Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp289264lqp; Fri, 12 Apr 2024 19:18:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU7lycc9Thu7zV1jFZ0cMN7uJFQMJnl28SWC2PJFR0bDhRtRzIZUNM9vafIRsNy7Vr/2ibhh1ULZRcsYLcKToW1VaK+ONQ6wp/OqzVpFw== X-Google-Smtp-Source: AGHT+IFcozQmm/BiyUOcC6q52quXAVcLmVlqR+iJ7W+MjN3sWHp5R+005wcG8NbdU+pqMJ9851XX X-Received: by 2002:a05:6808:634c:b0:3c6:4d7:ac0c with SMTP id eb12-20020a056808634c00b003c604d7ac0cmr4194357oib.48.1712974679981; Fri, 12 Apr 2024 19:17:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712974679; cv=pass; d=google.com; s=arc-20160816; b=JBHBZEFujFwI/3noiuFyCogym7lZdKwkcDDhCDkRlo3H3D4rWHSce5kcp5pYNEiu1P pRJF6iHLyX639ZCLEdxr22xfgU+zSeyWwJmLLfagz3+qT4xJzWK/qUW0H02fbRc/GqMS AesyXykiTYJ3TK0qYbmhaQ34CBm0KOBhgqUv72UZEpShbsBigc5v6KW+Oc249noM/Ihd QkSzoSM2t3YPfP2aXdfba1DuK3+wI3v0VOs5+QEerkYQXE6ByyXeNyX25hUY6ESNexM5 lvdqcQNXFZdlxjZ+TxE9MZ+Qmj7AYhDMW0tmARa3rmrmUysae3YLHJs07wdp/qPTYNoh 9QDw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=8H5mcOiwbA6iWP7BER7hyEiAZ3aCJSzdPSLLamrrlUU=; fh=JMjYc5dgh9krfy/fkfD/UNostJtzYn1FqlB417YFJBA=; b=ph45MDGo0NXmUUPYq98X/U5qGETo8UC6l1jbY7TB87Jqd+QRWcWZAx50dEEv84IFig 4QDOnZT6Fjp0l6HUZJljkmnrOYLoRgAfjZZnt7T+56C/KBUERFAMF/dh6yNoDIyITl22 n7WLYNW1VjNipjiWF/fRUJNCcMgroYsacCZNmuy/SdhWldaVreTfJDr+StujB8yf5Zq+ Su4xHCYinidJtuEyvDpvb6WSg+NjiQoLAoSh6AIXEkY72OWNdVXnWWmmxGUpcW7wB+RO w+TMCUBy9/4MGxNaL3wfChPrQjkAe81RaGP+FcGmLd08Tebxa+MtHfc4o5FY9P1Ge0dZ iQiA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Efbp56OA; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-143517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id bn18-20020a056a00325200b006eb3c36ed5bsi4245006pfb.336.2024.04.12.19.17.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 19:17:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-143517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Efbp56OA; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-143517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id CA401B21BAC for ; Sat, 13 Apr 2024 02:17:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9E54B168DA; Sat, 13 Apr 2024 02:17:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Efbp56OA" Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8107ABE40; Sat, 13 Apr 2024 02:17:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712974665; cv=none; b=dQACvDUx6a7jFEnKzEKJOOc295gyBl9VFQpy09veIqmnBY8MS4xHHc7AyfW17P7IhvFHONqFS/cOuwl2MNY7mn2jI9WToeGe1Bxoyk+i6RXnMQdq4L/05ALfDF06dQhIEaVT7jz8SGgMW+EkpM/l+PVWAfSaGs9ysqRtlL1NRCk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712974665; c=relaxed/simple; bh=8H5mcOiwbA6iWP7BER7hyEiAZ3aCJSzdPSLLamrrlUU=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Xg3tlpye4VEOfkQXTSGCsC9SxMXC/NKVeqGrGw6erp7XJIBpuxGnXVt717e7AgvJLXdCJRLd+4JgeE6q+r5+mDS3MiZMfJPjZt3CLCa7SNMcjMas125wIVGFpVwe6kAOEBt6CkW8n8f9rqOZ3pFXeG54m6f4mOvr5i4tHl4xUTA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Efbp56OA; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-2a52c544077so1084985a91.1; Fri, 12 Apr 2024 19:17:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712974664; x=1713579464; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=8H5mcOiwbA6iWP7BER7hyEiAZ3aCJSzdPSLLamrrlUU=; b=Efbp56OA8wvYldi70to+mUaL38U1sDL9OXCuOlNc50PNy+niflbQ/5FQytkHhtO3vR 0DBHHUMXg7Dm43xI/FUlVja1FUNsCcFyD7YE21tP46otSlDroIuwp4Ize5B53IQlM5jX r4JCzeMONN5NYwF0QMsE6BVYo97qzg9HIZX6kgec8X9qzvGQ8U29xrZUn1jqAFy9vrlE SRKF/gsws6S/52JE5f1Bn0VtqDcYPCfxMbAxdPm9RYLBROFpmNfluQaDcX5PxjCGQ/hK ZYgMd27ZkfQ0yDCuj1/J5WR+H6l05Kj/mfTcopXndO+lwdVTrI3E2xQ14FP8GQJzZ60K tBLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712974664; x=1713579464; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8H5mcOiwbA6iWP7BER7hyEiAZ3aCJSzdPSLLamrrlUU=; b=EfeXbqzw22Jy4IBu/UYHlQ0ApudU4PBRHx/R/CEGwjIoS/makzB1s+gE1MHRNdchLQ XrYdmpip67s7uYAM6UGVNlFLP78tsnt+bBtHjbxbFh+LGBMIfATt1eThSftxWMfNxtvj MSfmtkaeoh+mvUr/tU/xGSrw375p7/CTgqssrCkskiT2GY6/MnreKippWryetRLfCLFu xHiw5q9teV59NBPXxT9Wi4Hbgit+lYusPJc40Xl3KhKQmLPYQb4yRRINe56VYh4uNaJ5 proGOEXmvtJe6NmGtH8rwYmydb5+7iuLwlBsD5zHRQ6847l+9EBuUrzBSkh2dQvlN24N 6Yiw== X-Forwarded-Encrypted: i=1; AJvYcCWnUkOZDk5YPNTVWAEoJJ0BMMKEGUOZ5BmZXBsB/kMej+HBzqOtIFp5KkzPOU3NH23OjYfdHT52weY430MG5Xdjo8vEEUyUN01fhnPdiDNdSujPco+SXZW8k7ie8y8x7L1lCWyJcWCS1b9nuRw= X-Gm-Message-State: AOJu0YzrjnVf8uB4tSH5iGaAMTRfJxeB3T4lSZMtNdLQWQXcgl8jN06t q/p8DADS5+9uAhwSIAm39rE3Qic1xcTLsmQDNZgKyioQOuZjw15muXnpuXyiVl4891FksSMpn5K 6wn+jqAo/tQLEGhE+zuodUP4+kL4= X-Received: by 2002:a17:90b:1243:b0:2a5:bf83:8db8 with SMTP id gx3-20020a17090b124300b002a5bf838db8mr4003963pjb.4.1712974663770; Fri, 12 Apr 2024 19:17:43 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240411230801.1504496-1-boqun.feng@gmail.com> <20240411230801.1504496-3-boqun.feng@gmail.com> In-Reply-To: From: Miguel Ojeda Date: Sat, 13 Apr 2024 04:16:52 +0200 Message-ID: Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub() To: Boqun Feng Cc: Thomas Gleixner , Miguel Ojeda , John Stultz , Stephen Boyd , Alex Gaynor , Wedson Almeida Filho , Gary Guo , bjorn3_gh@protonmail.com, Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, Vegard Nossum , Kees Cook Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Apr 13, 2024 at 3:30=E2=80=AFAM Boqun Feng w= rote: > > Based on your reply to Philipp, I take it that > CONFIG_RUST_CHECK_OVERFLOWS can be enabled in a production kernel, > right? IOW, it's not a debug-only feature like UBSAN (or maybe I'm way Yeah, it is intended to be used in production (for those that want it, i.e. not everybody will want it; and probably we will want to provide other modes of operation when the check fails as I was mentioning, e.g. report and continue with wrap). > wrong, that UBSAN is also a feature that production kernel can or > already use?). If so, then the current `Ktime::sub()` has a different Generally userspace sanitizers aren't, but they may be (like the minimal runtime in Clang). Not sure about the "status" of each kernel one, Cc'ing Kees (sorry, you got dropped), but I imagine things like the integer overflow ones with `UBSAN_TRAP=3Dy` may be fine in production. > Now I wasn't trying to say substraction overflows shouldn't be checked > (by default), the thing is that `Ktime` is just a `ktime_t` wrapper, so > it's natural that it provides as least difference as possible. If it was > a standalone abstraction, then by all means let's add different APIs for > different purpose. Agreed that we should generally avoid surprises, but here the C side may be actually expecting the same (i.e. no overflows). But if that is not the case, and then you think we should call this a different name than `Ktime` to avoid confusion, that is fair. > If you look at ktime API, ktime_sub() is the only one doing > substraction between two ktime_t, there is no raw or unsafe or safe API, > So as a minimal abstraction, it's natural for a user to expect > `Ktime::sub()` behaves like `ktime_sub()`. Yeah, but as I was mentioning, in the `add` case, it seems like it is not intended to overflow. Thus one could assume (perhaps naively) the subtraction isn't, either. > Maybe it's wise to just wait for them to reply, I don't think you and I > have much disagree other than ktime_t API semantics ;-) Indeed :) Cheers, Miguel