| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87r0get0no.fsf@metaspace.dk> Date: Wed, 13 Mar 2024 20:03:07 +0100 From: Andreas Hindborg <nmi@...aspace.dk> To: Boqun Feng <boqun.feng@...il.com> Cc: Bart Van Assche <bvanassche@....org>, Jens Axboe <axboe@...nel.dk>, Christoph Hellwig <hch@....de>, Keith Busch <kbusch@...nel.org>, Damien Le Moal <Damien.LeMoal@....com>, Hannes Reinecke <hare@...e.de>, "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>, Andreas Hindborg <a.hindborg@...sung.com>, Niklas Cassel <Niklas.Cassel@....com>, Greg KH <gregkh@...uxfoundation.org>, Matthew Wilcox <willy@...radead.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Alice Ryhl <aliceryhl@...gle.com>, Chaitanya Kulkarni <chaitanyak@...dia.com>, Luis Chamberlain <mcgrof@...nel.org>, Yexuan Yang <1182282462@...t.edu.cn>, Sergio González Collado <sergio.collado@...il.com>, Joel Granados <j.granados@...sung.com>, "Pankaj Raghav (Samsung)" <kernel@...kajraghav.com>, Daniel Gomez <da.gomez@...sung.com>, open list <linux-kernel@...r.kernel.org>, "rust-for-linux@...r.kernel.org" <rust-for-linux@...r.kernel.org>, "lsf-pc@...ts.linux-foundation.org" <lsf-pc@...ts.linux-foundation.org>, "gost.dev@...sung.com" <gost.dev@...sung.com> Subject: Re: [RFC PATCH 0/5] Rust block device driver API and null block driver Boqun Feng <boqun.feng@...il.com> writes: > On Wed, Mar 13, 2024 at 11:02:23AM -0700, Bart Van Assche wrote: >> On 3/13/24 04:05, Andreas Hindborg wrote: >> > This is the second version of the Rust block device driver API and the Rust null >> > block driver. The context and motivation can be seen in cover letter of the RFC >> > v1 [1]. If more context is required, a talk about this effort was recorded at >> > LPC [2]. I hope to be able to discuss this series at LSF this year [3]. >> >> Memory safety may land in C++ in the near future (see also >> https://herbsutter.com/2024/03/). If memory-safe C++ or memory-safe C >> would be adopted in the kernel, it would allow writing memory-safe >> drivers without having to add complicated bindings between existing C > > I honestly doubt it, memory-safe is not free, basically you will still > want unsafe part for the performance reason (or interacting with > hardware), and provide a safe API for driver development. I don't think > that part will be gone with a memory-safe C++. So the complication still > exists. But I'm happy to be proved wrong ;-) I think it is great that people are starting to realize that bringing memory safety to other systems languages is a good idea. But from one person blogging about it to things being ready for production is a long journey. Language designers have to design ways to express the new semantics, standards committees has to agree, compiler engineers have to build and test their compilers. Probably we need a few cycles of this to get things right. At any rate, it is going to take a while. Second, as Boqun is saying, interfacing the unsafe C part of the kernel with memory safe C++ is going to require the same complicated abstraction logic as the safe Rust APIs are bringing. The complexity in bringing Rust to the kernel is not coming from interfacing a foreign language. It stems from the inherent difficulty in designing memory safe wrappers around unsafe C APIs. Best regards, Andreas
Powered by blists - more mailing lists