Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp743545pxb; Thu, 15 Apr 2021 05:41:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzG0YKhptMykVOmS/gt/mU73JEw0/nT1Nyt6PCR+YxtVby4MgeUcijxtJrUTXR3oURXygly X-Received: by 2002:a17:902:cec4:b029:e9:58eb:562b with SMTP id d4-20020a170902cec4b02900e958eb562bmr3642964plg.63.1618490480194; Thu, 15 Apr 2021 05:41:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618490480; cv=none; d=google.com; s=arc-20160816; b=W3OtTUF0Vc8Ko4bemw5gSiWxCOglfTSNJdETHu+78wSHjnTEa+A3r8VeifXNSRBdAH y7O1MROms8U+tFbhB2F63MtXkcW64i3Jlae7/Gbn/4EzJPQA9iK+DHu7RaUe22O35EWM +XErUiHrH3yMpm2wsaZjDUvEpEHuB0f5RFFld7yq06XXKkMynQGnOAR4dglLzlZ5Ab+6 6VWeEpwY1RRmmXJl3ckJfDORI4rgsmaXpbv08wIBGhSQ5JGUPQL3Cr6CDImtTlDw5tGC BGXmVAQOFQPUTE6J57uGvcInbt/FPvX/rHCz9GhMRTUqK+GbnFsJ2kAqRoC2D+usWSQa 1wew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=HNWPrpdPoD+pXH9p1hvOGpr8+bIHmvjS+4XG2ldZ0Sc=; b=kOZXiki8RbYLjPyVyq5ty6fSc+CguGiF3b2d3b7Dqn1nxzc4EmLko8wRDSy8MY/EDZ HIn0A/fdUVVO2XIU8/WdPvh5oZlO+D8/42m8tfKGnscFV9B3QenQ4baM2BQbwqiKnGIz qjUw+ew7E7EjLQ8fq1pGJoQmwol/SrRrTUQB1v4uDHZONOZdiOAEO7NMFRO3XeZrK45g 7EQPk5YFucdiINsn5buex+BoZ4XCNNvAhRu0ylgaA7S2wO2dALiFi90kXG1+rVtqSqbD BnpMx5O3dtRJtKSgK5hurP3HuCVVliQdFwcM7VFnNzFYHFJniMfZ5pqHO/PsusRmNUrY mgDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PHuF3KrG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c1si3485207pfv.164.2021.04.15.05.41.07; Thu, 15 Apr 2021 05:41:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PHuF3KrG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232887AbhDOMkf (ORCPT + 99 others); Thu, 15 Apr 2021 08:40:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230202AbhDOMke (ORCPT ); Thu, 15 Apr 2021 08:40:34 -0400 Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DEAFC061574; Thu, 15 Apr 2021 05:40:10 -0700 (PDT) Received: by mail-yb1-xb29.google.com with SMTP id v3so23612003ybi.1; Thu, 15 Apr 2021 05:40:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HNWPrpdPoD+pXH9p1hvOGpr8+bIHmvjS+4XG2ldZ0Sc=; b=PHuF3KrGqNBmqAhI7J+l69fge3/RxdwOfMm73BbiapXnaS25fJER94tzGL0volq6nJ uVBdFT87qfAFF6Mk9bToFO5RRpRY90hP8G2jKu6QeUr2Kt50f58LPPu85yVORSpWVKYQ hd5D4KclIVt0np3ZmNZEmb7ZR6eE10A3wTDxilcHC6fMWxbsbaw7jKcI3tcqLt7m/ckn QCJhcjmQCzFCbiJw4xc7e+DIitZozXwIlcRRUisdbJZcbZMG2ORchleytjjRVcsDlsJG RID3l6K3+u7ePY/dvZTSnJKqVAerSfoEiYE3lytwF4HiVmXSsLtV4suJai+7Q/Hp3CEL ia6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HNWPrpdPoD+pXH9p1hvOGpr8+bIHmvjS+4XG2ldZ0Sc=; b=FP4tmY1b/bHhUbmHF7dd4X43sr9hNfsRYQO1uy8Yq1AprYKopqsC987jJriFyLqfNG MMkKQVYnihXyHWoGq+B85YXA6uFqSS6s7OaaS2msKFe2PUQuOs6trzHHj4K+tl2NvYlR etI4sED1MUGhOaE5o28W4vFggPAjErh0y/rVjy0LBcKjPtZEo7TMzY61NnZ7yXb1eT/0 qJaj79/l8yi8NTGBZTjKuYXB5IaEKROy3BnF/nTq6yJ/UWVNHwPhDkNJ/tDoYSpNHqpb W8umJxPNsHNpndXk7nKQoVdLn+q+wgNFpp1YwCyYnW8fH+Yzl5XsRIi0PL3ckPXVGdl9 Cm/w== X-Gm-Message-State: AOAM533uA6CJ/ssg3J/DvhRgh9cFZhpCGyh7DUk44GsGIlczf7cJZuvZ 29H+uf2gHd2dGWYERI+mwpCnyyL373RI9FzNrXugrek1iyc= X-Received: by 2002:a25:cfc2:: with SMTP id f185mr4317197ybg.26.1618490409882; Thu, 15 Apr 2021 05:40:09 -0700 (PDT) MIME-Version: 1.0 References: <20210414184604.23473-1-ojeda@kernel.org> <202104141820.7DDE15A30@keescook> In-Reply-To: <202104141820.7DDE15A30@keescook> From: Miguel Ojeda Date: Thu, 15 Apr 2021 14:39:58 +0200 Message-ID: Subject: Re: [PATCH 00/13] [RFC] Rust support To: Kees Cook Cc: Linus Torvalds , Miguel Ojeda , Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, Linux Kbuild mailing list , "open list:DOCUMENTATION" , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 15, 2021 at 3:38 AM Kees Cook wrote: > > Before anything else: yay! I'm really glad to see this RFC officially > hit LKML. :) Thanks! :) > When originally learning Rust I was disappointed to see that (by default) > Rust similarly ignores the overflow problem, but I'm glad to see the > very intentional choices in the Rust-in-Linux design to deal with it > directly. I think the default behavior should be saturate-with-WARN > (this will match the ultimate goals of the UBSAN overflow support[1][2] > in the C portions of the kernel). Rust code wanting wrapping/checking > can expressly use those. The list of exploitable overflows is loooong, > and this will remain a weakness in Rust unless we get it right from > the start. What's not clear to me is if it's better to say "math with > undeclared overflow expectation" will saturate" or to say "all math must > declare its overflow expectation". +1 Agreed, we need to get this right (and ideally make both the C and Rust sides agree...). Cheers, Miguel