From: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
To: Asahi Lina <lina@asahilina.net>
Cc: "Robin Murphy" <robin.murphy@arm.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Will Deacon" <will@kernel.org>, "Joerg Roedel" <joro@8bytes.org>,
"Hector Martin" <marcan@marcan.st>,
"Sven Peter" <sven@svenpeter.dev>,
"Arnd Bergmann" <arnd@arndb.de>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Alyssa Rosenzweig" <alyssa@rosenzweig.io>,
"Neal Gompa" <neal@gompa.dev>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
asahi@lists.linux.dev
Subject: Re: [PATCH 2/5] rust: device: Add a minimal RawDevice trait
Date: Fri, 24 Feb 2023 20:22:05 +0100 [thread overview]
Message-ID: <CANiq72k_NNFsQ=GGCsur34CTYhSFC0m=mHS83mTB8HQCDBcW=w@mail.gmail.com> (raw)
In-Reply-To: <5a00dcb1-8368-c3ce-6fcb-5932f5eb50a5@asahilina.net>
On Fri, Feb 24, 2023 at 5:23 PM Asahi Lina <lina@asahilina.net> wrote:
>
> So I guess what I'm saying is that at the end of the day, if we can't
> get an interface to be 100% safe and sound and usable, that's probably
> okay. We're still getting a lot of safe mileage out of the other 99%! ^^
We talked a few times about what approach to take for things where a
fully safe API is not feasible. There have been differing opinions in
the past.
One approach would be requiring a "global `unsafe`" so to speak, once,
somewhere in the API -- it does not improve things much, but at least
it would make the user acknowledge the pitfalls of that particular
API/feature/subsystem/hardware/... e.g. for module unloading, one
could ask for an `unsafe` inside the `module!` macro invocation (like
`unsafe unloadable: true,`). This would allow for `// SAFETY: ...`
comments.
Another approach would be declaring some of those "external entities"
outside the scope of Rust's safety guarantees, like it is done for
e.g. `/proc/self/mem` in userspace Rust [1]. They would be documented
wherever relevant, and perhaps we could have an "acknowledged
soundness holes" list.
Having said that, of course, what we definitely don't want to allow is
for subsystems to provide unsound safe APIs for no reason.
[1] https://doc.rust-lang.org/stable/std/os/unix/io/index.html#procselfmem-and-similar-os-features
Cheers,
Miguel
next prev parent reply other threads:[~2023-02-24 19:22 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-24 10:53 [PATCH 0/5] rust: Add io_pgtable and RTKit abstractions Asahi Lina
2023-02-24 10:53 ` [PATCH 1/5] rust: Add a Sealed trait Asahi Lina
2023-02-24 10:53 ` [PATCH 2/5] rust: device: Add a minimal RawDevice trait Asahi Lina
2023-02-24 11:23 ` Greg Kroah-Hartman
2023-02-24 13:15 ` Asahi Lina
2023-02-24 14:11 ` Greg Kroah-Hartman
2023-02-24 14:19 ` Greg Kroah-Hartman
2023-02-24 14:44 ` Asahi Lina
2023-02-24 15:25 ` Greg Kroah-Hartman
2023-02-24 15:45 ` Asahi Lina
2023-02-25 17:07 ` alyssa
2023-02-24 14:32 ` Robin Murphy
2023-02-24 14:48 ` Asahi Lina
2023-02-24 15:14 ` Robin Murphy
2023-02-24 16:23 ` Asahi Lina
2023-02-24 19:22 ` Miguel Ojeda [this message]
2023-03-05 6:52 ` Wedson Almeida Filho
2023-02-24 15:32 ` Greg Kroah-Hartman
2023-02-24 18:52 ` Robin Murphy
2023-02-25 7:00 ` Greg Kroah-Hartman
2023-02-24 14:43 ` Asahi Lina
2023-02-24 15:24 ` Greg Kroah-Hartman
2023-02-24 15:42 ` Asahi Lina
2023-02-24 10:53 ` [PATCH 3/5] rust: io_pgtable: Add io_pgtable abstraction Asahi Lina
2023-02-24 10:53 ` [PATCH 4/5] rust: soc: apple: rtkit: Add Apple RTKit abstraction Asahi Lina
2023-02-24 10:53 ` [PATCH 5/5] rust: device: Add a stub abstraction for devices Asahi Lina
2023-02-24 11:19 ` Greg Kroah-Hartman
2023-02-24 15:10 ` Asahi Lina
2023-02-24 15:34 ` Greg Kroah-Hartman
2023-02-24 15:51 ` Asahi Lina
2023-02-24 16:31 ` Greg Kroah-Hartman
2023-02-24 16:53 ` Asahi Lina
2023-03-05 6:39 ` Wedson Almeida Filho
2023-03-09 11:24 ` Greg Kroah-Hartman
2023-03-09 16:46 ` Wedson Almeida Filho
2023-03-09 17:11 ` Greg Kroah-Hartman
2023-03-09 19:06 ` Wedson Almeida Filho
2023-03-13 17:01 ` Gary Guo
2023-03-09 19:43 ` Miguel Ojeda
2023-03-13 17:52 ` Gary Guo
2023-03-13 18:05 ` Boqun Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANiq72k_NNFsQ=GGCsur34CTYhSFC0m=mHS83mTB8HQCDBcW=w@mail.gmail.com' \
--to=miguel.ojeda.sandonis@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=alyssa@rosenzweig.io \
--cc=arnd@arndb.de \
--cc=asahi@lists.linux.dev \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joro@8bytes.org \
--cc=lina@asahilina.net \
--cc=linux-kernel@vger.kernel.org \
--cc=marcan@marcan.st \
--cc=neal@gompa.dev \
--cc=ojeda@kernel.org \
--cc=rafael@kernel.org \
--cc=robin.murphy@arm.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=sven@svenpeter.dev \
--cc=wedsonaf@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).