Rust in the FreeBSD kernel

Andriy said:
I am following the Linux Rust experiment with much interest.
The most curious thing for me is where and how they will harness the (comparative to C) great power of Rust.
But so far I see only simple and trivial kernel drivers being done in Rust.
Click to expand...
Apropos serious operating system use of Rust, have you seen the work of the Google Android (a Linux fork) team?

About three years ago Google decided to analyze the CVE for Android bugs, and pick a hot spot (modules in the codebase where the most defects were found over the past several years) to refactor into Rust. That experiment was successful enough that they kept going.

Apparently the team had almost no Rust experience when they started.

Newly reported exploitable defects in Android began falling immediately, and have continued falling, steadily.

Rust in Android: Move fast and fix things.
 
cracauer@ said:
Aren't device drivers inherently not suitable for safe programming? Every time you write into device memory it is unsafe.
Click to expand...
There's at least some theoretical advantage to implementing a device driver in memory safe languages due to the exploitability of the non-DMA parts of the driver.

Every other member of this forum knows more about this than do I, but a quick glance at the CVE for FreeBSD shows some candidate examples (one would need to look at the code commit history of the patch to see for certain.) Consider CVE-2025-0373 Buffer overflow in some filesystems via NFS including tarfs and ext2fs as one possible example.
 
rbranco said:
I don't think hatred is what drives most people and even organizations. There are valid technical reasons to use FreeBSD that are not related to the licenses.

Most of the push for Rust+MIT is ideological, though. They do hate the FSF because of Richard Stallman.
Click to expand...
Apple, rather famously, spent about 20 years and invested a few billion dollars to expunge the GPL from macOS. This was one of several motivations behind LLVM/Clang.
 
cracauer@ said:
This is the 39c3 talk about FreeBSD jails. We discussed the general conclusions in a different thread, but I want to add it here because it mentions Rust in the FreeBSD kernel as one recommendation. They found 50 or so bugs mostly related to jails isolation and a majority of those wouldn't have happened in Rust.

media.ccc.de

Escaping Containment: A Security Analysis of FreeBSD Jails

FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compro...
media.ccc.de media.ccc.de

47 min 40 sec ia the recommendations is Rust.

54:50 is a followup question - would you turn on integer overflow checking?
Click to expand...
Color me skeptical

Linux Kernel Rust Code Sees Its First CVE Vulnerability - Phoronix

www.phoronix.com www.phoronix.com

TARmageddon Strikes: High Profile Security Vulnerability In Popular Rust Library - Phoronix

www.phoronix.com www.phoronix.com
 
Here is a paper on using LLMs to help with memory safety in C:

LLM Assistance for Memory Safety - Microsoft Research

Memory safety violations in low-level code, written in languages like C, continues to remain one of the major sources of software vulnerabilities. One method of removing such violations by construction is to port C code to a safe C dialect. Such dialects rely on programmer-supplied annotations...
www.microsoft.com
 
cracauer@ said:
Here is a paper on using LLMs to help with memory safety in C:

LLM Assistance for Memory Safety - Microsoft Research

Memory safety violations in low-level code, written in languages like C, continues to remain one of the major sources of software vulnerabilities. One method of removing such violations by construction is to port C code to a safe C dialect. Such dialects rely on programmer-supplied annotations...
www.microsoft.com
Click to expand...
April arrived rather late in the year.
 
bvdw78 said:
April arrived rather late in the year.
Click to expand...

I don't see it as that hopeless.

I see it as something you let loose on your existing code, which you already engineered to have no memory errors you are aware of. The LLM gives additional suggestions. Outside an occasional misleading comment that could confuse you into relexing your perfectly fine own code I see this as a useful additional eye on the same code.
 
You must log in or register to reply here.
Back
Top