From: Kees Cook <keescook@chromium.org>
To: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Cc: Philipp Stanner <pstanner@redhat.com>,
Kees Cook <kees@kernel.org>, Boqun Feng <boqun.feng@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Miguel Ojeda <ojeda@kernel.org>, John Stultz <jstultz@google.com>,
Stephen Boyd <sboyd@kernel.org>,
Alex Gaynor <alex.gaynor@gmail.com>,
Wedson Almeida Filho <wedsonaf@gmail.com>,
Gary Guo <gary@garyguo.net>,
bjorn3_gh@protonmail.com, Benno Lossin <benno.lossin@proton.me>,
Andreas Hindborg <a.hindborg@samsung.com>,
Alice Ryhl <aliceryhl@google.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub()
Date: Mon, 15 Apr 2024 10:08:30 -0700 [thread overview]
Message-ID: <202404151005.EB7F67A@keescook> (raw)
In-Reply-To: <CANiq72kMZ6mpK+LaL9Xfsp032CZOfAEtr6Dp9A2R-m6dC3gkWQ@mail.gmail.com>
On Fri, Apr 12, 2024 at 09:58:57AM +0200, Miguel Ojeda wrote:
> On Fri, Apr 12, 2024 at 9:43 AM Philipp Stanner <pstanner@redhat.com> wrote:
> >
> > Is that going to remain enabled by default or what was the plan here?
>
> The plan is to ideally keep it enabled by default, but I defer to Kees
> with whom we discussed this back then (Cc'd).
Yeah, we want to keep "trap on overflow" the default for Rust. We're
slowly making our way there[1] for C in Linux, so I don't want to
regress the Rust code.
> The goal is that Rust code, since the beginning, has all wrapping
> operations marked explicitly as such.
Exactly. We have to not perpetuate the ambiguity of arithmetic
operations. It should be clear from the operator or the type what the
expected bounds are for a calculation.
-Kees
[1] https://lore.kernel.org/lkml/20240205093725.make.582-kees@kernel.org/
--
Kees Cook
next prev parent reply other threads:[~2024-04-15 17:08 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 23:07 [PATCH 0/2] rust: time related cleanup Boqun Feng
2024-04-11 23:08 ` [PATCH 1/2] rust: time: doc: Add missing C header links Boqun Feng
2024-04-12 7:15 ` Miguel Ojeda
2024-04-12 11:04 ` Alice Ryhl
2024-04-11 23:08 ` [PATCH 2/2] rust: time: Use wrapping_sub() for Ktime::sub() Boqun Feng
2024-04-12 7:14 ` Miguel Ojeda
2024-04-12 7:43 ` Philipp Stanner
2024-04-12 7:58 ` Miguel Ojeda
2024-04-15 17:08 ` Kees Cook [this message]
2024-04-12 13:34 ` Boqun Feng
2024-04-12 14:41 ` Miguel Ojeda
2024-04-13 1:30 ` Boqun Feng
2024-04-13 2:16 ` Miguel Ojeda
2024-04-12 8:36 ` Alice Ryhl
2024-04-12 13:18 ` Boqun Feng
2024-04-12 13:51 ` Alice Ryhl
2024-04-25 9:00 ` Andreas Hindborg
2024-04-25 14:28 ` Boqun Feng
2024-04-23 21:11 ` Boqun Feng
2024-04-23 23:37 ` Kees Cook
2024-04-24 10:21 ` Miguel Ojeda
2024-05-09 12:14 ` Thomas Gleixner
2024-05-13 14:06 ` Boqun Feng
2024-05-13 15:04 ` Miguel Ojeda
2024-05-14 13:12 ` Boqun Feng
2024-05-14 14:21 ` Miguel Ojeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202404151005.EB7F67A@keescook \
--to=keescook@chromium.org \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=jstultz@google.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=ojeda@kernel.org \
--cc=pstanner@redhat.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=sboyd@kernel.org \
--cc=tglx@linutronix.de \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).