Re: [PATCH 4/5] sched/core: Add __might_sleep_precision()
From: Andreas Hindborg
Date: Fri May 09 2025 - 03:42:19 EST
Ingo Molnar <mingo@xxxxxxxxxx> writes:
> * Boqun Feng <boqun.feng@xxxxxxxxx> wrote:
>
>> From: FUJITA Tomonori <fujita.tomonori@xxxxxxxxx>
>>
>> Add __might_sleep_precision(), Rust friendly version of
>> __might_sleep(), which takes a pointer to a string with the length
>> instead of a null-terminated string.
>>
>> Rust's core::panic::Location::file(), which gives the file name of a
>> caller, doesn't provide a null-terminated
>> string. __might_sleep_precision() uses a precision specifier in the
>> printk format, which specifies the length of a string; a string
>> doesn't need to be a null-terminated.
>>
>> Modify __might_sleep() to call __might_sleep_precision() but the
>> impact should be negligible. When printing the error (sleeping
>> function called from invalid context), the precision string format is
>> used instead of the simple string format; the precision specifies the
>> the maximum length of the displayed string.
>>
>> Note that Location::file() providing a null-terminated string for
>> better C interoperability is under discussion [1].
>>
>> [1]: https://github.com/rust-lang/libs-team/issues/466
>>
>> Tested-by: Daniel Almeida <daniel.almeida@xxxxxxxxxxxxx>
>> Reviewed-by: Alice Ryhl <aliceryhl@xxxxxxxxxx>
>> Co-developed-by: Boqun Feng <boqun.feng@xxxxxxxxx>
>> Signed-off-by: Boqun Feng <boqun.feng@xxxxxxxxx>
>> Signed-off-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxx>
>> Signed-off-by: Boqun Feng <boqun.feng@xxxxxxxxx>
>> Link: https://lore.kernel.org/r/20250410225623.152616-2-fujita.tomonori@xxxxxxxxx
>> ---
>> include/linux/kernel.h | 2 ++
>> kernel/sched/core.c | 62 ++++++++++++++++++++++++++++--------------
>> 2 files changed, 43 insertions(+), 21 deletions(-)
>>
>> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
>> index be2e8c0a187e..086ee1dc447e 100644
>> --- a/include/linux/kernel.h
>> +++ b/include/linux/kernel.h
>> @@ -87,6 +87,7 @@ extern int dynamic_might_resched(void);
>> #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
>> extern void __might_resched(const char *file, int line, unsigned int offsets);
>> extern void __might_sleep(const char *file, int line);
>> +extern void __might_sleep_precision(const char *file, int len, int line);
>
> Ugh.
>
> Firstly, '_precision' is really ambiguous in this context and suggests
> 'precise sleep' or something like that, which this is not about at all.
> So the naming here is all sorts of bad already.
>
> But more importantly, this is really a Rust problem. Does Rust really
> have no NUL-terminated strings? It should hide them in shame and
> construct proper, robust strings, instead of spreading this disease to
> the rest of the kernel, IMHO ...
Not to discuss this particular patch or language interop in general, but
I am curious why you think that null terminated strings are more robust
than pointer + length strings? From the paragraph below, it seems you
also believe that pointer + length is worse for security. Why is that?
Best regards,
Andreas Hindborg
>
> Rust is supposed to be about increased security, right? How does extra,
> nonsensical complexity for simple concepts such as strings achieve
> that? If the Rust runtime wants to hook into debug facilities of the
> Linux kernel then I have bad news: almost all strings used by kernel
> debugging facilities are NUL-terminated.
>
> So I really don't like this patch. Is there no other way to do this?
>
> Thanks,
>
> Ingo