January 26, 2023


Networking, PBX, IT, DIY Solution

Rust for Linux: The memory safety problem of the world’s largest software project has a solution

6 min read

Rust for Linux: The memory safety problem of the world’s largest software project has a solution!

Rust for Linux: The memory safety problem of the world’s largest software project has a solution!

Memory safety vulnerabilities are extremely common.

A recent study found that 60-70% of vulnerabilities in iOS and macOS are memory safety vulnerabilities.

Microsoft estimates that 70 percent of the vulnerabilities in their products over the past decade were memory safety issues.

Google estimates that 90% of Android vulnerabilities are also memory safety issues.

As the world’s largest software project – the Linux kernel, which is used by most servers and billions of devices in the world, how can its memory safety be guaranteed?

Rust for Linux: The memory safety problem of the world's largest software project has a solution!Source: Microsoft official website

Some programming languages ​​have properties that ensure memory safety, which prevents programmers from introducing certain bugs and causing security problems.

Languages ​​with memory safety attributes include Rust, Go, C#, Java, Swift, Python, and JavaScript, while languages ​​without memory safety attributes include C, C++, and assembly languages.

How to Crack Linux Kernel Memory Safety Issues?

In order to solve the security risks of the Linux kernel memory safety problem, the following are two projects for its memory safety:

  • Rust for Linux Project: The purpose of this project is to bring a new memory-safe programming language to the Linux kernel. Rust has a key feature that makes it well worth considering as a second language for the kernel: it guarantees that no undefined behavior occurs (as long as the unsafe code is sane), especially with regard to memory management. This includes no free-after-use issues, no double frees, no data races, etc.
  • Project Prossimo: This is a project of the Internet Security Research Group (ISRG). Its goal is to improve the Internet’s sensitive software infrastructure, represented by the Linux kernel, by addressing memory safety issues in C and C++ code by using languages ​​with memory safety properties.

Birth of the Rust for Linux project

The desire to code the Linux kernel in Rust has been around for a long time, and different people have created external modules in Rust over the years.

However, the Rust for Linux project was created to provide Rust support within the Linux kernel itself.

Miguel Ojeda created the project organization in the summer of 2019, but it didn’t really progress until the following summer.

In July 2020, Nick Desaulniers sent an email to the Linux Kernel Mailing List (LKML) about organizing a “Creating Internal Modules with Rust” session for the 2020 Linux Plumbers Conference (LPC). After this email was sent, Miguel Ojeda and several others gave a talk in August 2020 on “The Barriers to Creating Internal Modules in Rust”, which sparked a lot of discussion and feedback.

To that end, a few days later, Miguel Ojeda submitted the first pull request for the Rust for Linux project, adding initial Rust support, including Kbuild integration, initial built-in module support, and kernel crates.

Over the next few months, others joined the effort, such as Wedson Almeida Filho from Google, a maintainer and contributor to the project.

Soon after, Miguel Ojeda was contacted by the Internet Security Research Group for a year of full-time work support for the Rust for Linux project, funded by Google.

Progress this year

The team has come a long way since submitting a comment to the Linux kernel mailing list. On the infrastructure side, some relevant changes include:

  • Removed messy allocations by integrating a subset of the alloc standard library
  • Moved to the 2021 version of the Rust language
  • Move to a stable version of the Rust compiler (still using unstable features) and start tracking the latest version
  • Added arm (32-bit) and riscv base architecture support
  • Test support, including running documentation tests in the kernel as KUnit tests
  • Added support for hostprogs (userspace programs used during builds) written in Rust.
  • On-the-fly generation of target specification files based on kernel configuration.
  • Expanded documentation to include a new example repository showcasing out-of-tree Rust modules based on in-tree Rust support.

In terms of abstraction and drivers, some important changes include:

  • PrimeCell PL061 GPIO Example Driver
  • Platform and AMBA drivers, red-black trees, file descriptors, bit-efficient iterators, tasks, files, IO vectors, power management callbacks, IO memory, IRQ chips, credentials, VMAs, hardware random number generators, networking, and more
  • Synchronization functions such as RW semaphores, revocable mutexes, primitive spin locks, wait-free locks, sequence locks…
  • Replaced Arc and Rc in allocation bins with simplified kernel-based Refs
  • Better crash diagnostics and simplified pointer wrappers
  • The beginning of Rust’s async support

Related projects have also made great progress:

  • Rust stabilizes some of the unstable features we use.
  • Improvements to the Rust compiler, standard library and tools, such as making rustc_parse_format compile on stable platforms, or adding no_global_oom_handling and no_fp_fmt_parse gates
  • binutils/gdb/libiberty gains support for Rust v0 dewarping
  • pahole is getting support for excluding Rust compilation units
  • Intel’s 0Day/LKP kernel testing bot starts testing builds with Rust support enabled
  • KernelCI is also looking forward to enabling Rust in their runs
  • Linaro’s TuxSuite adds support for Rust
  • rustc_codegen_gcc (the rustc backend for GCC) was merged into the Rust repository
  • GCC Rust (a Rust frontend for GCC) is working on compiling the core, which will be a milestone
  • Compiler Explorer adds alternative compilers for Rust (GCC Rust, rustc_codegen_gcc, and mrustc), as well as other features such as MIR and macro expansion views

Most importantly, this project is supported by both industry and academia.

Several major players in the industry, such as Google, Arm, Microsoft and Red Hat, have established contacts, and others have privately expressed support for the project.

At the same time, the team also had close communication with researchers including University of Washington researchers and some laboratories, and also carried out a series of promotions at many industry conferences, which were widely recognized.

Overall, Rust for Linux is a massive project.

Although it was clear from the outset that adding a second “master” language to the kernel would present both technical and administrative challenges, the team chose to rise to the challenge.

Much of the work last year was working with various stakeholders, trying to get everyone involved.

There are many people who have contributed to the project in different ways: code contributions, reviews, documentation, tooling support, Rust features…etc.

Looking to the future

In the second year of Rust for Linux, the team said they are looking forward to several milestones:

  • There are more users or use cases in the kernel, including example drivers – this is important to incorporate into the kernel
  • Split kernel chassis and manage dependencies for better development
  • Extend the currently integrated kernel documentation, tests and other tools
  • Involve more subsystem maintainers, companies and researchers
  • see most of the remaining Rust features stabilize
  • May be able to start compiling Rust code with GCC in the kernel
  • Merged into the mainline kernel, which should make other things easier

At the same time, there will be some event attendance plans. If this year is completed as planned, the surprises brought by the growth of the project will be predictable.

Reference: https://www.memorysafety.org/blog/memory-safety-in-linux-kernel/

Copyright © All rights reserved. | Newsphere by AF themes.