Re: [PATCH v4 7/7] rust: alloc: add Vec::insert_within_capacity

[Greg KH <gregkh@linuxfoundation.org>]

On Wed, Apr 30, 2025 at 11:24:23AM +0000, Alice Ryhl wrote:
> On Tue, Apr 29, 2025 at 05:30:06PM +0200, Greg KH wrote:
> > On Tue, Apr 29, 2025 at 02:44:27PM +0000, Alice Ryhl wrote:
> > > This adds a variant of Vec::insert that does not allocate memory. This
> > > makes it safe to use this function while holding a spinlock. Rust Binder
> > > uses it for the range allocator fast path.
> > > 
> > > Signed-off-by: Alice Ryhl <aliceryhl@google.com>
> > > ---
> > >  rust/kernel/alloc/kvec.rs | 39 +++++++++++++++++++++++++++++++++++++++
> > >  1 file changed, 39 insertions(+)
> > > 
> > > diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
> > > index 0682108951675cbee05faa130e5a9ce72fc343ba..998afdcde47bec94b2c9d990ba3afbb3488ea99e 100644
> > > --- a/rust/kernel/alloc/kvec.rs
> > > +++ b/rust/kernel/alloc/kvec.rs
> > > @@ -355,6 +355,45 @@ pub unsafe fn push_within_capacity_unchecked(&mut self, v: T) {
> > >          unsafe { self.inc_len(1) };
> > >      }
> > >  
> > > +    /// Inserts an element at the given index in the [`Vec`] instance.
> > > +    ///
> > > +    /// Fails if the vector does not have capacity for the new element. Panics if the index is out
> > > +    /// of bounds.
> > 
> > Why panic and why not just return an error instead?
> 
> It's for consistency with stdlib. Illegal use is panic, expected error
> conditions are errors.

But this is the kernel, not userspace :)

As you can return an error, why not?  Rebooting a box should be a "last
resort" type of thing when you can not recover from an error.  You can
easily not overflow and return an error here, so why do you want to just
give up and cause all data to be lost?

And I don't see any other panics happening in this file, so would this
be the first one?

thanks,

greg k-h