From nobody Fri Sep 06 16:53:01 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X0j343Hxtz5VVcn for ; Fri, 06 Sep 2024 16:53:04 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x143.google.com (mail-il1-x143.google.com [IPv6:2607:f8b0:4864:20::143]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X0j341Yp7z43V2 for ; Fri, 6 Sep 2024 16:53:04 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-x143.google.com with SMTP id e9e14a558f8ab-39f49600297so8050505ab.1 for ; Fri, 06 Sep 2024 09:53:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1725641583; x=1726246383; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+aCLOkJOUyZjwv9vpmmoRI2vLk/oxFf8nNQ4jYTGxQs=; b=fmGZoBzRaixinsMo90c0nctst7Sn8knaNlvZ7DmvZTwGoizXPmOkeC+l3tMtyBSO6l 0F+mj9XUJMmgYGoR6HyC/VqSiJMnew88Ebot/EoHXFx1joSNJkizvK2VmIg0EQJ/GTwm ftgrWwUVVcgP0slrDgv/5iuEBePdSeEPmySa+XfB6P0wGCDqCiHE/LYRk1Xa+3bOU1g9 5EleITJzoGYAFgRvK5+h1Q8JiMLIWCRvjej7KqbERp9rx56GQcqq3Df8G7I5gMrfgp0D 9pq1K8cZyJb436K+ip3TTVEqbN5GNTqxPnM27J7rvqKNtGg8Gxi8hwCjyZtOcsJISL0m f1dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725641583; x=1726246383; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+aCLOkJOUyZjwv9vpmmoRI2vLk/oxFf8nNQ4jYTGxQs=; b=LwjQaSdgXllO9jnR2LLyfETmEYkwdbFCUk3HSw//8wPmHCbNFATSjxVkmrcdlMCjsq pWAITG1x6+ZUYoh2W+cOSbLC4Nmb/EfYlVeobHFpOS/9Kqn9TkeEJvQEgwFkj4xca6qQ yMwRFpaSNc68mS6WN3TlVHuJTvHrs1ag17YIv54B1/pfr72NyekCp204Ah2A7fk4pUP9 E9z1+mQwyU/hSLRW9Eq0/NHGv+8dX3xaZkmAfA0jv4HKbrYeqryT0h0oLzechH4L/mTG 5hrQBATlR0QpWdijpBQoR9zLLr+iIbA5JB1JVuv+OltRlOo6kvHDSEaJSNu2nX3FRMco cu0A== X-Forwarded-Encrypted: i=1; AJvYcCVJz75Qn5LLcGIzwJa9CAwKN/fy5dPFTfak2us+f4+S93ZNEKI77PGIcvMFU3t2uhr9qIS5WJ89OUDF+Ji9j4M=@freebsd.org X-Gm-Message-State: AOJu0Yy5fUNIPfyD2EsgVw2jALEMgeMu58kxuyPhocWKdLaW56smtX3G YMVxvlzo7SufmzM66A1LvxCEoJ3hLs/1pZbxSyZ4xeXdyQhOulGMvmQT9NOsRTU= X-Google-Smtp-Source: AGHT+IFtG8qVDuvCQsY3g7Cj/aeizuBDn20Q3tP00a/23sJuRgyYOksJiAkpc9Ea1PcHHednAAOJ0g== X-Received: by 2002:a05:6e02:19c6:b0:39f:b5e7:93f3 with SMTP id e9e14a558f8ab-39fb5e79519mr107127215ab.20.1725641583116; Fri, 06 Sep 2024 09:53:03 -0700 (PDT) Received: from mutt-hbsd (174-24-73-190.clsp.qwest.net. [174.24.73.190]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-39f6ebe5ba6sm18638195ab.13.2024.09.06.09.53.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 09:53:02 -0700 (PDT) Date: Fri, 6 Sep 2024 16:53:01 +0000 From: Shawn Webb To: Baptiste Daroussin Cc: Alan Somers , FreeBSD Hackers Subject: Re: The Case for Rust (in any system) Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="begvzjljlzqbr65o" Content-Disposition: inline In-Reply-To: X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4X0j341Yp7z43V2 --begvzjljlzqbr65o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 06, 2024 at 09:19:44AM UTC, Baptiste Daroussin wrote: > On Thu 05 Sep 12:09, Alan Somers wrote: > > By now I expect that most of you have seen the long list of new > > security advisories that just came out. Strikingly, all were the > > result of memory handling errors. And none of them wouldn't have > > happened if their respective programs had been written in a > > memory-safe language. > >=20 > > In fact, of all the C bug fixes that I've been involved with (as > > either author or reviewer) since May, about three quarters could've > > been avoided just by using a better language. > >=20 > > The real takeaway here is that C is no longer sufficient for writing > > high quality code in the 2020s. Everyone needs to adapt their tools. > > Programmers who don't will increasingly come to resemble experimental > > archaeologists, i.e. people who learn flintknapping to "keep the > > knowledge alive". Such people are valuable, but definitely niche. I > > for one don't want my career to go in that trajectory. > >=20 > > To summarize, here's the list of this week's security advisories, and > > also some other recent C bug fixes of my own involvement: > >=20 >=20 > Jumping on this one, I think at least that is my understanding from the p= revious > threads, that using some rust has not been rejected, so keeping discussing > at length and trying to force convince people will not lead to anything t= hat > would make progress on the rust integration process. >=20 > On the other side there have been many "work to do, problem to solve" tha= t has > been raised to allow to make it happen, so far I have seen none of the ru= st > people actually trying to work on solving those issues, I would have expe= cted > now to see patches, design proposals, questions and so on to move forward. >=20 > For the people who want to see rust usage in base, it is time to start the > actual hard part if you don't want those threads to be seen as "yakafokon= " (as > we say in french, I don't know if there is an equivalent of it): > - make a plan > - write patch and poc on how to integrate to our build system > - discuss with the people who volunteered to help on the build system, on= the > release engineering, or on the packaging side. > - create AND lead the working group to make this happen. Hey Baptiste et al, I'm including the email I sent to this list last week below. Unfortunately, due to having to clean up some fraudulent financial activity last weekend, I didn't make any progress. I'm hoping to split my time this weekend between working towards my OSCP cert and this work. =3D=3D=3D=3D BEGIN ORIGINAL EMAIL =3D=3D=3D=3D So, to those thoughts, in list form (in no particular order): 1. Use of Rust compiler toolchain support will be for userland components in an opt-in fashion. Meaning, all userland components written in Rust will be optional. 2. It does not make sense to perform a vendor import of the Rust compiler toolchain and standard libraries. All Rust code in the src tree must be built from an external toolchain. 3. I believe the notion of an external toolchain could be abstracted such that we can support any optional userland component written in a language supported by that external toolchain. This would imply that other alternative languages could be supported with minimal work (Zig, TypeScript, Python, Java, etc.) 4. We could provide auto-detection mechanisms for determining which external toolchains are available, their language support, etc. The initial proof-of-concept would likely be limited to Rust to save on time and complexity. 5. As the work matures, and perhaps as a requisite for eventual inclusion, we could land support for more than Rust. This might be a step too far, but hey, it's one of the thoughts I had. 6. So all of this wrapped up means that: A. This is NOT a call to rewrite everything in Rust. This work will only permit NEW, OPTIONAL components to be written. B. Other languages/toolchains/ecosystems could be supported, not just Rust. C. Initial focus is on userland components. Rust in the kernel is out of scope for this initial proof-of-concept. D. I would like to see Rust in the kernel. That would be a good next area of focus once userland support reaches some level of maturity. My first goal will be to get a better understanding of src.git/Makefile and src.git/Makefile.inc1. As I study that, I'll also study your work, Alan. I really appreciate the time you have taken. I might reach out to you and Warner directly for further questions. =3D=3D=3D=3D END ORIGINAL EMAIL =3D=3D=3D=3D I feel like I should elaborate on item 6.A a little bit. It would be cool to see some utilities rewritten in Rust (bhyve would be a great candidate), but my work will focus only on new (completely optional) utilities solely to get some momentum going. I should also note that this likely will expand FreeBSD's existing notion of an external compiler toolchain. If I understand correctly, though, the existing external toolchain support targets C/C++ code. I'd like to expand that to support !(C || C++), beginning with Rust. So, for the community reading between the lines, I'm hoping to make this support languages/ecosystems other than Rust. That includes Ada/SPARK, Python, Java, or even Brainfuck for the true masochists. ;-) I'm starting with Rust, though, because that's what appeals most to me. Hopefully, as time progresses, others can expand that work even further for those additional languages/ecosystems. ${LIFE} does tend to be a bit chaotic and unpredictable at the moment, so I can't promise timeframes--which is why I usually use the word "hope" when talking about what I would like to accomplish within a given weekend/month/etc. Let's see how this goes. :-) Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --begvzjljlzqbr65o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmbbM2YACgkQ/y5nonf4 4fpZFBAAmqcOkKJ49CdgSKG6mUHu1N3iIowY5KOcE7921LgzVIK8RkqO33bEr8n/ vgFp4JDxdWksWrRi7Wlo/XLvOXwrLggEkLkcWA2I9no0wXSP3kIOt4IaOCKMP/+Z vvwf2fGLb0kW2PLacnAhDKvMqKQOjz5DIohHsL1v5K49QAcAUXj8Q8RNfP5siqE7 A6kekZrkPaH7yk8h8HzSs5YVUYoRPSUkBrme67ZcrNw6OhE733tqrqUgz3jxVqHY Oh9pF6UOKn/EWMZK/YWRo+dRtTtM0s3HtNyOdH62Ijn5efI6Ot2aG7HkxD50w2gS NB6hGjhcyRNibZXlavhSitlabQ4C0bdPre59pEVHg9W9omS+p3jTkL38xrurPEVA NxTdU9nFpujx5mh6sIUsXgZao2Vxz5VcrFzrERU/uCTkD+2rAHn/Cx+SV/07pqom w58PFztzhU9Wj4gzmCAAAW9vb8mRbkr+7gLPFq0npzcfjuSDJEUiQJJN8yjLkMrn 3+VVUBvGJ/yhVGE/vpLvOlVclqsLwAGG0Qu4jBBNwLPRcOj0MpMG+HPO7WIk+3n6 6oPv5JgqwC7jt99mGBiipIqXj1i3ilRNtpLWHDyVQorkyhqDphvwu0OGGS6Wlv0y xxTXQBwNUHJP0aRvwUHYfADC4JWNl0yxDCrJQoBhTBqbMm5OH+o= =F3XK -----END PGP SIGNATURE----- --begvzjljlzqbr65o--