lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 04 Oct 2022 13:32:49 +0800
From:   Xi Ruoyao <xry111@...uxfromscratch.org>
To:     Kees Cook <keescook@...omium.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Adam Bratschi-Kaye <ark.email@...il.com>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Antonio Terceiro <antonio.terceiro@...aro.org>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        Boqun Feng <boqun.feng@...il.com>,
        Boris-Chengbiao Zhou <bobo1239@....de>,
        Daniel Xu <dxu@...uu.xyz>,
        Dariusz Sosnowski <dsosnowski@...snowski.pl>,
        David Gow <davidgow@...gle.com>,
        Douglas Su <d0u9.su@...look.com>, Finn Behrens <me@...enk.de>,
        Fox Chen <foxhlchen@...il.com>, Gary Guo <gary@...yguo.net>,
        Geert Stappers <stappers@...ppers.nl>,
        Geoffrey Thomas <geofft@...reload.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>,
        Joe Perches <joe@...ches.com>,
        John Baublitz <john.m.baublitz@...il.com>,
        Julian Merkle <me@...erkle.de>,
        Léo Lanteri Thauvin 
        <leseulartichaut@...il.com>,
        Maciej Falkowski <m.falkowski@...sung.com>,
        Martin Rodriguez Reboredo <yakoyoku@...il.com>,
        Matthew Bakhtiari <dev@...k.me>,
        Matthew Wilcox <willy@...radead.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Miguel Cano <macanroj@...il.com>,
        Miguel Ojeda <ojeda@...nel.org>,
        Milan Landaverde <milan@...verde.com>,
        Morgan Bartlett <mjmouse9999@...il.com>,
        Nándor István Krácser 
        <bonifaido@...il.com>, Nick Desaulniers <ndesaulniers@...gle.com>,
        Niklas Mohrin <dev@...lasmohrin.de>,
        Petr Mladek <pmladek@...e.com>,
        Sumera Priyadarsini <sylphrenadin@...il.com>,
        Sven Van Asbroeck <thesven73@...il.com>,
        Tiago Lam <tiagolam@...il.com>,
        Viktor Garske <viktor@...ar.de>,
        Wedson Almeida Filho <wedsonaf@...il.com>,
        Wei Liu <wei.liu@...nel.org>, Wu XiangCheng <bobwxc@...il.cn>,
        Yuki Okushi <jtitor@...6.org>
Subject: Re: [GIT PULL] Rust introduction for v6.1-rc1

On Sat, 2022-10-01 at 08:58 -0700, Kees Cook wrote:
> Hi Linus,
> 
> Please pull the initial Rust support for v6.1-rc1. The tree has a recent
> base, but has fundamentally been in linux-next for a year and a half[1].
> It's been updated based on feedback from the Kernel Maintainer's Summit,
> and to gain recent Reviewed-by: tags. Miguel is the primary maintainer,
> with me helping where needed/wanted. Our plan is for the tree to switch to
> the standard non-rebasing practice once this initial infrastructure series
> lands. The contents are the absolute minimum to get Rust code building
> in the kernel, with many more interfaces[2] (and drivers[3]) on the way.

Hi,

As a Linux From Scratch maintainer I have to express some concern.

I think I have the most open attitude to Rust among all Linux From
Scratch members.  But this will be just *too* troubling for us.

I'm not against the use of Rust in kernel, but:

1. Current implementation strictly depends on bindgen, which depends on
libclang in turn.  It means even if the Rust support land in GCC 13,
we'll still need to build and install the giant LLVM for building the
Rust components in the kernel.  Is it possible to use some different
approach (for example, including the binding in the kernel tree)?

2. Squashing all the cmake, LLVM, and Rustc stuff into the Linux From
Scratch book will be extremely painful, but still possible.  However, we
currently need "A particular version of the Rust compiler".  This is
just annoying.  What will happen if a security vulnerability suddenly
shows up in the "particular version" required by a kernel LTS branch? 
And from a distro maintainer's point of view this will forces us to
build multiple Rustc versions.  I see the reason "the kernel depends on
some unstable Rust features", but then shouldn't we wait for (or urge
the Rustc developers for) the stabilization of these features, instead
of merging Rust into the mainline too quickly?  Now they can declare the
victory like "oh, the kernel is now using our language!" but *we* are
paying all costs.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ