lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YzvVYIo8q5TeBmB4@tardis>
Date:   Mon, 3 Oct 2022 23:40:32 -0700
From:   Boqun Feng <boqun.feng@...il.com>
To:     Xi Ruoyao <xry111@...uxfromscratch.org>
Cc:     Kees Cook <keescook@...omium.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-kernel@...r.kernel.org,
        Adam Bratschi-Kaye <ark.email@...il.com>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Antonio Terceiro <antonio.terceiro@...aro.org>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        Boris-Chengbiao Zhou <bobo1239@....de>,
        Daniel Xu <dxu@...uu.xyz>,
        Dariusz Sosnowski <dsosnowski@...snowski.pl>,
        David Gow <davidgow@...gle.com>,
        Douglas Su <d0u9.su@...look.com>, Finn Behrens <me@...enk.de>,
        Fox Chen <foxhlchen@...il.com>, Gary Guo <gary@...yguo.net>,
        Geert Stappers <stappers@...ppers.nl>,
        Geoffrey Thomas <geofft@...reload.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiapeng Chong <jiapeng.chong@...ux.alibaba.com>,
        Joe Perches <joe@...ches.com>,
        John Baublitz <john.m.baublitz@...il.com>,
        Julian Merkle <me@...erkle.de>,
        Léo Lanteri Thauvin 
        <leseulartichaut@...il.com>,
        Maciej Falkowski <m.falkowski@...sung.com>,
        Martin Rodriguez Reboredo <yakoyoku@...il.com>,
        Matthew Bakhtiari <dev@...k.me>,
        Matthew Wilcox <willy@...radead.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Miguel Cano <macanroj@...il.com>,
        Miguel Ojeda <ojeda@...nel.org>,
        Milan Landaverde <milan@...verde.com>,
        Morgan Bartlett <mjmouse9999@...il.com>,
        Nándor István Krácser <bonifaido@...il.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Niklas Mohrin <dev@...lasmohrin.de>,
        Petr Mladek <pmladek@...e.com>,
        Sumera Priyadarsini <sylphrenadin@...il.com>,
        Sven Van Asbroeck <thesven73@...il.com>,
        Tiago Lam <tiagolam@...il.com>,
        Viktor Garske <viktor@...ar.de>,
        Wedson Almeida Filho <wedsonaf@...il.com>,
        Wei Liu <wei.liu@...nel.org>, Wu XiangCheng <bobwxc@...il.cn>,
        Yuki Okushi <jtitor@...6.org>
Subject: Re: [GIT PULL] Rust introduction for v6.1-rc1

On Tue, Oct 04, 2022 at 01:32:49PM +0800, Xi Ruoyao wrote:
> On Sat, 2022-10-01 at 08:58 -0700, Kees Cook wrote:
> > Hi Linus,
> > 
> > Please pull the initial Rust support for v6.1-rc1. The tree has a recent
> > base, but has fundamentally been in linux-next for a year and a half[1].
> > It's been updated based on feedback from the Kernel Maintainer's Summit,
> > and to gain recent Reviewed-by: tags. Miguel is the primary maintainer,
> > with me helping where needed/wanted. Our plan is for the tree to switch to
> > the standard non-rebasing practice once this initial infrastructure series
> > lands. The contents are the absolute minimum to get Rust code building
> > in the kernel, with many more interfaces[2] (and drivers[3]) on the way.
> 
> Hi,
> 
> As a Linux From Scratch maintainer I have to express some concern.
> 
> I think I have the most open attitude to Rust among all Linux From
> Scratch members.  But this will be just *too* troubling for us.
> 
> I'm not against the use of Rust in kernel, but:
> 
> 1. Current implementation strictly depends on bindgen, which depends on
> libclang in turn.  It means even if the Rust support land in GCC 13,
> we'll still need to build and install the giant LLVM for building the
> Rust components in the kernel.  Is it possible to use some different
> approach (for example, including the binding in the kernel tree)?
> 
> 2. Squashing all the cmake, LLVM, and Rustc stuff into the Linux From
> Scratch book will be extremely painful, but still possible.  However, we
> currently need "A particular version of the Rust compiler".  This is
> just annoying.  What will happen if a security vulnerability suddenly
> shows up in the "particular version" required by a kernel LTS branch? 
> And from a distro maintainer's point of view this will forces us to
> build multiple Rustc versions.  I see the reason "the kernel depends on
> some unstable Rust features", but then shouldn't we wait for (or urge
> the Rustc developers for) the stabilization of these features, instead
> of merging Rust into the mainline too quickly?  Now they can declare the
> victory like "oh, the kernel is now using our language!" but *we* are
> paying all costs.
> 

Just my 2 cents.

IIUC the Rust support is still in the *experiment* stage, in other
words, the whole thing may get removed if things don't go well. So I
wouldn't recommend any distro to enable it for the LTS kernel or any
kernel used for production.

That said, it may be a good time to start thinking of the list of
prerequisites for distros to enable it. I believe you just mentioned a
few above, so thank you!

As for the "victory of them but cost of us" thing, TBH, we do use the
compiler and other tool from them (and for free), so that's fair ;-)
Besides if the victory make them care more about kernel needs, it's
better ;-)

Regards,
Boqun

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ