On Wed, 2024-03-13 at 11:02 -0700, Bart Van Assche wrote:
On 3/13/24 04:05, Andreas Hindborg wrote:
This is the second version of the Rust block device driver API and
the Rust null
block driver. The context and motivation can be seen in cover
letter of the RFC
v1 [1]. If more context is required, a talk about this effort was
recorded at
LPC [2]. I hope to be able to discuss this series at LSF this year
[3].
Memory safety may land in C++ in the near future (see also
https://herbsutter.com/2024/03/). If memory-safe C++ or memory-safe C
would be adopted in the kernel, it would allow writing memory-safe
drivers without having to add complicated bindings between existing C
code and new Rust code.
Correct, but it would also most likely allow to just arbitrarily ignore
the "modern, memory safe C" (or C++) and write it the old way.
The Kernel's C already has more memory safety than standardized C:
There's devres, and since last year there's the __cleanup attribute.
– but the thing is, you can just ignore it and do it the old way.
One of the stronger arguments behind the push for Rust is that the
language by design forces you to obey, because otherwise the compiler
will just reject building.