2023-02-17 07:39:13 |
Andrea Righi |
bug |
|
|
added bug |
2023-02-17 07:39:23 |
Andrea Righi |
nominated for series |
|
Ubuntu Lunar |
|
2023-02-17 07:39:23 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Lunar) |
|
2023-02-17 07:45:03 |
Andrea Righi |
description |
[Impact]
Rust support has been merged starting with linux 6.1.
This support allows to write external kernel modules using the Rust language. Modules written in this way are linked against the linux kernel and can be loaded/unloaded like any other .ko module.
Main advantages of writing modules in Rust are:
- memory safety:
- no out of bounds accesses
- no use after free
- data race safety
- strongly typed and statically typed
- code extremely compact
Roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues:
- Rust allows to write more secure and robust kernel code (reduce kernel CVEs)
We should provide a Rust-enabled kernel so that people have the possibility to implement their own external kernel modules in Rust.
[Test case]
Allow to build the following "hello world" test module:
== hello_rust.rs ==
// SPDX-License-Identifier: GPL-2.0
//! Rust hello world example.
use kernel::prelude::*;
module! {
type: RustMinimal,
name: b"hello_rust",
author: b"Andrea Righi <andrea.righi@canonical.com>",
description: b"Rust hello world example",
license: b"GPL",
}
struct RustMinimal {
}
impl kernel::Module for RustMinimal {
fn init(_module: &'static ThisModule) -> Result<Self> {
pr_info!("Hello from Rust\n");
Ok(RustMinimal { })
}
}
impl Drop for RustMinimal {
fn drop(&mut self) {
pr_info!("Goodby from Rust\n");
}
}
== Makefile ==
NAME=hello_rust
ifndef KERNELRELEASE
ifndef KDIR
KDIR:=/lib/modules/`uname -r`/build
endif
PWD := $(shell pwd)
all:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
clean:
rm -f *.o *.ko *.mod* .*.cmd *.d Module.symvers modules.order
rm -rf .tmp_versions
else
obj-m := $(NAME).o
endif
[Fix]
Building the Rust support in the kernel requires specific versions of the Rust compiler and bindgen utility, same to build the external modules in Rust):
- rustc 1.62.0
- bindgen 0.56.0
- clang/llvm (already required by BPF)
Archive should provide these versions (ideally with a version suffix to avoid conflicting with the stock versions, e.g., rustc-1.62 and bindgen-0.56).
In addition to that the kernel needs some packaging adjustments to use these special toolchain binaries and some special (not yet upstream) patches that would allow to enable mandatory features required in our generic kernel, such as:
UBUNTU: SAUCE: allows to enable Rust with modversions
UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion
UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole
UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO
With all of the above we can enable CONFIG_RUST in the kernel and provide support to build external modules (.ko) using Rust.
[Regression potential]
We may see build regressions due to the inavailability of the proper toolchain versions. Moreover these toolchain dependencies need to be maintained, making sure to be always aligned with upstream requirements, when stable updates are applied to the kernel.
Moreover, hwe kernels require special attention, since this feature won't be available in old releases (unless the proper toolchain requirements are met). |
[Impact]
Rust support has been merged starting with linux 6.1.
This support allows to write external kernel modules using the Rust language. Modules written in this way are linked against the linux kernel and can be loaded/unloaded like any other .ko module.
Main advantages of writing modules in Rust are:
- memory safety:
- no out of bounds accesses
- no use after free
- data race safety
- strongly typed and statically typed
- code extremely compact
Roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues:
- Rust allows to write more secure and robust kernel code (reduce kernel CVEs)
We should provide a Rust-enabled kernel so that people have the possibility to implement their own external kernel modules in Rust.
[Test case]
Allow to build the following "hello world" test module:
== hello_rust.rs ==
// SPDX-License-Identifier: GPL-2.0
//! Rust hello world example.
use kernel::prelude::*;
module! {
type: HelloRust,
name: "hello_rust",
author: "Andrea Righi <andrea.righi@canonical.com>",
description: "Rust hello world example",
license: "GPL",
}
struct HelloRust {
}
impl kernel::Module for HelloRust {
fn init(_module: &'static ThisModule) -> Result<Self> {
pr_info!("Hello from Rust\n");
Ok(HelloRust { })
}
}
impl Drop for HelloRust {
fn drop(&mut self) {
pr_info!("Goodbye from Rust\n");
}
}
== Makefile ==
NAME=hello_rust
ifndef KERNELRELEASE
ifndef KDIR
KDIR:=/lib/modules/`uname -r`/build
endif
PWD := $(shell pwd)
all:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
clean:
rm -f *.o *.ko *.mod* .*.cmd *.d Module.symvers modules.order
rm -rf .tmp_versions
else
obj-m := $(NAME).o
endif
[Fix]
Building the Rust support in the kernel requires specific versions of the Rust compiler and bindgen utility, same to build the external modules in Rust):
- rustc 1.62.0
- bindgen 0.56.0
- clang/llvm (already required by BPF)
Archive should provide these versions (ideally with a version suffix to avoid conflicting with the stock versions, e.g., rustc-1.62 and bindgen-0.56).
In addition to that the kernel needs some packaging adjustments to use these special toolchain binaries and some special (not yet upstream) patches that would allow to enable mandatory features required in our generic kernel, such as:
UBUNTU: SAUCE: allows to enable Rust with modversions
UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion
UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole
UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO
With all of the above we can enable CONFIG_RUST in the kernel and provide support to build external modules (.ko) using Rust.
[Regression potential]
We may see build regressions due to the inavailability of the proper toolchain versions. Moreover these toolchain dependencies need to be maintained, making sure to be always aligned with upstream requirements, when stable updates are applied to the kernel.
Moreover, hwe kernels require special attention, since this feature won't be available in old releases (unless the proper toolchain requirements are met). |
|
2023-02-17 08:00:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
2023-02-17 08:03:39 |
Andrea Righi |
description |
[Impact]
Rust support has been merged starting with linux 6.1.
This support allows to write external kernel modules using the Rust language. Modules written in this way are linked against the linux kernel and can be loaded/unloaded like any other .ko module.
Main advantages of writing modules in Rust are:
- memory safety:
- no out of bounds accesses
- no use after free
- data race safety
- strongly typed and statically typed
- code extremely compact
Roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues:
- Rust allows to write more secure and robust kernel code (reduce kernel CVEs)
We should provide a Rust-enabled kernel so that people have the possibility to implement their own external kernel modules in Rust.
[Test case]
Allow to build the following "hello world" test module:
== hello_rust.rs ==
// SPDX-License-Identifier: GPL-2.0
//! Rust hello world example.
use kernel::prelude::*;
module! {
type: HelloRust,
name: "hello_rust",
author: "Andrea Righi <andrea.righi@canonical.com>",
description: "Rust hello world example",
license: "GPL",
}
struct HelloRust {
}
impl kernel::Module for HelloRust {
fn init(_module: &'static ThisModule) -> Result<Self> {
pr_info!("Hello from Rust\n");
Ok(HelloRust { })
}
}
impl Drop for HelloRust {
fn drop(&mut self) {
pr_info!("Goodbye from Rust\n");
}
}
== Makefile ==
NAME=hello_rust
ifndef KERNELRELEASE
ifndef KDIR
KDIR:=/lib/modules/`uname -r`/build
endif
PWD := $(shell pwd)
all:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
clean:
rm -f *.o *.ko *.mod* .*.cmd *.d Module.symvers modules.order
rm -rf .tmp_versions
else
obj-m := $(NAME).o
endif
[Fix]
Building the Rust support in the kernel requires specific versions of the Rust compiler and bindgen utility, same to build the external modules in Rust):
- rustc 1.62.0
- bindgen 0.56.0
- clang/llvm (already required by BPF)
Archive should provide these versions (ideally with a version suffix to avoid conflicting with the stock versions, e.g., rustc-1.62 and bindgen-0.56).
In addition to that the kernel needs some packaging adjustments to use these special toolchain binaries and some special (not yet upstream) patches that would allow to enable mandatory features required in our generic kernel, such as:
UBUNTU: SAUCE: allows to enable Rust with modversions
UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion
UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole
UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO
With all of the above we can enable CONFIG_RUST in the kernel and provide support to build external modules (.ko) using Rust.
[Regression potential]
We may see build regressions due to the inavailability of the proper toolchain versions. Moreover these toolchain dependencies need to be maintained, making sure to be always aligned with upstream requirements, when stable updates are applied to the kernel.
Moreover, hwe kernels require special attention, since this feature won't be available in old releases (unless the proper toolchain requirements are met). |
[Impact]
Rust support has been merged starting with linux 6.1.
This support allows to write external kernel modules using the Rust language. Modules written in this way are linked against the linux kernel and can be loaded/unloaded like any other .ko module.
Main advantages of writing modules in Rust are:
- memory safety:
- no out of bounds accesses
- no use after free
- data race safety
- strongly typed and statically typed
- code extremely compact
Roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues:
- Rust allows to write more secure and robust kernel code (reduce kernel CVEs)
We should provide a Rust-enabled kernel so that people have the possibility to implement their own external kernel modules in Rust.
[Test case]
Build the following "hello world" test module:
== hello_rust.rs ==
// SPDX-License-Identifier: GPL-2.0
//! Rust hello world example.
use kernel::prelude::*;
module! {
type: HelloRust,
name: "hello_rust",
author: "Andrea Righi <andrea.righi@canonical.com>",
description: "Rust hello world example",
license: "GPL",
}
struct HelloRust {
}
impl kernel::Module for HelloRust {
fn init(_module: &'static ThisModule) -> Result<Self> {
pr_info!("Hello from Rust\n");
Ok(HelloRust { })
}
}
impl Drop for HelloRust {
fn drop(&mut self) {
pr_info!("Goodbye from Rust\n");
}
}
== Makefile ==
NAME=hello_rust
ifndef KERNELRELEASE
ifndef KDIR
KDIR:=/lib/modules/`uname -r`/build
endif
PWD := $(shell pwd)
all:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
clean:
rm -f *.o *.ko *.mod* .*.cmd *.d Module.symvers modules.order
rm -rf .tmp_versions
else
obj-m := $(NAME).o
endif
[Fix]
Building the Rust support in the kernel requires specific versions of the Rust compiler and bindgen utility, same to build the external modules in Rust):
- rustc 1.62.0
- bindgen 0.56.0
- clang/llvm (already required by BPF)
Archive should provide these versions (ideally with a version suffix to avoid conflicting with the stock versions, e.g., rustc-1.62 and bindgen-0.56).
In addition to that the kernel needs some packaging adjustments to use these special toolchain binaries and some special (not yet upstream) patches that would allow to enable mandatory features required in our generic kernel, such as:
UBUNTU: SAUCE: allows to enable Rust with modversions
UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion
UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole
UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO
With all of the above we can enable CONFIG_RUST in the kernel and provide support to build external modules (.ko) using Rust.
[Regression potential]
We may see build regressions due to the inavailability of the proper toolchain versions. Moreover these toolchain dependencies need to be maintained, making sure to be always aligned with upstream requirements, when stable updates are applied to the kernel.
Moreover, hwe kernels require special attention, since this feature won't be available in old releases (unless the proper toolchain requirements are met). |
|
2023-02-19 01:44:38 |
Jeremy Bícha |
linux (Ubuntu Lunar): status |
Incomplete |
Confirmed |
|
2023-03-22 17:29:13 |
Launchpad Janitor |
linux (Ubuntu Lunar): status |
Confirmed |
Fix Released |
|
2023-07-19 13:13:15 |
Ubuntu Kernel Bot |
tags |
|
kernel-spammed-lunar-linux-azure verification-needed-lunar |
|
2023-07-19 13:46:25 |
Tim Gardner |
tags |
kernel-spammed-lunar-linux-azure verification-needed-lunar |
kernel-spammed-lunar-linux-azure verification-done-lunar |
|
2023-08-10 12:10:57 |
Ubuntu Kernel Bot |
tags |
kernel-spammed-lunar-linux-azure verification-done-lunar |
kernel-spammed-jammy-linux-oem-6.5-v2 kernel-spammed-lunar-linux-azure verification-done-lunar verification-needed-jammy-linux-oem-6.5 |
|
2023-08-15 06:27:27 |
Andrea Righi |
nominated for series |
|
Ubuntu Mantic |
|
2023-08-15 06:27:27 |
Andrea Righi |
bug task added |
|
linux (Ubuntu Mantic) |
|
2023-10-24 16:46:27 |
Ubuntu Kernel Bot |
tags |
kernel-spammed-jammy-linux-oem-6.5-v2 kernel-spammed-lunar-linux-azure verification-done-lunar verification-needed-jammy-linux-oem-6.5 |
kernel-spammed-jammy-linux-azure-6.5-v2 kernel-spammed-jammy-linux-oem-6.5-v2 kernel-spammed-lunar-linux-azure verification-done-lunar verification-needed-jammy-linux-azure-6.5 verification-needed-jammy-linux-oem-6.5 |
|
2023-10-24 18:21:30 |
Ubuntu Kernel Bot |
tags |
kernel-spammed-jammy-linux-azure-6.5-v2 kernel-spammed-jammy-linux-oem-6.5-v2 kernel-spammed-lunar-linux-azure verification-done-lunar verification-needed-jammy-linux-azure-6.5 verification-needed-jammy-linux-oem-6.5 |
kernel-spammed-jammy-linux-aws-6.5-v2 kernel-spammed-jammy-linux-azure-6.5-v2 kernel-spammed-jammy-linux-oem-6.5-v2 kernel-spammed-lunar-linux-azure verification-done-lunar verification-needed-jammy-linux-aws-6.5 verification-needed-jammy-linux-azure-6.5 verification-needed-jammy-linux-oem-6.5 |
|