZTObnPR/NHiqtzDnjSZi/mQt4ASZAY/77eERMzSt/kLobfRXphJ8S7RujHiqT8 DB44dP4tW0TDJAPJynuBRGVPkmNMKoybt3QMLxrF4Vulb15R8W/mQn/DgHAjY5EdmiJK NPvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=95u8lNlnSqCf3nFt5kKj92QXYH3MSbflseNXxb5Fn00=; b=sJlUNUFa8hW4sbThLdtQE4QunOyqBKgVFwJnZtyenTph1P72kOq/5AP68/09XMmx9q htfLi2mA938Y4GJhNl8+bBguBAfGPxoJBYld7SZwsY6xM5sU3eaFPx1Jv61zJodJK9gm G59kZYhGSMEaojj+rUTpCWIz4klBef0IdCdMkyzkh1Am/qX7rP5n38a5dVLbjWjKFZsm N4+Cz0YI0BUa4KRa2k0F58rFrw/EWo/af3KW7IKs0VwmBjpD704GNLxOQU/wACCZuJHc /a57JpEDkD9vdyaBILKpP96d+Bflnzc4O5ENYvx5M/DgSimBdSCLtuq70WIXWRjoLDkf tmtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=OYcQUlqs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b20-20020a63eb54000000b0041ba9bc9bdfsi18035228pgk.16.2022.08.17.13.46.47; Wed, 17 Aug 2022 13:46:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=OYcQUlqs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229786AbiHQUWw (ORCPT + 99 others); Wed, 17 Aug 2022 16:22:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232294AbiHQUWt (ORCPT ); Wed, 17 Aug 2022 16:22:49 -0400 Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CF359858B; Wed, 17 Aug 2022 13:22:49 -0700 (PDT) Received: by mail-il1-x12b.google.com with SMTP id z13so7454479ilq.9; Wed, 17 Aug 2022 13:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=95u8lNlnSqCf3nFt5kKj92QXYH3MSbflseNXxb5Fn00=; b=OYcQUlqsxAJgqISQCgV3vtZHXpalxDTEAE8J09DLHSEXI4qtBF+wzVSvouAELH+k9w L8Jjk3X4U8OPV+0FQDBGxAsiOH/g4GzoQtIO9LrExv8Z7oo0tjeZl0c8+670S9iv9xIG 3VHN/FP/kUrxQATYNnyMcnJzuQ9HRb/7JMaD8CnA6C3SC0izg6+nZ3Y8yF1T0wBzkG1S yk6lDQ9XAsaMI4Ou2XPGIcz5AMTh3h+H4b7w6X0q5TEzfmVVPL5Thz4gggWBJPx0mTeY ZrbXvnYp0VFg8erHdWD3GA8WgQLvK/uExgsosHBf9+lxmgnybC590tnbLz5kykLynGLJ jkKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=95u8lNlnSqCf3nFt5kKj92QXYH3MSbflseNXxb5Fn00=; b=FiHSaQvn/JNPHB+uzDpbKkVrLm2y2Tj/svRp2dPa6D61rgRYuPivyIPf5M4//Vyav6 Kv97MYON8z/O9VvTnBRT5x870MCU64Zcgy3AF3v+fIkdtHgzo/GQw0BS5Nle5TlWW5np 2CT0EBGntlALQSq+qtqQfuh12TMSAz9jo80LasskT7Gu/C4PvGsaNiMFDJ0F8lAqL7GQ hdBRftBUtss1HAJgmXnXpz4h8CALTrSrBVN1LToE/51UwRL7G8kTrvmqJtsbLabMhSRF moG7gILZ9QLM1mliBnW4XNODGkNn8mw/mUzae+BtazqGfPsW9dFi0fgayASe+FNiBslO c5dA== X-Gm-Message-State: ACgBeo3yD0Bkj38MFYWKK20jplXvF7/jLLWwbyPR5n6QJKnmq/2OhbmB qTes+AlXc+CCv6/wvSRO5F0Tx8VAcdUvs6Ybonk= X-Received: by 2002:a05:6e02:1522:b0:2e5:9e3c:a7c8 with SMTP id i2-20020a056e02152200b002e59e3ca7c8mr8623597ilu.237.1660767768527; Wed, 17 Aug 2022 13:22:48 -0700 (PDT) MIME-Version: 1.0 References: <20220805154231.31257-1-ojeda@kernel.org> <20220805154231.31257-7-ojeda@kernel.org> <202208171240.8B10053B9D@keescook> In-Reply-To: <202208171240.8B10053B9D@keescook> From: Miguel Ojeda Date: Wed, 17 Aug 2022 22:22:37 +0200 Message-ID: Subject: Re: [PATCH v9 06/27] rust: add C helpers To: Kees Cook Cc: Miguel Ojeda , Linus Torvalds , Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, patches@lists.linux.dev, Jarkko Sakkinen , Alex Gaynor , Geoffrey Thomas , Wedson Almeida Filho , Sven Van Asbroeck , Gary Guo , Boqun Feng , Maciej Falkowski , Wei Liu , =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 17, 2022 at 9:44 PM Kees Cook wrote: > > "Introduce the source file that will contain forwarders to common C > macros as inlined Rust functions. Initially this only contains type > size asserts, but will gain more helpers in subsequent patches." Yeah, I will reword it, it doesn't make as much sense now that it is trimmed. > Given the distaste for ever using BUG()[1], why does this helper exist? We use it exclusively for the Rust panic handler, which does not return (we use fallible operations as much as possible, of course, but we need to provide a panic handler nevertheless). Killing the entire machine is definitely too aggressive for some setups/situations, so at some point last year we discussed potential alternatives (e.g. `make_task_dead()` or similar) with, if I recall correctly, Greg. Maybe we want to make it configurable too. We are open to suggestions! Cheers, Miguel