Re: Rust kernel policy

From: Dan Carpenter
Date: Wed Feb 19 2025 - 03:07:46 EST

Next message: Red Hat Product Security: "Re: FW: GPF and null-ptr-deref caused by uninitialization of jfs module(INC3342348)"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v3 2/5] dt-bindings: clock: document exynos7870 clock driver CMU bindings"
In reply to: Linus Torvalds: "Re: Rust kernel policy"
Next in thread: James Bottomley: "Re: Rust kernel policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 18, 2025 at 08:08:18AM -0800, Christoph Hellwig wrote:
> But that also shows how core maintainers
> are put off by trivial things like checking for integer overflows or
> compiler enforced synchronization (as in the clang thread sanitizer).
> How are we're going to bridge the gap between a part of the kernel that
> is not even accepting relatively easy rules for improving safety vs
> another one that enforces even strong rules.

Yeah. It's an ironic thing...

unsigned long total = nr * size;

if (nr > ULONG_MAX / size)
return -EINVAL;

In an ideal world, people who write code like that should receive a
permanent ban from promoting Rust.

regards,
dan carpenter

Next message: Red Hat Product Security: "Re: FW: GPF and null-ptr-deref caused by uninitialization of jfs module(INC3342348)"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v3 2/5] dt-bindings: clock: document exynos7870 clock driver CMU bindings"
In reply to: Linus Torvalds: "Re: Rust kernel policy"
Next in thread: James Bottomley: "Re: Rust kernel policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]