By: cqwrteur (euloanty.delete@this.live.com), July 9, 2021 8:56 pm
Room: Moderated Discussions
I just read the upcoming Rust code for Linux Kernel from Github. Maybe I am stupid. What I see is just unsafe everywhere. All Rust functions are unsafe.
For example
https://github.com/Rust-for-Linux/linux/blob/rust/rust/alloc/rc.rs
The entire code are just unsafe hell.
Dual error reporting (C++ moment).
C++ is clearly a terrible choice for kernel development due to exception handling and all sorts of other issues. Here the rust code looks just as bad as using C++ for me.
I do not understand how could this code brings any safety.
Some Rust people like Alex Gaynor who actively push Rust into kernel look crazy for me. They said using C and C++ violates human rights.
https://www.memorysafety.org/docs/memory-safety/
These vulnerabilities and exploits, and many others, are made possible because C and C++ are not memory safe. Organizations which write large amounts of C and C++ inevitably produce large numbers of vulnerabilities that can be directly attributed to a lack of memory safety. These vulnerabilities are exploited, to the peril of hospitals, human rights dissidents, and health policy experts. Using C and C++ is bad for society, bad for your reputation, and it's bad for your customers.
Maybe Linus Torvalds also agrees using C and C++ violates human rights like those Rust people believe?
For example
https://github.com/Rust-for-Linux/linux/blob/rust/rust/alloc/rc.rs
The entire code are just unsafe hell.
#[cfg(not(no_global_oom_handling))]
unsafe fn allocate_for_layout(
value_layout: Layout,
allocate: impl FnOnce(Layout) -> Result<NonNull, AllocError>,
mem_to_rcbox: impl FnOnce(*mut u8) -> *mut RcBox,
) -> *mut RcBox {
// Calculate layout using the given value layout.
// Previously, layout was calculated on the expression
// `&*(ptr as *const RcBox)`, but this created a misaligned
// reference (see #54908).
let layout = Layout::new::<RcBox>().extend(value_layout).unwrap().0.pad_to_align();
unsafe {
Rc::try_allocate_for_layout(value_layout, allocate, mem_to_rcbox)
.unwrap_or_else(|_| handle_alloc_error(layout))
}
}
/// Allocates an `RcBox` with sufficient space for
/// a possibly-unsized inner value where the value has the layout provided,
/// returning an error if allocation fails.
///
/// The function `mem_to_rcbox` is called with the data pointer
/// and must return back a (potentially fat)-pointer for the `RcBox`.
#[inline]
unsafe fn try_allocate_for_layout(
value_layout: Layout,
allocate: impl FnOnce(Layout) -> Result<NonNull, AllocError>,
mem_to_rcbox: impl FnOnce(*mut u8) -> *mut RcBox,
) -> Result<*mut RcBox, AllocError> {
// Calculate layout using the given value layout.
// Previously, layout was calculated on the expression
// `&*(ptr as *const RcBox)`, but this created a misaligned
// reference (see #54908).
let layout = Layout::new::<RcBox>().extend(value_layout).unwrap().0.pad_to_align();
// Allocate for the layout.
let ptr = allocate(layout)?;
// Initialize the RcBox
let inner = mem_to_rcbox(ptr.as_non_null_ptr().as_ptr());
unsafe {
debug_assert_eq!(Layout::for_value(&*inner), layout);
ptr::write(&mut (*inner).strong, Cell::new(1));
ptr::write(&mut (*inner).weak, Cell::new(1));
}
Ok(inner)
}
Dual error reporting (C++ moment).
C++ is clearly a terrible choice for kernel development due to exception handling and all sorts of other issues. Here the rust code looks just as bad as using C++ for me.
I do not understand how could this code brings any safety.
Some Rust people like Alex Gaynor who actively push Rust into kernel look crazy for me. They said using C and C++ violates human rights.
https://www.memorysafety.org/docs/memory-safety/
These vulnerabilities and exploits, and many others, are made possible because C and C++ are not memory safe. Organizations which write large amounts of C and C++ inevitably produce large numbers of vulnerabilities that can be directly attributed to a lack of memory safety. These vulnerabilities are exploited, to the peril of hospitals, human rights dissidents, and health policy experts. Using C and C++ is bad for society, bad for your reputation, and it's bad for your customers.
Maybe Linus Torvalds also agrees using C and C++ violates human rights like those Rust people believe?
Topic | Posted By | Date |
---|---|---|
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/09 08:56 PM |
Is unsafe hell truly good for linux kernel in the future? | Brendan | 2021/07/09 11:59 PM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 12:37 PM |
Is unsafe hell truly good for linux kernel in the future? | anon | 2021/07/10 03:14 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 12:40 PM |
Is unsafe hell truly good for linux kernel in the future? | Gabriele Svelto | 2021/07/10 02:59 PM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 03:42 PM |
Is unsafe hell truly good for linux kernel in the future? | anon | 2021/07/11 05:11 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/12 11:40 AM |
Is unsafe hell truly good for linux kernel in the future? | Foo_ | 2021/07/10 05:56 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 08:59 AM |
Most RWT posters don’t decide what goes into the Linux kernel | Mark Roulo | 2021/07/10 11:55 AM |
Is unsafe hell truly good for linux kernel in the future? | Foo_ | 2021/07/22 10:10 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 09:22 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 09:24 AM |
Déja Vu | Dismissive | 2021/07/10 09:41 AM |
Déja Vu | cqwrteur | 2021/07/10 09:47 AM |
Déja Vu | Dismissive | 2021/07/10 09:51 AM |
Déja Vu | Michael S | 2021/07/10 12:11 PM |
Is unsafe hell truly good for linux kernel in the future? | Gabriele Svelto | 2021/07/10 11:51 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 12:32 PM |
Is unsafe hell truly good for linux kernel in the future? | Michael S | 2021/07/10 01:04 PM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 01:25 PM |
Is unsafe hell truly good for linux kernel in the future? | Gabriele Svelto | 2021/07/10 02:56 PM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 03:41 PM |
Is unsafe hell truly good for linux kernel in the future? | Rayla | 2021/07/10 04:33 PM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 05:27 PM |
Interesting response... (NT) | Rayla | 2021/07/10 08:02 PM |
perhaps just another lousy AI bot? (NT) | anonymou5 | 2021/07/10 08:33 PM |
perhaps just another lousy AI bot? | dmcq | 2021/07/10 10:26 PM |
perhaps just another lousy AI bot? | cqwrteur | 2021/07/10 10:56 PM |
perhaps just another lousy AI bot? | dmcq | 2021/07/11 02:29 AM |
perhaps just another lousy AI bot? | anon | 2021/07/11 05:16 AM |
perhaps just another lousy AI bot? | cqwrteur | 2021/07/12 02:56 PM |
perhaps just another lousy AI bot? | Rayla | 2021/07/11 05:13 AM |
perhaps just another lousy AI bot? | cqwrteur | 2021/07/11 10:59 AM |
When did I call you a bot, Kebabbert? (NT) | Rayla | 2021/07/11 07:51 PM |
Alternatives? | Brendan | 2021/07/11 12:54 AM |
Alternatives? | Michael S | 2021/07/11 05:01 AM |
Alternatives? | Brendan | 2021/07/11 05:51 AM |
Alternatives? | cqwrteur | 2021/07/11 10:58 AM |
Alternatives? | Gabriele Svelto | 2021/07/12 12:31 AM |
Alternatives? | Michael S | 2021/07/12 02:58 AM |
Alternatives? | anon2 | 2021/07/12 08:08 AM |
Alternatives? | Michael S | 2021/07/12 08:22 AM |
cqwrteur: Keep it polite | David Kanter | 2021/07/13 07:59 AM |
Alternatives? | dmcq | 2021/07/12 08:37 AM |
Alternatives? | cqwrteur | 2021/07/12 03:04 PM |
Alternatives? | dmcq | 2021/07/12 03:26 PM |
Alternatives? | cqwrteur | 2021/07/13 12:47 AM |
Alternatives? | dmcq | 2021/07/13 05:54 AM |
Alternatives? | Jörn Engel | 2021/07/13 03:53 PM |
Alternatives? | FrankHB | 2021/07/17 06:56 AM |
Differences between Rust and C/Go | Gabriele Svelto | 2021/07/14 04:57 AM |
Differences between Rust and C/Go | FrankHB | 2021/07/17 08:47 AM |
Alternatives? | FrankHB | 2021/07/12 09:08 AM |
Alternatives? | Gabriele Svelto | 2021/07/14 01:28 PM |
Inappropriate messages removed: cqwrteur | David Kanter | 2021/07/15 09:59 AM |
Alternatives? | FrankHB | 2021/07/16 05:43 AM |
Alternatives? | Anon | 2021/07/16 11:01 AM |
Alternatives? | Gabriele Svelto | 2021/07/16 12:44 PM |
Type abstraction and kernel programming | FrankHB | 2021/07/17 12:44 AM |
Type abstraction and kernel programming | dmcq | 2021/07/18 03:00 AM |
Type abstraction and kernel programming | dmcq | 2021/07/18 03:36 AM |
Type abstraction and kernel programming | Etienne Lorrain | 2021/07/19 12:03 AM |
Type abstraction and kernel programming | dmcq | 2021/07/19 01:01 AM |
Type abstraction and kernel programming | Anon | 2021/07/19 01:05 AM |
Type abstraction and kernel programming | dmcq | 2021/07/19 02:23 AM |
Type abstraction and kernel programming | Brendan | 2021/07/19 06:05 AM |
Alternatives? | gallier2 | 2021/07/20 03:57 AM |
Alternatives? | Anon | 2021/07/20 05:24 AM |
Alternatives? | Michael S | 2021/07/20 09:14 AM |
Alternatives? | Anon | 2021/07/20 09:53 AM |
Alternatives? | gallier2 | 2021/07/21 10:44 PM |
Alternatives? | Adrian | 2021/07/20 11:00 AM |
Alternatives? | Brett | 2021/07/20 10:13 PM |
Alternatives? | Michael S | 2021/07/21 01:12 AM |
Alternatives? | dmcq | 2021/07/22 11:58 AM |
Alternatives? | Anon | 2021/07/21 07:58 AM |
Alternatives? | Brendan | 2021/07/12 01:34 AM |
Alternatives? | FrankHB | 2021/07/12 09:57 AM |
Alternatives? | cqwrteur | 2021/07/12 11:55 AM |
Alternatives? | FrankHB | 2021/07/12 08:44 PM |
Alternatives? | Brendan | 2021/07/12 07:52 PM |
Alternatives? | cqwrteur | 2021/07/12 10:05 PM |
Alternatives? | Anon | 2021/07/12 10:42 PM |
Alternatives? | cqwrteur | 2021/07/12 11:42 PM |
Alternatives? | cqwrteur | 2021/07/12 11:44 PM |
Alternatives? | Anon | 2021/07/13 07:32 PM |
Alternatives? | cqwrteur | 2021/07/13 08:36 PM |
Alternatives? | cqwrteur | 2021/07/13 08:39 PM |
Alternatives? | Anon | 2021/07/13 09:02 PM |
Alternatives? | cqwrteur | 2021/07/13 09:18 PM |
Alternatives? | cqwrteur | 2021/07/13 08:49 PM |
Alternatives? | Anon | 2021/07/13 09:07 PM |
Alternatives? | cqwrteur | 2021/07/13 09:16 PM |
Alternatives? | Anon | 2021/07/13 10:31 PM |
Alternatives? | cqwrteur | 2021/07/13 11:30 PM |
Alternatives? | Anon | 2021/07/14 12:55 AM |
Alternatives? | cqwrteur | 2021/07/14 01:22 AM |
Alternatives? | Anon | 2021/07/14 02:05 AM |
Alternatives? | cqwrteur | 2021/07/14 02:11 AM |
Alternatives? | Anon | 2021/07/14 03:16 AM |
Alternatives? | cqwrteur | 2021/07/14 06:06 AM |
Alternatives? | Anon | 2021/07/14 07:20 AM |
Alternatives? | cqwrteur | 2021/07/14 07:51 AM |
Alternatives? | Anon | 2021/07/14 11:33 AM |
Alternatives? | Gabriele Svelto | 2021/07/14 12:19 PM |
Alternatives? | FrankHB | 2021/07/16 06:07 AM |
Alternatives? | cqwrteur | 2021/07/13 11:33 PM |
Alternatives? | Anon | 2021/07/14 12:57 AM |
Alternatives? | cqwrteur | 2021/07/14 01:21 AM |
Alternatives? | dmcq | 2021/07/14 02:06 AM |
Alternatives? | cqwrteur | 2021/07/14 02:50 AM |
Alternatives? | ⚛ | 2021/07/15 07:33 AM |
Alternatives? | FrankHB | 2021/07/16 06:13 AM |
Alternatives? | cqwrteur | 2021/07/13 11:39 PM |
Alternatives? | Anon | 2021/07/14 01:08 AM |
Alternatives? | cqwrteur | 2021/07/14 01:20 AM |
Alternatives? | dmcq | 2021/07/14 01:46 AM |
Alternatives? | cqwrteur | 2021/07/14 01:52 AM |
Alternatives? | dmcq | 2021/07/14 09:13 AM |
Alternatives? | dmcq | 2021/07/14 09:23 AM |
Dealing with memory errors | Brendan | 2021/07/14 11:50 AM |
Dealing with memory errors | dmcq | 2021/07/14 03:27 PM |
Dealing with memory errors | Brendan | 2021/07/14 03:55 PM |
Alternatives? | cqwrteur | 2021/07/14 02:12 AM |
Alternatives? | Anon | 2021/07/14 03:16 AM |
Alternatives? | cqwrteur | 2021/07/14 05:55 AM |
Alternatives? | FrankHB | 2021/07/16 06:27 AM |
Alternatives? | cqwrteur | 2021/07/14 01:38 AM |
Alternatives? | anon | 2021/07/14 02:50 AM |
Stop feeding that troll | none | 2021/07/14 03:13 AM |
Alternatives? | cqwrteur | 2021/07/14 06:39 AM |
Alternatives? | Brendan | 2021/07/14 11:15 AM |
Alternatives? | Anon | 2021/07/14 03:19 AM |
Alternatives? | cqwrteur | 2021/07/14 06:12 AM |
Alternatives? | Anon | 2021/07/14 07:17 AM |
Alternatives? | cqwrteur | 2021/07/14 07:47 AM |
Alternatives? | Anon | 2021/07/14 12:00 PM |
Alternatives? | cqwrteur | 2021/07/14 12:44 PM |
Alternatives? | ⚛ | 2021/07/15 09:36 AM |
Alternatives? | Gabriele Svelto | 2021/07/14 12:26 PM |
Alternatives? | cqwrteur | 2021/07/14 12:46 PM |
Alternatives? | Gabriele Svelto | 2021/07/14 01:36 PM |
Alternatives? | cqwrteur | 2021/07/14 01:55 PM |
Alternatives? | Smoochie | 2021/07/14 11:07 PM |
Alternatives? | ⚛ | 2021/07/15 07:37 AM |
Alternatives? | Brendan | 2021/07/15 10:21 AM |
Alternatives? | Anon | 2021/07/15 12:15 PM |
Alternatives? | FrankHB | 2021/07/16 06:27 AM |
Alternatives? | None | 2021/07/14 01:50 AM |
Alternatives? | cqwrteur | 2021/07/14 01:54 AM |
Alternatives? | cqwrteur | 2021/07/14 01:55 AM |
Alternatives? | Rayla | 2021/07/14 04:47 AM |
Alternatives? | cqwrteur | 2021/07/14 05:54 AM |
Alternatives? | Gabriele Svelto | 2021/07/14 12:43 PM |
Alternatives? | FrankHB | 2021/07/12 11:47 PM |
Alternatives? | FrankHB | 2021/07/12 11:05 PM |
Alternatives? | Michael S | 2021/07/13 12:01 AM |
Alternatives? | FrankHB | 2021/07/13 12:25 AM |
Alternatives? | Doug S | 2021/07/12 11:29 PM |
Alternatives? | cqwrteur | 2021/07/12 11:48 PM |
Alternatives? | FrankHB | 2021/07/13 12:07 AM |
Is unsafe hell truly good for linux kernel in the future? | ⚛ | 2021/07/12 05:27 AM |
Is unsafe hell truly good for linux kernel in the future? | Anon | 2021/07/12 08:46 AM |
Is unsafe hell truly good for linux kernel in the future? | Etienne Lorrain | 2021/07/13 01:00 AM |
Is unsafe hell truly good for linux kernel in the future? | cqwrteur | 2021/07/10 12:38 PM |