Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5571rwl; Tue, 11 Apr 2023 13:29:07 -0700 (PDT) X-Google-Smtp-Source: AKy350ZFQNiE2qBUPxCdOBcJ9vJcYaG+038Kf7iTle/Eg+HETyuzXlvjsPGJDQfSXQSDWBexzd3J X-Received: by 2002:a17:907:2447:b0:94a:6f1d:54df with SMTP id yw7-20020a170907244700b0094a6f1d54dfmr8900267ejb.67.1681244947314; Tue, 11 Apr 2023 13:29:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681244947; cv=none; d=google.com; s=arc-20160816; b=B7RosDybl0DYbhvNPrSGL4jdO7SJb03vYkC4hCiLH93kezjkRQ3Xz/V7dLP9rn7+T9 EOwV3QRogPTXVcvu/roUsCaS1Bi6hUCzFn3bXiVl5exHtdzuz8aOkHp19kFTNrisgNSt upB92XZOeiDemLszFP1ri4nwvsxTtmrPpADUpR9LOasI4DnXYb7rJnQexm8gdDWCMvZK 5jgjYxx5q6oPrESpMIetUufy4cPa9ZPhyC0u2iK4FWjQfShvKL2iaOhWkJkNlbgYfcQu Q+GGEQEjOFytaXIx+CBEt5oGVzqmNKxjUCT6wTZqGgx0w/fTIpptcuJCCdUias6EHm/b gacg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=6uaP4ocB76PMv7NskXbg/Q1/eOI4Ie6R9AWA2d1Prk8=; b=fuTp2ko8PHGhVqwAIr1seJEDF8maFbC9hmKoO2lUALvRQnOOrlLjS2ncngnHVZDVLc oON2obI9txMzyQ+9qq4nO5h+hcfUt9WJ4z7FPpDj6aM48JwF8qGnL6SkMrZCqeuYTy6R yIF95akKuMAq3Qfa/iiGq4NnTKWz/EpsVprkPoF3UQ7NJVxBi59qmW2IRFDWsDUEQoOu nB2lUjS1rVQ18tzap9Ps12fGK4jT+kIPWW76sZUYjdXK8V0bP5AubRqgVzJv5/XG5EpE zGn7d1HrglX878xWcgGm3WloCuNbb9zm+qFEqP7V/xkeePdUNs8dDJxDZlXG2+g9wn0t 78Zw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hq42-20020a1709073f2a00b0093b469b02b2si13921439ejc.744.2023.04.11.13.28.42; Tue, 11 Apr 2023 13:29:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229841AbjDKU1C (ORCPT + 99 others); Tue, 11 Apr 2023 16:27:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229776AbjDKU05 (ORCPT ); Tue, 11 Apr 2023 16:26:57 -0400 Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id ED63B4C31; Tue, 11 Apr 2023 13:26:43 -0700 (PDT) Received: (from willy@localhost) by mail.home.local (8.17.1/8.17.1/Submit) id 33BKQWvN011451; Tue, 11 Apr 2023 22:26:32 +0200 Date: Tue, 11 Apr 2023 22:26:32 +0200 From: Willy Tarreau To: Miguel Ojeda Cc: Hans Verkuil , Daniel Almeida , wedsonaf@gmail.com, ojeda@kernel.org, mchehab@kernel.org, rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, kernel@collabora.com Subject: Re: [PATCH 0/6] Initial Rust V4L2 support Message-ID: References: <20230406215615.122099-1-daniel.almeida@collabora.com> <136035a4-26df-1c14-e51e-406b4ee5fe33@xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 11, 2023 at 09:27:35PM +0200, Miguel Ojeda wrote: > On Tue, Apr 11, 2023 at 6:52?PM Willy Tarreau wrote: > > > > But if that code is only under a module, there's no need to turn all > > that code off if it's sufficient to be certain the module was no loaded. > > Plus it's more friendly to the user who doesn't have to rebuild a kernel, > > just blacklist a module and check that the kernel doesn't get tainted > > again. > > That could apply to any foreign-to-us subsystems, including C code > too. Should we taint per subsystem so that we can easily check for > those that we may not trust? I don't know, maybe that would be a bit too fine. But at least a tainted flag is much less intrusive than forcing a user to rebuild and disable possibly important features that they would only be willing to disable for just a test. > I see one could argue for an experimental taint or making it depend on > something like `STAGING`, i.e. based on grounds of being new code. It could also be an idea. > But > I don't see why that should be grounded on just being a different > language or not being able to read the code. Because being a different language means some maintainers will always have a hard time understanding that code that interacts with their subsystems, even if they try hard. It's exactly the same reason why 25 years ago Linus asked to stop abusing assembly code. If a language is only understood by a subset of developers, by nature it becomes more difficult to maintain in some areas. > > It could depend on the layer where it plugs and the level of intimacy > > with the core. Sometimes you need a deep understanding of all interactions > > between elements to imagine possible scenarios. > > Please note that the policy for submitting new Rust code is that the > respective kernel maintainers and their lists are contacted. We also > request that maintainers take the code through their tree if they can, > rather than going through the Rust tree, precisely so that maintainers > are aware of these potential interactions. See > https://rust-for-linux.com/contributing#the-rust-subsystem for > details. Sure, but as you said, "if they can". I thought that it could be both elegant, lightweight and convenient. But I'm not trying to sell this idea, just sharing it. Cheers, Willy