zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. MarkSw+K4[view] [source] 2022-10-02 14:54:55
>>rvz+(OP)
Why is panicing in the kernel on an error not an option? Like kernels can write a core dump and reboot, right?
◧◩
2. cillia+E7[view] [source] 2022-10-02 15:10:09
>>MarkSw+K4
From most users’ points of view, a lot of things the kernel does (e.g. a sound card driver) are non-critical so they’d prefer an error in that driver only killed that driver and not the whole kernel. Similarly, I’d be upset if a server rebooted because of a blip in its CD-ROM driver. And if you can just reload the module which errored, all the better.

It would be cool if kernel Rust could implement a panic handler which just killed the offending module, but I’m assuming from the discussion around panics that this isn’t possible.

◧◩◪
3. vips7L+sc[view] [source] 2022-10-02 15:37:31
>>cillia+E7
Wasn’t that the whole point of microkernels/minix vs monoliths? With drivers being in the kernel can you even restart the modules?
[go to top]