Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3213938rwb; Mon, 19 Sep 2022 17:19:33 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6zk7iS9XjMNoyDF3/8suLwtk8no/LZXsqK8ZjK+amwrYfPSYkCsV7yQ5ef3pN2Pe7LZUtm X-Received: by 2002:a65:58c8:0:b0:438:aecf:5cc8 with SMTP id e8-20020a6558c8000000b00438aecf5cc8mr17867753pgu.18.1663633173125; Mon, 19 Sep 2022 17:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663633173; cv=none; d=google.com; s=arc-20160816; b=tBmXxTsEqTgq6EMuo7+57vIa97Y8Be4P+CLtzBp+IY08neDEvblPtQVbEedB/2UcLD RnTnAbSHC4dZiqpRUjPVZHupNBk99iSwj8Bt9luDTP+vApl2BzFirQZt1CAHTqrgSJEn IF+PIZ96ZpNKuWWdxAg75t6HBfAG9usCwENZr6/zDilVq4un8oDY4RNErY7vN2+I1YXF tHy52SfawnTSIvVVXfOvzU6Wk4e36dlw4RBvb/Zykeg6S63GrpAphF1265quC0MZDH5s g2h6CEij1/Mpow+urONUJ4Ir6KSjcBrMQk9LEDEendFMu6mPis0yVdpH0oapPXdZxaoG J66Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=k3xlnAyuOJefFP7D3SzMTJMGo96xFtxvnNEEJ0Y5xB0=; b=Dvp8YMG7a1YGfcV1tvJlcdiaxMSn6gCo2WAYg4krKBk0/VduzjLKlnD0gAhisflLw8 Mpodg4KFSE69Nc7/leLwDEcKeDfTkYXqZ8tqWf/ucwoH6gd/sQMUM/dxpJSTWlMLAqB4 w56zYHXFirTWKcXD0aSWtQKQBfeyzcFWE0EakIxheQDHciy+u3UEpJExlbV7lccwd/Xa hlw9C63mm7F1v04M6WUuNKey0zGx2chtqhuvk/OWiG6VPbUViJNcA3O33jw3zk/kuA3g 6XKj+A5X/sUkJMEZ3Rj7NdB9UbV+awROejorN+HV4ahH/I3t/t2ZVCC93KA0wpr0bPwd 3lDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=CELKTFYi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z5-20020a62d105000000b00542f502403bsi13712590pfg.245.2022.09.19.17.19.21; Mon, 19 Sep 2022 17:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=CELKTFYi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229725AbiISX6m (ORCPT + 99 others); Mon, 19 Sep 2022 19:58:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229605AbiISX6k (ORCPT ); Mon, 19 Sep 2022 19:58:40 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A48B051408 for ; Mon, 19 Sep 2022 16:58:39 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a26so2370350ejc.4 for ; Mon, 19 Sep 2022 16:58:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=k3xlnAyuOJefFP7D3SzMTJMGo96xFtxvnNEEJ0Y5xB0=; b=CELKTFYiDZ28jArQvDpCb7qvvmdR8edtKyTcfxOM06jxTtB2qlY/zEckJKnjqVYSUg /1qq7YY2fOwFzO8ZWvQluuxKF4YNZ/cX2DQjVxmpBio5Cm9RlMhyOPAY60phndmXv31l qegbKlImOq5akFoRY3p69urdyJAV4aubfYBpc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=k3xlnAyuOJefFP7D3SzMTJMGo96xFtxvnNEEJ0Y5xB0=; b=HZrQ6igUQrgOsz2+nC0FEZ4exlofWXH8QcMnJPrAEUwOQyIVyRRZeA05Q6NGw4wdoy eQ9VFsF0KtU1ckFZMtv6NIBDFZVPA3AiwFET3Z2OUp47dAOBFQKKyEogZLZKLaqpUlE4 UE33pSTPXv2DVxOr/Azy9OgR2Id4QUSsMyVid1OHRMwtOLTntq6Md0ciC180vf2ln80z D52HKpBHqgwa9zuqq2orGe/tPKdV+X4eQxOJJ+jWllO9QYIO1tYI+4jxYFGYQBi+FNtU ZlB57tFyCKUaicQfzBecG1HmwpuvSRoj1mP6RwPBXGj1hMPVdVTfdUteqPx/5V6HW6sn wRpw== X-Gm-Message-State: ACrzQf0ng4s0wHgZJJ8XWCujpPxFP/10QzkJvN57jI1zmLwG9HPc6kPW gKJ67K/NUWYbx83+AilI3mcBCCVlM6WZPemcLfU= X-Received: by 2002:a17:906:4fd1:b0:781:35c1:3664 with SMTP id i17-20020a1709064fd100b0078135c13664mr6664559ejw.140.1663631917473; Mon, 19 Sep 2022 16:58:37 -0700 (PDT) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com. [209.85.221.45]) by smtp.gmail.com with ESMTPSA id u8-20020a50eac8000000b004536d530ca5sm25658edp.38.2022.09.19.16.58.34 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Sep 2022 16:58:37 -0700 (PDT) Received: by mail-wr1-f45.google.com with SMTP id bq9so1625030wrb.4 for ; Mon, 19 Sep 2022 16:58:34 -0700 (PDT) X-Received: by 2002:ac2:5cd7:0:b0:49f:ae59:3b87 with SMTP id f23-20020ac25cd7000000b0049fae593b87mr2724088lfq.291.1663631903618; Mon, 19 Sep 2022 16:58:23 -0700 (PDT) MIME-Version: 1.0 References: <20220805154231.31257-13-ojeda@kernel.org> In-Reply-To: From: Linus Torvalds Date: Mon, 19 Sep 2022 16:58:06 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v9 12/27] rust: add `kernel` crate To: Alex Gaynor Cc: Wedson Almeida Filho , Matthew Wilcox , Kees Cook , Miguel Ojeda , Konstantin Shelekhin , ojeda@kernel.org, ark.email@gmail.com, bjorn3_gh@protonmail.com, bobo1239@web.de, bonifaido@gmail.com, boqun.feng@gmail.com, davidgow@google.com, dev@niklasmohrin.de, dsosnowski@dsosnowski.pl, foxhlchen@gmail.com, gary@garyguo.net, geofft@ldpreload.com, gregkh@linuxfoundation.org, jarkko@kernel.org, john.m.baublitz@gmail.com, leseulartichaut@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, m.falkowski@samsung.com, me@kloenk.de, milan@mdaverde.com, mjmouse9999@gmail.com, patches@lists.linux.dev, rust-for-linux@vger.kernel.org, thesven73@gmail.com, viktor@v-gar.de, Andreas Hindborg Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 19, 2022 at 4:50 PM Alex Gaynor wrote: > > Rust's rules are that a function that's safe must not exhibit UB, no > matter what arguments they're called with. This can be done with > static checking or dynamic checking, with obvious trade offs between > the two. I think you are missing just how many things are "unsafe" in certain contexts and *cannot* be validated. This is not some kind of "a few special things". This is things like absolutely _anything_ that allocates memory, or takes a lock, or does a number of other things. Those things are simply not "safe" if you hold a spinlock, or if you are in a RCU read-locked region. And there is literally no way to check for it in certain configurations. None. So are you going to mark every single function that takes a mutex as being "unsafe"? Or are you just going to accept and understand that "hey, exactly like with integer overflows, sometimes it will be checked, and sometimes it just won't be". Because that is literally the reality of the kernel. Sometimes you WILL NOT have the checks, and you literally CANNOT have the checks. This is just how reality is. You don't get to choose the universe you live in. Linus