lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 23 Oct 2023 09:40:14 -0500
From:   Carlos Bilbao <carlos.bilbao@....com>
To:     Andrew Lunn <andrew@...n.ch>,
        Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc:     Miguel Ojeda <ojeda@...nel.org>, Jonathan Corbet <corbet@....net>,
        Wedson Almeida Filho <wedsonaf@...il.com>,
        Alex Gaynor <alex.gaynor@...il.com>,
        Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
        Björn Roy Baron <bjorn3_gh@...tonmail.com>,
        Benno Lossin <benno.lossin@...ton.me>,
        Andreas Hindborg <a.hindborg@...sung.com>,
        Alice Ryhl <aliceryhl@...gle.com>, linux-doc@...r.kernel.org,
        rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
        patches@...ts.linux.dev
Subject: Re: [PATCH] docs: rust: add "The Rust experiment" section

On 10/20/23 10:00, Andrew Lunn wrote:
> On Wed, Oct 18, 2023 at 06:41:10PM +0200, Miguel Ojeda wrote:
>> On Wed, Oct 18, 2023 at 6:27 PM Andrew Lunn <andrew@...n.ch> wrote:
>>>
>>> It very unlikely end users read this document.
>>
>> We can add a note to the Kconfig symbol too -- would that be OK with you?
>>
>>> And that statement is
>>> not limited to end users, it is true for everybody.
>>
>> Agreed, but that bit is meant to emphasize that end users do not have
>> a reason to use it at all (unlike kernel developers etc. from the
>> previous paragraph)
>>
>>> What we should be saying is that Rust for the Linux kernel in general
>>> is not ready for production use. Developing drivers in Rust is
>>> currently for experimentation only. Given the experimental nature of
>>> the work, there is some risk Rust will never be ready for production
>>> use.
>>
>> The risk is that Rust gets dropped from the kernel because it is not
>> used enough, not so much that there is a fundamental problem to solve
>> in order to reach production.
> 
> I've talked to a small number of netdev developers, not many, but
> some. The general impression i get is that it is unclear what
> experimental actually means, and they have no idea what makes it not
> production ready. The two are also not necessarily mutually exclusive.
> 
> To me, it appears Rust is not production ready because:
> 
> You need to disable module versioning.
> You need to disable structure layout randomisation
> 
> On X86, you need to disable X86_KERNEL_IBT and RETHUNK, both of which
> are part of the mitigation for speculative execution vulnerabilities
> 
> So no vendor is going to release a kernel with these disabled.
> 
> Networking also tends to be architecture independent, so production
> features need to run on X86, ARM, ARM64, and to a lesser extent MIPS,
> RISC-V, etc. I know this is documented, but it does not appear to be
> that well known within the networking community.
> 
> Networking people also tend to be interested in endianness, does the
> code work on big endian as well as little endian? Big endian is dying
> out, but its not gone yet. However, with only x86 supported in
> mainline today, it does not seem possible to test big endian. I assume
> the rust type system will actually deal with this to a large extent?
> But are developers writing abstractions which are sound with respect
> to endianness?
> 
> I think it would be good to describe the experiment a bit. With a
> multi year experiment, you often have short term goals and long term
> goals.  What are these goals? What is the Rust for linux community
> trying to prove in the next few kernel cycles? What do you consider to
> be 4 or more cycles away? What do you consider not so important now
> because its not needed for your short term goals? That might also help
> developers understand when it will transition to production ready, but
> still be experimental.
> 
> And you obviously need a disclaimer, Rust for Linux is a community,
> developers are free to scratch their own itch, so things might happen
> in a different order. And information like this might help get people
> involved, helping solve some of the limitations, spur research into
> different goals etc.
> 

Points such as:

- Clarifying the definition of 'experimental' and why Rust is not yet
   considered production-ready.

- Providing insights into the short-term and long-term goals of the
   project.

- Addressing concerns related to endianness.

are indeed important aspects to consider, and documenting them would help.
But that's not what this commit is about, and the index page is the last
place to comment on such evolving topics.

> 	Andrew
> 

Thanks,
Carlos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ