From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-179.mta0.migadu.com (out-179.mta0.migadu.com [91.218.175.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2A1921CC53 for ; Wed, 26 Feb 2025 17:43:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740591783; cv=none; b=TVGDn5oRc3mmAwjO5kSnltNfZ3HGdJKVYXpNEfWCB9YP31ak7MdL7w9qwIpL83g5Cp6KbCZEQNurKjIT4hYgdUkVIUq4Uy9ZPsmWBzG2HM7ckN43JJcYq/PtXA/WRd5YMS9bN+cTQHlTsK85NdyiPzBFmNmfBAqwxjTdEseqlAs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740591783; c=relaxed/simple; bh=Wvp2Wf24e5OiLaBjQ9CfTQWzI7dIGHhOr9EDdsHweX0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AtxP5xcZ9YC4qe7gPM+PTmLxq4VPoCVuXrR5eicV8tVuTdwyaV9f4RJrsoty6zpDwzojapGR426vPqHmzDC6DvUlEm4X8cSsmXHp5AgfYqIhEIgzeUMU+XNf2TZ0rIPZL3TuOQALf0VnizRpWNt3I+ypgtp0VjZmhUM+ScAbd/o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=k3ULNE1+; arc=none smtp.client-ip=91.218.175.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="k3ULNE1+" Date: Wed, 26 Feb 2025 12:42:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1740591780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WO8BgoIWpM4KYlVJSvu0V4fB69iQzKx0gR7mWS9n7dY=; b=k3ULNE1+WzTZWSddCR3z1ScLV/z9UxU+JeDRdmiNl1EQKROJnguJN5AulKfNWOrQvbN/Xl 9z4khDoL7w8YdnhFxnN3VY3VDsOQR6v/ZkaEF5eYed1c0nrW9TMP1A7aYWlzgCRecWr5hU wlhyEQyTIIqsdI6W7l6ArHDnmymwUO0= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Miguel Ojeda Cc: James Bottomley , Ventura Jack , "H. Peter Anvin" , Alice Ryhl , Linus Torvalds , Gary Guo , airlied@gmail.com, boqun.feng@gmail.com, david.laight.linux@gmail.com, ej@inai.de, gregkh@linuxfoundation.org, hch@infradead.org, ksummit@lists.linux.dev, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Ralf Jung Subject: Re: C aggregate passing (Rust kernel policy) Message-ID: References: <5E3FEDC4-DBE3-45C7-A331-DAADD3E7EB42@zytor.com> <2rrp3fmznibxyg3ocvsfasfnpwfp2skhf4x7ihrnvm72lemykf@lwp2jkdbwqgm> Precedence: bulk X-Mailing-List: ksummit@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Migadu-Flow: FLOW_OUT On Wed, Feb 26, 2025 at 06:11:53PM +0100, Miguel Ojeda wrote: > On Wed, Feb 26, 2025 at 3:26 PM James Bottomley > wrote: > > > > On Wed, 2025-02-26 at 14:53 +0100, Miguel Ojeda wrote: > > > On Wed, Feb 26, 2025 at 2:03 PM Ventura Jack > > > wrote: > > [...] > > > > Exception/unwind safety may be another subject that increases > > > > the difficulty of writing unsafe Rust. > > > > > > Note that Rust panics in the kernel do not unwind. > > > > I presume someone is working on this, right? While rust isn't > > pervasive enough yet for this to cause a problem, dumping a backtrace > > is one of the key things we need to diagnose how something went wrong, > > particularly for user bug reports where they can't seem to bisect. > > Ventura Jack was talking about "exception safety", referring to the > complexity of having to take into account additional execution exit > paths that run destructors in the middle of doing something else and > the possibility of those exceptions getting caught. This does affect > Rust when built with the unwinding "panic mode", similar to C++. > > In the kernel, we build Rust in its aborting "panic mode", which > simplifies reasoning about it, because destructors do not run and you > cannot catch exceptions (you could still cause mischief, though, > because it does not necessarily kill the kernel entirely, since it > maps to `BUG()` currently). > > In other words, Ventura Jack and my message were not referring to > walking the frames for backtraces. > > I hope that clarifies. However, if Rust in the kernel does get full unwinding, that opens up interesting possibilities - Rust with "no unsafe, whitelisted list of dependencies" could potentially replace BPF with something _much_ more ergonomic and practical.