From: Ingo Molnar <mingo@kernel.org>
To: Boqun Feng <boqun.feng@gmail.com>
Cc: "Peter Zijlstra" <peterz@infradead.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Juri Lelli" <juri.lelli@redhat.com>,
"Vincent Guittot" <vincent.guittot@linaro.org>,
"Dietmar Eggemann" <dietmar.eggemann@arm.com>,
"Steven Rostedt" <rostedt@goodmis.org>,
"Ben Segall" <bsegall@google.com>, "Mel Gorman" <mgorman@suse.de>,
"Valentin Schneider" <vschneid@redhat.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Nathan Chancellor" <nathan@kernel.org>,
"Nick Desaulniers" <nick.desaulniers+lkml@gmail.com>,
"Bill Wendling" <morbo@google.com>,
"Justin Stitt" <justinstitt@google.com>,
"FUJITA Tomonori" <fujita.tomonori@gmail.com>,
"Tamir Duberstein" <tamird@gmail.com>,
"Kunwu Chan" <kunwu.chan@hotmail.com>,
"Mitchell Levy" <levymitchell0@gmail.com>,
"Martin Rodriguez Reboredo" <yakoyoku@gmail.com>,
"Borys Tyran" <borys.tyran@protonmail.com>,
"Christian Brauner" <brauner@kernel.org>,
"Panagiotis Foliadis" <pfoliadis@posteo.net>,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
llvm@lists.linux.dev,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: Re: [PATCH 4/5] sched/core: Add __might_sleep_precision()
Date: Fri, 9 May 2025 08:00:32 +0200 [thread overview]
Message-ID: <aB2aAEELa3253nBh@gmail.com> (raw)
In-Reply-To: <20250506045843.51258-5-boqun.feng@gmail.com>
* Boqun Feng <boqun.feng@gmail.com> wrote:
> From: FUJITA Tomonori <fujita.tomonori@gmail.com>
>
> Add __might_sleep_precision(), Rust friendly version of
> __might_sleep(), which takes a pointer to a string with the length
> instead of a null-terminated string.
>
> Rust's core::panic::Location::file(), which gives the file name of a
> caller, doesn't provide a null-terminated
> string. __might_sleep_precision() uses a precision specifier in the
> printk format, which specifies the length of a string; a string
> doesn't need to be a null-terminated.
>
> Modify __might_sleep() to call __might_sleep_precision() but the
> impact should be negligible. When printing the error (sleeping
> function called from invalid context), the precision string format is
> used instead of the simple string format; the precision specifies the
> the maximum length of the displayed string.
>
> Note that Location::file() providing a null-terminated string for
> better C interoperability is under discussion [1].
>
> [1]: https://github.com/rust-lang/libs-team/issues/466
>
> Tested-by: Daniel Almeida <daniel.almeida@collabora.com>
> Reviewed-by: Alice Ryhl <aliceryhl@google.com>
> Co-developed-by: Boqun Feng <boqun.feng@gmail.com>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
> Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
> Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
> Link: https://lore.kernel.org/r/20250410225623.152616-2-fujita.tomonori@gmail.com
> ---
> include/linux/kernel.h | 2 ++
> kernel/sched/core.c | 62 ++++++++++++++++++++++++++++--------------
> 2 files changed, 43 insertions(+), 21 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index be2e8c0a187e..086ee1dc447e 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -87,6 +87,7 @@ extern int dynamic_might_resched(void);
> #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
> extern void __might_resched(const char *file, int line, unsigned int offsets);
> extern void __might_sleep(const char *file, int line);
> +extern void __might_sleep_precision(const char *file, int len, int line);
Ugh.
Firstly, '_precision' is really ambiguous in this context and suggests
'precise sleep' or something like that, which this is not about at all.
So the naming here is all sorts of bad already.
But more importantly, this is really a Rust problem. Does Rust really
have no NUL-terminated strings? It should hide them in shame and
construct proper, robust strings, instead of spreading this disease to
the rest of the kernel, IMHO ...
Rust is supposed to be about increased security, right? How does extra,
nonsensical complexity for simple concepts such as strings achieve
that? If the Rust runtime wants to hook into debug facilities of the
Linux kernel then I have bad news: almost all strings used by kernel
debugging facilities are NUL-terminated.
So I really don't like this patch. Is there no other way to do this?
Thanks,
Ingo
next prev parent reply other threads:[~2025-05-09 6:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-06 4:58 [GIT PULL] [PATCH 0/5] rust: Task & schedule related changes for v6.16 Boqun Feng
2025-05-06 4:58 ` [PATCH 1/5] rust: sync: Mark CondVar::notify_*() inline Boqun Feng
2025-05-06 4:58 ` [PATCH 2/5] rust: sync: Mark PollCondVar::drop() inline Boqun Feng
2025-05-06 4:58 ` [PATCH 3/5] rust: task: Mark Task methods inline Boqun Feng
2025-05-06 4:58 ` [PATCH 4/5] sched/core: Add __might_sleep_precision() Boqun Feng
2025-05-09 6:00 ` Ingo Molnar [this message]
2025-05-09 7:19 ` Boqun Feng
2025-05-19 12:40 ` Boqun Feng
2025-06-02 18:16 ` Boqun Feng
2025-05-09 7:41 ` Andreas Hindborg
2025-05-09 9:20 ` Alice Ryhl
2025-05-06 4:58 ` [PATCH 5/5] rust: task: Add Rust version of might_sleep() Boqun Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aB2aAEELa3253nBh@gmail.com \
--to=mingo@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=borys.tyran@protonmail.com \
--cc=brauner@kernel.org \
--cc=bsegall@google.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=dietmar.eggemann@arm.com \
--cc=fujita.tomonori@gmail.com \
--cc=gary@garyguo.net \
--cc=juri.lelli@redhat.com \
--cc=justinstitt@google.com \
--cc=kunwu.chan@hotmail.com \
--cc=levymitchell0@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=pfoliadis@posteo.net \
--cc=rostedt@goodmis.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tmgross@umich.edu \
--cc=torvalds@linux-foundation.org \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=yakoyoku@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox