hngopher.com

       [HN Gopher] Rustproofing Linux (Part 1/4 Leaking Addresses) (2023)
       ___________________________________________________________________
        
       Rustproofing Linux (Part 1/4 Leaking Addresses) (2023)
        
       Author : wglb
       Score  : 45 points
       Date   : 2024-08-27 17:34 UTC (5 hours ago)
        
 (HTM) web link (research.nccgroup.com)
 (TXT) w3m dump (research.nccgroup.com)
        
       | smj-edison wrote:
       | I think "pitfalls of porting Linux C to Rust" would be a more
       | descriptive title, if verbose.
        
       | tetromino_ wrote:
       | Summary: a naive port of a kernel driver from C to Rust can
       | easily introduce information leak vulnerabilities, which in
       | kernel-style C were automatically prevented by preprocessor
       | trickery.
        
         | one_even_prime wrote:
         | More like: the Linux kernel re-implementation of Rust "print"
         | has a bug that causes it to not adhere to Linux kernel
         | conventions.
         | 
         | I'd expect that now that the bug has been reported, it'd be
         | fixed by just hashing pointer addresses before printing them.
         | 
         | I also expect that "reimplementing X in a different programming
         | language" introduces logic bugs, like the one above, and that
         | those involved have deemed what they get out of it worth the
         | effort of hashing these sort of bugs long term.
         | 
         | From the kernel pov, all of these bugs are safety issues, so
         | the article authors are surprised the unsafe keyword is not
         | required to introduce them, but from Rust's pov, they are just
         | logic bugs, which safe Rust does not protect against. One of
         | the main challenges those working on Rust in the kernel will
         | have is figuring out how to educate other kernel developers
         | about Rust (what it does and does not protect against, setting
         | the right expectations, etc.). I think these articles are a
         | great step in that direction.
        
           | akira2501 wrote:
           | > is figuring out how to educate other kernel developers
           | about Rust
           | 
           | Why have one class of logic errors when you can have two?
        
             | stouset wrote:
             | Why try to improve anything when you could just keep the
             | original implementation around for forever?
        
       ___________________________________________________________________
       (page generated 2024-08-27 23:00 UTC)