Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()

From: Kees Cook
Date: Mon Apr 15 2024 - 13:12:18 EST

Next message: Ronald Warsow: "Re: [PATCH 6.8 000/172] 6.8.7-rc1 review"
Previous message: Jianfeng Liu: "[PATCH v3 3/3] arm64: dts: rockchip: Add ArmSom Sige7 board"
In reply to: Miguel Ojeda: "Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()"
Next in thread: Boqun Feng: "Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 12, 2024 at 09:58:57AM +0200, Miguel Ojeda wrote:
> On Fri, Apr 12, 2024 at 9:43 AM Philipp Stanner <pstanner@xxxxxxxxxx> wrote:
> >
> > Is that going to remain enabled by default or what was the plan here?
>
> The plan is to ideally keep it enabled by default, but I defer to Kees
> with whom we discussed this back then (Cc'd).

Yeah, we want to keep "trap on overflow" the default for Rust. We're
slowly making our way there[1] for C in Linux, so I don't want to
regress the Rust code.

> The goal is that Rust code, since the beginning, has all wrapping
> operations marked explicitly as such.

Exactly. We have to not perpetuate the ambiguity of arithmetic
operations. It should be clear from the operator or the type what the
expected bounds are for a calculation.

-Kees

[1] https://lore.kernel.org/lkml/20240205093725.make.582-kees@xxxxxxxxxx/

--
Kees Cook

Next message: Ronald Warsow: "Re: [PATCH 6.8 000/172] 6.8.7-rc1 review"
Previous message: Jianfeng Liu: "[PATCH v3 3/3] arm64: dts: rockchip: Add ArmSom Sige7 board"
In reply to: Miguel Ojeda: "Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()"
Next in thread: Boqun Feng: "Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]