lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Apr 2023 01:41:46 +0200
From:   Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To:     Hans Petter Selasky <hps@...asky.org>
Cc:     Daniel Almeida <daniel.almeida@...labora.com>, wedsonaf@...il.com,
        ojeda@...nel.org, mchehab@...nel.org, hverkuil@...all.nl,
        rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-media@...r.kernel.org, kernel@...labora.com
Subject: Re: [PATCH 0/6] Initial Rust V4L2 support

On Mon, Apr 10, 2023 at 8:59 PM Hans Petter Selasky <hps@...asky.org> wrote:
>
> Adding a dependency to build the Rust compiler even to build one or two
> V4L2 device drivers, would mean a lot to my small hselasky/webcamd
> project. It already has to fetch a copy of the Linux kernel, and now has
> to bootstrap Rust from stage0 to stageN. I personally say no. It's like

Do you mean you need to compile `rustc`? Could you please explain why?
Could you use your distribution's, or fetch the standalone installers
or cache your own toolchain?

> XCode unfortunately. I download 100's of GBytes of upgrades to XCode,
> and barely upload one millionth worth of code back to Apple. It's not
> good. Software developers shouldn't have to download more stuff than
> they upload?

The Rust standalone installers are 2+ orders of magnitude lighter.

> The definition of "bugs" may vary of course. I was thinking more like
> stack exploits, missing validation of arrays and so on.

The kernel definitely needs to avoid those. What do you mean?

> I must admit I'm not a Rust guy and don't see the advantages of Rust
> like you do.

The advantages are fairly clear. The question has always been whether
the cost is worth those benefits.

> Why not move Linux-V4L2 drivers to user-space? In my opinion Rust is
> much more easy to get going there than at the kernel level.

That sounds like an orthogonal discussion.

In any case, please note that you would need to install the same Rust
toolchain to compile them in userspace. So, if you are concerned about
the size of the toolchain (as you mention above), it would not really
make a difference.

> Rust is slow based on my observations building Firefox from sources. The
> Rust compiler spends a significant amount of time per source file.

It is slower than compiling C, but it also provides more features, so
it seems fair for what we are getting in exchange.

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ