Re: Rust kernel policy

[Willy Tarreau]

On Thu, Feb 20, 2025 at 05:23:54AM -0800, H. Peter Anvin wrote:
> In the NASM codebase I long ago started using nasm_new() and nasm_zero()
> macros for this purpose, and structure copies really can just be aasignment
> statements. People writing C seem to have a real aversion for using
> structures as values (arguments, return values or assignments) even though
> that has been valid since at least C90 and can genuinely produce better code
> in some cases.

I do use them in some of my code, particularly dual-value return types.
They have the benefit of often working with a register pair and coming
at zero cost, while allowing to support both a status and a value. I've
even made a strings library ("ist") that uses (ptr,len) and passes that
as arguments and returns that. That's super convenient because you can
chain your operations on a single line (e.g. to concat elements) and
the resulting code remains efficient and compact.

The real issue with structure assignment (in the kernel) is that the
compiler knows what to copy and will usually not do anything of holes
so that's how we can easily leak uninitialized data to userland. But
outsize of this specific case that could be instrumented, I like and
encourage this practice!

Willy