| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANiq72n-q0vdzp=Tb=brue+BMoNYdCTKsqcMYUsvKgvu9ZqGoQ@mail.gmail.com> Date: Wed, 10 Sep 2025 12:00:59 +0200 From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> To: Alexandre Courbot <acourbot@...dia.com> Cc: John Hubbard <jhubbard@...dia.com>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <lossin@...nel.org>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>, Alistair Popple <apopple@...dia.com>, Joel Fernandes <joelagnelf@...dia.com>, Timur Tabi <ttabi@...dia.com>, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org, nouveau@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org Subject: Re: Implicit panics (was: [PATCH v2 2/8] gpu: nova-core: firmware: add support for common firmware header) On Wed, Sep 10, 2025 at 7:45 AM Alexandre Courbot <acourbot@...dia.com> wrote: > > That would be nice, but also wouldn't cover all the cases where implicit > panics can happen, like out-of-bounds slice accesses - we can't have a > "report-and-continue" mode for these. In principle, it could cover OOBs (even if it is a bad idea). > But perception matters, and such crashes can be damaging to the reputation of the project. Yes, we are well aware -- we have had it in our wish list for upstream Rust for a long time. We are tackling these things as we go -- e.g. we solved the `alloc` panics and the ball on the report-and-continue mode for overflows started moving. Part of Rust for Linux is about making Rust the best language for kernel development it can be, after all, and so far upstream Rust has been quite helpful on giving us the features we need -- we meet with them every two weeks, please join if you have time! (Side note: the "safety" that Rust "sells" isn't really about avoiding panics, although obviously it would be a nice feature to have.) > Writing a uC topic proposal for Plumbers right now. :) I see it there, thanks! I can briefly mention the topic in Kangrejos, since we will have Rust representation, including from the language team. I don't think the discussion should focus much on "Do we need this?" but rather more on "What exactly do we want? Would we be OK with a local solution? Do we need/want a global one? Would we be OK with LSP? Would we be OK with no panics after optimizations, e.g. a link time check? Or do we want full support in the language for guaranteed non-panicking functions? Do we need exceptional carve-outs on such checking for particular language constructs?" and so on. And, of course, "Who has time to write an RFC and implement an experiment upstream if an approach is decided". Getting data on "in practice, how much of an issue it is on the Rust side" would help too -- those with actual users running Rust kernel code probably can tell us something. What I would personally expect to happen is that, over time, we understand better what are the worst cases we must tackle. Cheers, Miguel
Powered by blists - more mailing lists