From: Miguel Ojeda <ojeda@kernel.org>
To: gary@garyguo.net
Cc: a.hindborg@kernel.org, aliceryhl@google.com, arve@android.com,
bjorn3_gh@protonmail.com, boqun@kernel.org, brauner@kernel.org,
cmllamas@google.com, dakr@kernel.org, georgeandrout13@gmail.com,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
lossin@kernel.org, miguel.ojeda.sandonis@gmail.com,
ojeda@kernel.org, paul@paul-moore.com,
rust-for-linux@vger.kernel.org, tkjos@android.com,
tmgross@umich.edu, work@onurozkan.dev
Subject: Re: Re: [PATCH] rust_binder: add ownership assertion to Node::add_death
Date: Thu, 11 Jun 2026 10:15:25 +0200 [thread overview]
Message-ID: <20260611081525.73734-1-ojeda@kernel.org> (raw)
In-Reply-To: <DJ5ETQTN0B4N.G35D5N46VX13@garyguo.net>
On Wed, 10 Jun 2026 14:39:46 +0100 Gary Guo <gary@garyguo.net> wrote:
>
> pr_warn is probably a bad idea here. Given the code relies it for soundness.
> You're either sure that it won't happen, then you use `debug_assert!`, or you
> are not sure, and use `assert!`.
>
> There's no "I am fairly certain but the code should keep running despite
> invariance violation" for this one.
[ I keep getting your emails way later than they appear in the list...
I spotted this one as well in the mailing list. ]
I agree that continuining in this particular case is quite bad, and you
know I would be stricter than the C side for this sort of thing -- it is
closer to an indexing gone wrong where we panic as well.
But to clarify, the `pr_warn!` is not the important bit here -- I was
giving the general rule that if `debug_assert!` is OK in a particular
situation, then as usual we should consider a `pr_warn!` as well, i.e.
that is the Erroneous Behavior combo for us.
And if it is not OK to continue in a certain situation, then something
else entirely needs to be done.
That is what I pointed out in the GitHub issue, i.e. that the original
`debug_assert!` suggestion cannot fix a soundness issue.
Cheers,
Miguel
next prev parent reply other threads:[~2026-06-11 8:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-10 3:55 [PATCH] rust_binder: add ownership assertion to Node::add_death Georgios Androutsopoulos
2026-06-10 5:45 ` Onur Özkan
2026-06-10 6:07 ` Miguel Ojeda
2026-06-10 13:39 ` Gary Guo
2026-06-11 8:15 ` Miguel Ojeda [this message]
2026-06-11 10:31 ` Gary Guo
2026-06-11 13:22 ` Miguel Ojeda
2026-06-10 13:32 ` [PATCH v2] " Georgios Androutsopoulos
2026-06-10 14:21 ` Miguel Ojeda
2026-06-11 7:42 ` Alice Ryhl
2026-06-11 22:26 ` George Androutsopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260611081525.73734-1-ojeda@kernel.org \
--to=ojeda@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=georgeandrout13@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=paul@paul-moore.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tkjos@android.com \
--cc=tmgross@umich.edu \
--cc=work@onurozkan.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.