lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANiq72nXcyig=FYY5NEP1RYADArk86XJEUxsoA5R2gGe7O3uLg@mail.gmail.com> Date: Tue, 17 Oct 2023 17:03:56 +0200 From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Benno Lossin <benno.lossin@...ton.me>, Andrew Lunn <andrew@...n.ch>, FUJITA Tomonori <fujita.tomonori@...il.com>, netdev@...r.kernel.org, rust-for-linux@...r.kernel.org, tmgross@...ch.edu, boqun.feng@...il.com, wedsonaf@...il.com Subject: Re: [PATCH net-next v4 1/4] rust: core abstractions for network PHY drivers On Tue, Oct 17, 2023 at 4:21 PM Greg KH <gregkh@...uxfoundation.org> wrote: > > Again, no, deal with what we have today, kernel code is NOT > future-proof, that's not how we write this stuff. That would make the abstractions "unsound", i.e. UB could be introduced from safe Rust code, which is what Rust aims to prevent. It is not so much that we care about "unwritten code" (or out-of-tree code), but rather that it prevents having UB in users of the abstractions. Put another way, there may be no code today that triggers UB, but there could be, tomorrow, with a new driver. Or when somebody modifies a module. The goal is to simply not allow broken users to compile to begin with. So if we allow unsound abstractions to be merged, then we are essentially losing that "layer" of protection that Rust gives, and thus one of its key advantages. Instead, if we manage to keep the abstractions sound, then we can review Rust modules that do not use `unsafe` and statically know that they are not introducing UB. Cheers, Miguel
Powered by blists - more mailing lists