Re: C aggregate passing (Rust kernel policy)

From: Kent Overstreet
Date: Wed Feb 26 2025 - 17:28:04 EST

Next message: Rob Herring (Arm): "Re: [PATCH v2 00/12] arm64: dts: freescale: Add support for the GOcontroll Moduline Display"
Previous message: Mark Brown: "Re: [PATCH v3 00/16] Converge on using secs_to_jiffies() part two"
In reply to: Boqun Feng: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 26, 2025 at 01:14:30PM -0800, Linus Torvalds wrote:
> But dammit, doing things like "read the same variable twice even
> though the programmer only read it once" *IS* observable! It's
> observable as an actual security issue when it causes TOCTOU behavior
> that was introduced into the program by the compiler.

This is another one that's entirely eliminated due to W^X references.

IOW: if you're writing code where rematerializing reads is even a
_concern_ in Rust, then you had to drop to unsafe {} to do it - and your
code is broken, and yes it will have UB.

Next message: Rob Herring (Arm): "Re: [PATCH v2 00/12] arm64: dts: freescale: Add support for the GOcontroll Moduline Display"
Previous message: Mark Brown: "Re: [PATCH v3 00/16] Converge on using secs_to_jiffies() part two"
In reply to: Boqun Feng: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Linus Torvalds: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]