Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp1575472lqp; Mon, 15 Apr 2024 10:12:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUUodc/X/NwzHsxiD5Kq7tmCz1MHkwGcbJLRveIOTIPhFctFy3oI/4A2qrGmA6jp/qbIZ0JC+I0dfjmLpJyibdxZz8yLyrNx1dXi0zDbg== X-Google-Smtp-Source: AGHT+IEeRwZq9jBxwj/ca+LgoEoZnW7tqbwg+glEsdtwK58vOpgwTLPeHxTLV67Z3SqIjS7ms9Pj X-Received: by 2002:a05:6214:138f:b0:69b:6c70:320d with SMTP id pp15-20020a056214138f00b0069b6c70320dmr6081384qvb.29.1713201140873; Mon, 15 Apr 2024 10:12:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713201140; cv=pass; d=google.com; s=arc-20160816; b=uqqNzteifalo6bA+WwflnW8X1PlgB4pgdMbO/hjaN4e8Yu7Jiozt+D7xEGgZc/9uRi Qp2pNBIEyuvKZUMvz71RQBsHdyoWjLyYpRoX7oGyPyduSOSL+Fg9ZCQ0AVegXxYCYhPh nwIHh7YtMBRJTQlld3ZrZcWmZtMb9/+SxOPBhEvWnff3OtJqKKeYMYlDgsuu98IGCFIs hKLQXtGUYqh/XM/KzoFmO1V+bUelRhaS32HQD1IBQmjFjgOsJ+N5Dx0udYILMblY2g/r ULqZeZdK6UgavrzXHCXfsI+u3ggR+4yiWswmrUqkAd7F0RywWkYgkKnhXcTtT3+gLs3B FLNg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=hcAaLIzTeGt6hWYjO1jT3BQBc4jW6jSrXxhMBGNGb14=; fh=4NH2riQB2Kdh+8J5yZM7qhgD0hWYNfzJ8xuGqraQd6U=; b=BkfhVPRSEryPXJTBKKESwb2ngMZ7TIVuhEqrzVCB6e1LqR6pSc3stRpjsj5J9dupcu kIpfZ+CuU1m5PDvBGL/kzwgUMrV2oN1Gq/kFelBW1wyQyq1VYreK6xSCL+PXM9m6RRaq g6w2J91qcJKMftDYI2tUQdfPPmYgAIZNgrR00DtE0fbkSIIe7tBAeeeklxwrotbMETxL 8m7BpT44Q7Z2HCbAdtZDr0M2F/QHEqOOfpLsTNDnBA0px/E/GaCMij9xsqQGi/hxuPg9 hiC/9vMLjaoUdYhhzVb6a579zUN+XmULGI7t79qJtpn21wS4YbO6PjZwjrXRPhZorLL5 2qaQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SKn8gTAj; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-145639-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145639-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id d11-20020a0cf6cb000000b0069b69c9ade3si5292511qvo.115.2024.04.15.10.12.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Apr 2024 10:12:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-145639-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SKn8gTAj; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-145639-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-145639-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id BE5B71C20B7B for ; Mon, 15 Apr 2024 17:12:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AE82B83CAF; Mon, 15 Apr 2024 17:08:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="SKn8gTAj" Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99D5E83CD1 for ; Mon, 15 Apr 2024 17:08:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713200913; cv=none; b=DDSNE0G2lZ6z0ZX8/69NcUXkIwB3OVFYsXUNtps7rZ2egWx2ECI7p8s02zjuwTCD88qb/pTxHysqD3AfVFv7BzlHdbGGiMuBZVnNwQ2OePSqHnXWfaGiRwGQHaogJ71Nm48HbHSaZpmc8AQYwGmnoFQX1DajY06gCdAyrFjMMtI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713200913; c=relaxed/simple; bh=RugWEcPj7mLc+ykQmVDXsINc+yUnD4Z6zG9Nxnjmzg4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=lE9E2nwPg4xmWIxJvY7WsoOcXJBtG/vTW1WyPtnrCo7ff4RNNMSx2jO2RwCbHgTqcm0sz1zDIU1geMz0T3V2BU6gQ592HSsvDThBg0GLRqAtJxvyk8wEontL0z3dhos5gvY2UzujgJ4OCO0bjNn67qzYkWuZFsSZFhE4mp71gFU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=SKn8gTAj; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6ece8991654so3189007b3a.3 for ; Mon, 15 Apr 2024 10:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1713200912; x=1713805712; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=hcAaLIzTeGt6hWYjO1jT3BQBc4jW6jSrXxhMBGNGb14=; b=SKn8gTAjJKMUvDZi51tQf5VIfrSZN+ezeWMCFyhWIQuVkBf3DI03hUSfmFLlpn1Sca i8fXbZyQ9jey1yfwJzRDWlVII6iil+ugpBmqJy41XE5qkLEg25lotpxunJd20OZspQpw DS+Nrj5isK6se5THFuGK7fI4fFGvYKJPmNQD0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713200912; x=1713805712; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hcAaLIzTeGt6hWYjO1jT3BQBc4jW6jSrXxhMBGNGb14=; b=Mdbi+Q4n6nm8sP/1Im8XTOs2VCsgCmmcA4T55xr2JjNzz1acaubgNMbeR1wofFh7Rj UEXex+5LjX6MCPAzuZtGzsloWt7djCmnhl2WHQX/mPoBPm2MsLdaUKkTmZXlvPPeRKWk cIjiYmxNE47tDS5cO8aS2obrguc/0bRYGcST9eyNmX8ToD61JBUWyeoSBVk0YZz9hx2D /tE0AYbWlQjt8ajtxHgzCr6AYqzDHDMsKahxf5oTYXhW9Ahjpcu3FeqhvsHKj47/ggxy JhRAdabI7MDQ/3a0nqMozI/vogMYBPTdPq0triwdE1QVOJRhzM/gDbGAaf67BRy573xD qQRg== X-Forwarded-Encrypted: i=1; AJvYcCVbtQAEAMtVIr3Vs0oamWMwj5x2LJOh1OhSMBbfMktf3fd6AhF8BxW48ZlvylRvrSqNSBpA2PydrQPIHoNL+14nXZbj/3bRxj6JSNs7 X-Gm-Message-State: AOJu0Yz8hWCFyS1hyZsM+FRpxIyJ4DMEjV9Nq/82Exk9HTi0Vl+zwNGz x/TUDAK82LhgcxWPmv8Uq+Hy14aBxtyLgMQbUd1GRoS9FKON7O+HyjAvuBpnWQ== X-Received: by 2002:a05:6a20:734e:b0:1a9:9d07:c431 with SMTP id v14-20020a056a20734e00b001a99d07c431mr15727248pzc.53.1713200911943; Mon, 15 Apr 2024 10:08:31 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id k28-20020a63ba1c000000b005f0793db2ebsm6302106pgf.74.2024.04.15.10.08.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Apr 2024 10:08:31 -0700 (PDT) Date: Mon, 15 Apr 2024 10:08:30 -0700 From: Kees Cook To: Miguel Ojeda Cc: Philipp Stanner , Kees Cook , Boqun Feng , Thomas Gleixner , Miguel Ojeda , John Stultz , Stephen Boyd , Alex Gaynor , Wedson Almeida Filho , Gary Guo , bjorn3_gh@protonmail.com, Benno Lossin , Andreas Hindborg , Alice Ryhl , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub() Message-ID: <202404151005.EB7F67A@keescook> References: <20240411230801.1504496-1-boqun.feng@gmail.com> <20240411230801.1504496-3-boqun.feng@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Fri, Apr 12, 2024 at 09:58:57AM +0200, Miguel Ojeda wrote: > On Fri, Apr 12, 2024 at 9:43 AM Philipp Stanner wrote: > > > > Is that going to remain enabled by default or what was the plan here? > > The plan is to ideally keep it enabled by default, but I defer to Kees > with whom we discussed this back then (Cc'd). Yeah, we want to keep "trap on overflow" the default for Rust. We're slowly making our way there[1] for C in Linux, so I don't want to regress the Rust code. > The goal is that Rust code, since the beginning, has all wrapping > operations marked explicitly as such. Exactly. We have to not perpetuate the ambiguity of arithmetic operations. It should be clear from the operator or the type what the expected bounds are for a calculation. -Kees [1] https://lore.kernel.org/lkml/20240205093725.make.582-kees@kernel.org/ -- Kees Cook