From nobody Mon Sep 09 09:37:35 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X2MFQ2mmrz5WKkF for ; Mon, 09 Sep 2024 09:37:46 +0000 (UTC) (envelope-from olce@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X2MFQ1V6Pz4lxh for ; Mon, 9 Sep 2024 09:37:46 +0000 (UTC) (envelope-from olce@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725874666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GfHaARVzDkG5wUGHveyVXTRQ1gGmlL8a+pYaFpObOHw=; b=uGWfsjAc0XphgN8y9UXWsmTL5DLYD5NUo8018yeARFzHAybdbAIprUo7ev6d8mOELu98zI 89dc6kfmYLpEyW4NPhc8BrvyyB03ItNxI5AZ+2zh/hNiRgFrg1+hOgRrafBn5/u8j8SI5U is4Wi0tion7t62bL4KNHhGngp1o3ufiLarL2WfnbM9Z1VZ8uiaXSpcjCcLylq3aOZGpQkr uQjdQT5Z4kEjtnc5DaYMoeqNnXY6Ia/p2MAKGey7JFXYWibX5hELdq3FTkb1I8gs0LXnTo F5G62UZVmTQoYtGBU+4VHcey42qhfmXW+D8pJJmYfkBGVBxA+n0rBVkDRMzjfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725874666; a=rsa-sha256; cv=none; b=dPMywdSHUcepG08PIl7SFuq0agV9OU8qAnuUUXjMMTMIXsqJsLLi8KnlO7AZvnOJFXKx9A XQXzkdOLJATiHqgcW2si7Gh/1PQEXe0l8iKhOrMGjBxswO6tg1LGS5FN0LkEU3N3GJ4ccK 8YeoTWvCy75l4+IsAbpFY44eEw7WvJ6KUwn8WKVZlN5ClDnYoY13UduiajpNyky4f1mWfh rzpU3+hctvYiiy8QEWaYapWsPbzgAs3beC2aWB3I4vGqrJWNt/IGmQyP5V1uQcJmbSCmse bzKd6QsIcIbuqwTiBO9Qzw8lc1uVRh7CefQCsaZrd7HjzYHfHekc7hFOSFdz5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725874666; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GfHaARVzDkG5wUGHveyVXTRQ1gGmlL8a+pYaFpObOHw=; b=ODcHD1NAh6Zib8pmM0fW1xHK0J+GGF85CEycdnRjfY4Vr41uG/javfnKPR0XzYmTV2//o4 fddJC0FmcIyjFBgkWJDZggJDJWVMgNlUjzCiG50YefqQU6FsibpFEm5hbPnulwuedgPNHt ZAlddnvphrHsbmo5EQEAVTKMzp9IXvC25K0Iqb1of+HEv0HyHYRmoVYU06AlZfbh8Hfqgi e6N3WDKFMxkdS5KG9IusSoXDQ4DIeZzFkdWq8scIgwkfUDAQC6iZEUuKNcdLz+cIUPVyNY Yd0EoE6gm21gWU8S5CAPJy3Y468VEhvLbL6kmTJdkDrGrOAHVfEfbvP/vitlJw== Received: from ravel.localnet (aclermont-ferrand-653-1-222-123.w90-14.abo.wanadoo.fr [90.14.66.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: olce/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4X2MFP6VPKz166R for ; Mon, 9 Sep 2024 09:37:45 +0000 (UTC) (envelope-from olce@freebsd.org) From: Olivier Certner To: freebsd-hackers@freebsd.org Subject: Re: The Case for Rust (in any system) Date: Mon, 09 Sep 2024 11:37:35 +0200 Message-ID: <5500620.vKySYWdmsc@ravel> In-Reply-To: References: List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2129665.oBscRyyxYM"; micalg="pgp-sha384"; protocol="application/pgp-signature" --nextPart2129665.oBscRyyxYM Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Olivier Certner To: freebsd-hackers@freebsd.org Subject: Re: The Case for Rust (in any system) Date: Mon, 09 Sep 2024 11:37:35 +0200 Message-ID: <5500620.vKySYWdmsc@ravel> MIME-Version: 1.0 Hello Alan, > And none of them wouldn't have happened if their respective programs had been written in a > memory-safe language. > Use after free > ============== > https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1 > CVE-2024-43102 FreeBSD-SA-24:14.umtx As the person who analyzed and fixed this particular bug, I must point out that I don't see how Rust could have changed anything in this case. The Use-After-Free in this bug has nothing to do with a simple pointer dereference to an object that was freed earlier in the source code sequence. Instead, it existed because of a combination of several specific factors: concurrent accesses, a lock that has to be dropped and then re-acquired, reference counting and a special reference to account for the presence of an object in a registry. Persistence in this registry is up to deletion triggered by process exit or a specific call from userland, and the object has to be returned to userland on some other specific calls in the meantime. AFAIU, this is simply way beyond what the borrow checker and "linear" types are capable of expressing. Enthusiasm is great, and I hope you'll keep it, but subliminal messages (not necessarily by you) that Rust is a panacea with respect to solving all memory problems is a disservice to everybody. It is great that, in another response, you have given explanations of why some of the bugs you initially listed would not have happened in the first place. Quickly reading through them, it seems that most do not involve mechanisms specific to Rust (the borrow checker in particular), implying that these bugs would not have existed either if the code had been written in most of the other higher-level languages. And it seems that you yourself agree with that characterization: > In fact, of all the C bug fixes that I've been involved with (as > either author or reviewer) since May, about three quarters could've > been avoided just by using a better language. So I think we should also stay open to other options than Rust, as they may bring the vast majority of its benefits without most of its drawbacks (thanks to all people that have brought up valuable information in this thread). Thanks and regards. -- Olivier Certner --nextPart2129665.oBscRyyxYM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCQAdFiEEmNCxHjkosai0LYIujKEwQJceJicFAmbewd8ACgkQjKEwQJce JidUShAAmbYF3XzPSGg4LtSplnr4F2mIxZhykTVaRVec69Ex16S94KAKuJqesLQP PBewsIFMyR/HwDAv49nIz2pw90iOfi+gOivTkU0HgU6PPs4IDHE01bc1umWOKrCy kcLaNXMjASzbYwRZ0eGY470AmZsL1yveqW4DdbjVEZanQKIqmQUOhDk5RNjoCY5f sjIhM5FkA7YzGqBMvosa/ACPZiC/5Y0l2Rs+OdDxRGq5lBLsljXmGiZeYV2sSlvL iPqG8zwaFMqpJ6xeQredEwFpQkEmvLqEfnegisfdEpESbI3+zImoPUm7u7REAtWC CuXBw4ej6dT4GZZphvgeYD1lcVV87K6YqSHnx2ima1gozMw4W4qoNDfUZdeP4d4J bkPTLvJWsnb3V5ZT6kmCGO7RzM9IS4VavalvIN1rTCOiKqarquHKMa1KVwoI0JUe 7sTGiWLpkrjHQZ1BJfusBWoSq4cgSYHcvbW/dI5a2RRjZ0jGcw4MkI5B5KEkJP1G uIbWjvShP7VObHogz69TvorEvdENlhYviG4bOoSNdKnSzPMhoaGirn1dU/PGOVGZ 4nh0GUi4GlPC5wQKPQ8zHVh5sz/ewA0vqsCVfrgycdVu2r3yppxA/8Oxafp6v29u LieqJQ2bzAo48CB9emNG8m8FDItwz3PCtZAIt0a+4418quBT+Y0= =kgK5 -----END PGP SIGNATURE----- --nextPart2129665.oBscRyyxYM--