Hacker News new | ask | show | jobs
by panpanna 2000 days ago
Please understand that the rust memory and thread security mainly applies to "normal" applications.

In kernel, you can run a privileged cache or mmu instruction or a write to some magical memory position and all the sudden the "normal" rules don't apply anymore.

(But I think there are other parts of rust that are nice to have in kernel or any complex software).
1 comments
throwii 2000 days ago
I thought the Rust compiler solves issues that you wouldn't immediately see with pure C, which is why I had the idea.

I didn't know this requires certain features which are not available inside the kernel. I only knew all existing interfaces may be unsafe because they are in C though. Rust does not seem as useful then.

Thank you for your input.

link
simcop2387 2000 days ago
It's not so much that rust the language requires them as much as it is that other non-rust parts can quite easily stomp all over the guarantees of rust without there ever being a way of knowing it happened. So rust alone won't solve many problems, but it would let you say "this code can't do these things itself", which is still a useful distinction. It also doesn't allow you to deal with misbehaving hardware that changes memory underneath you in ways it said won't happen. Hardware sucks.
link
throwii 2000 days ago
Do other parts stomp often? :) But true that can happen. Especially on non-ECC systems.

I didn't think about the hardware issues, hmm. I can't see how to do that, when the compiler guarantees get invalidated by hardware. Checks are also needed like in C? (assuming there are checks which do not get compiled out..)

link
simcop2387 1998 days ago
When the hardware can't make the guarantees, then software really can't do anything about it. There's really not any checks you can do, but modern hardware is getting the capabilities to try to prevent those kinds of issues with the IOMMU units, but operating system support is still hit or miss for most hardware and it won't prevent everything (just devices stomping on each-other with DMA). That's basically how the thunderbolt attacks have worked and the solutions to them.
link