Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp3063551pxb; Mon, 19 Apr 2021 22:57:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzRxUO+XCcygO3qgFe48hrzD40q20Rj3/gBiHK0jXH1FhmI+x+t+QqMyUJflOWlv90sJE5I X-Received: by 2002:a17:90b:1a85:: with SMTP id ng5mr3069498pjb.116.1618898235220; Mon, 19 Apr 2021 22:57:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618898235; cv=none; d=google.com; s=arc-20160816; b=I4rWEZibJuF0COnDJd+8jxJwEUwy/Gzn1tWHzOfpmzDTBmPIc/iFePSohPhQaGiYF1 JyJLiiJ/wKk4OZ/1XQKDMfG2QeyFOiRL+pcZXI91OWlD8tkxpT1Z6nYsYrouPQ+647Q/ 6JViGnQpreWKMQtkxXHyCr3+/o3AAkGYmNondruCcD5A94/Ur5FIuVsW0K0tLNq3t1V6 VLVWAa33YctUaw3gTCesq3vBv7OWzTi7eWQFDjFsb8/HF1wNeihn1ETwgQQR0xQPlCFW p9cRQEsPJq6FLwnDp5599Q1Y3yX5WORulORfCWRgB8MZh2opdpMGea4XHKrBBY5wAjO6 rTbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7tZaKdtR1pp2uaMFzn2Rd1VUs1hfOUD6bf2hylTE+kM=; b=XbCfmB2D0OYrTSLv9X0Y3fDR7TJPjv+P7Lvw0likd/I1xRyVofknc0urRfM+5VwLU/ u2srX5R830CLSXm+xkNtKnzIlBLHwy9xhNdbrsfWtk7lLvvqhH6fnzupL9P8R2bO8Ugq bZyA2lNOaNwS1hHwsXlYbB43IEUF5+H5QaZkkl+xueYGv8saIZtlYRjA+nmtZZAfQwZq /yZiHwaiLVa4OGqQYkjSCaIZfumtmOpH1cJ6MlxrvHyAM7ylFUR7SYiNP09zCuFzj4cv RHkqmkXZ+E+sQ94cLSlFzBLWzMlgNVAQAXwq+Boy4MMsIeZzaqalSmA4gPQB+P2jVi2R 3wpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yLRHRao1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x21si20068576pgk.509.2021.04.19.22.57.03; Mon, 19 Apr 2021 22:57:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yLRHRao1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229843AbhDTF4z (ORCPT + 99 others); Tue, 20 Apr 2021 01:56:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:38326 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229523AbhDTF4y (ORCPT ); Tue, 20 Apr 2021 01:56:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 67D3A613AB; Tue, 20 Apr 2021 05:56:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618898183; bh=AoItUNHEmXnc+WhY2vv+SDiIYZaBYyxKKaEUuXAKOnc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yLRHRao1YeRo1rP34FLTq5Is/ZFLkWDWN7ziGMV42m6yUr9uorGazd96OODAevqDc Zy+74225py/5k41YW2OiG0SJx+qR07nqmxOOwVFAKSNf5AD+EADJXM7cuaTZCzUczv rST2Q3jy3oulKqsudlwEGMhwNbfv/6/dBO2EdG8Q= Date: Tue, 20 Apr 2021 07:56:18 +0200 From: Greg Kroah-Hartman To: Nick Desaulniers Cc: Willy Tarreau , Wedson Almeida Filho , Peter Zijlstra , Miguel Ojeda , Linus Torvalds , rust-for-linux , Linux Kbuild mailing list , Linux Doc Mailing List , linux-kernel , Dmitry Vyukov , Miguel Ojeda Subject: Re: [PATCH 00/13] [RFC] Rust support Message-ID: References: <20210414184604.23473-1-ojeda@kernel.org> <20210416161444.GA10484@1wt.eu> <20210416173717.GA10846@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 19, 2021 at 05:24:33PM -0700, Nick Desaulniers wrote: > On Fri, Apr 16, 2021 at 10:39 AM Willy Tarreau wrote: > > > > resources usage, I'm really not convinced at all it's suited for > > low-level development. I understand the interest of the experiment > > to help the language evolve into that direction, but I fear that > > the kernel will soon be as bloated and insecure as a browser, and > > that's really not to please me. > > Dunno, I don't think the introduction of Rust made Firefox _more_ insecure. > https://wiki.mozilla.org/Oxidation#Within_Firefox > > I pray no executives ever see Dmitry Vyukov's 2019 Linux Plumbers Conf > talk "Reflections on kernel quality, development process and testing." > https://www.youtube.com/watch?v=iAfrrNdl2f4 > or his 2018 Linux Security Summit talk "Syzbot and the Tale of > Thousand Kernel Bugs" https://www.youtube.com/watch?v=qrBVXxZDVQY > (and they're just fuzzing the syscall interface and USB devices. > Imagine once folks can more easily craft malformed bluetooth and wifi > packets.) > > I'd imagine the first term that comes to mind for them might be > "liability." They are quite sensitive to these vulnerabilities with > silly names, logos, and websites. There are many of us that believe > an incremental approach of introducing a memory safe language to our > existing infrastructure at the very least to attempt to improve the > quality of drivers for those that choose to use such tools is a better > approach. I would LOVE it if some "executives" would see the above presentations, because then they would maybe actually fund developers to fix bugs and maintain the kernel code, instead of only allowing them to add new features. Seriously, that's the real problem, that Dmitry's work has exposed, the lack of people allowed to do this type of bugfixing and maintenance on company time, for something that the company relies on, is a huge issue. "executives" feel that they are willing to fund the initial work and then "throw it over the wall to the community" once it is merged, and then they can forget about it as "the community" will maintain it for them for free. And that's a lie, as Dmitry's work shows. The world creates new use cases and testing ability all the time, which exposes bugs that have been around in old code. Once the bugs are fixed in that layer of code, the next layer down can finally be tested and then look, more corner cases of issues. Rewriting the kernel in another language is not going to fix the majority of the issues that fuzzing finds here automagically, as that work has exposed us to things like fault-injection and malicious USB packets that no language would have saved us from "automatically". All of those code paths deal with "unsafe" data that doesn't magically become "safe" because we switch languages. And over time, what we have determined is "safe" has changed! People forget that only a few years ago have we decided that the kernel now has to protect userspace programs from malicious hardware. That's a major shift in thinking, now data that we used to blindly trust can not be trusted at all. And "executives" want us to fix all of those issues for free, when really it's a major design shift for loads of kernel subsystems to handle this new threat model. So yes, please spread that talk around. Maybe then will we actually get funding and support to FIX the bugs that those tools test. Right now, the primary fixer of those findings are _INTERNS_ as that's all companies are willing to fund to fix this type of thing. And don't get me started on the inability for "executives" to fund other parts of Linux that they rely on, because they want "other companies" to do it instead. The tragedy-of-the-commons is a real threat to Linux, and always has been... thanks, greg k-h