[RFC][L][PATCH v2 0/16] enable Rust support in the kernel

Andrea Righi andrea.righi at canonical.com
Thu Mar 16 09:05:13 UTC 2023 

BugLink: https://bugs.launchpad.net/bugs/2007654

[Premise]

NOTE: all these patches are already applied to the latest lunar/linux
and all the pieces (toolchain requirements included) are already in
place to provide a generic lunar/linux kernel with Rust support.

I'm only sending this email, because:

 1) in this way we are able to quickly identify the latest Rust patch
    set, in case we need to revert this for emergency situations (e.g.
    nasty regressions), or simply to be able to quickly apply Rust
    support to other kernels that may be not direct derivatives of
    lunar/linux

 2) I'd really like to get an extra review, this is quite a big change
    with some SAUCE pathces that are potentially breaking stuff, in
    particular:
      [PATCH 06/16] UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion

    ^ I'd really really like to get an extra review of this patch. This
      will never be applied upstream, because the final decision was to
      look for alternatives, but unfortunately we need this right now to
      enable CONFIG_MODVERSIONS and CONFIG_RUST at the same time.

      You can find the whole discussion in this thread:
      https://lore.kernel.org/lkml/CANiq72n4MbR+AE7eHfVQZOu26FeSttQnEEMT3Jpft+CcGwk9jw@mail.gmail.com/T/

  3) make sure we're all on the same page about this topic.

[Impact]

Rust support has been merged starting with linux 6.1.

This support allows to write external kernel modules using the Rust
language. Modules written in this way are linked against the linux
kernel and can be loaded/unloaded like any other .ko module.

Main advantages of writing modules in Rust are:
 - memory safety:
   - no out of bounds accesses
   - no use after free
   - data race safety
 - strongly typed and statically typed
 - code extremely compact

Roughly 70% of the security issues that the MSRC assigns a CVE to are
memory safety issues:
 - Rust allows to write more secure and robust kernel code (reduce
   kernel CVEs)

We should provide a Rust-enabled kernel so that people have the
possibility to implement their own external kernel modules in Rust.

[Test case]

Build the following "hello world" test module:

== hello_rust.rs ==

// SPDX-License-Identifier: GPL-2.0

//! Rust hello world example.

use kernel::prelude::*;

module! {
    type: HelloRust,
    name: "hello_rust",
    author: "Andrea Righi <andrea.righi at canonical.com>",
    description: "Rust hello world example",
    license: "GPL",
}

struct HelloRust {
}

impl kernel::Module for HelloRust {
    fn init(_module: &'static ThisModule) -> Result<Self> {
        pr_info!("Hello from Rust\n");

        Ok(HelloRust { })
    }
}

impl Drop for HelloRust {
    fn drop(&mut self) {
        pr_info!("Goodbye from Rust\n");
    }
}

== Makefile ==

NAME=hello_rust

ifndef KERNELRELEASE
ifndef KDIR
KDIR:=/lib/modules/`uname -r`/build
endif
PWD := $(shell pwd)

all:
	$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
	$(MAKE) -C $(KDIR) M=$(PWD) modules_install
clean:
	rm -f *.o *.ko *.mod* .*.cmd *.d Module.symvers modules.order
	rm -rf .tmp_versions
else
obj-m := $(NAME).o
endif

[Fix]

Building the Rust support in the kernel requires specific versions of
the Rust compiler and bindgen utility, same to build the external
modules in Rust):
   - rustc 1.62.0
   - bindgen 0.56.0
   - clang/llvm

Archive should provide these versions (ideally with a version suffix to
avoid conflicting with the stock versions, e.g., rustc-1.62 and
bindgen-0.56) [this is already done].

In addition to that, the kernel needs some packaging adjustments to use
these special toolchain binaries and some special (not yet upstream)
patches that would allow to enable mandatory features required in our
generic kernel, such as:

 UBUNTU: SAUCE: allows to enable Rust with modversions
 UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion
 UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole
 UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO

With all of the above we can enable CONFIG_RUST in the kernel and
provide support to build external modules (.ko) using Rust.

[Regression potential]

We may see build regressions due to the inavailability of the proper
toolchain versions. Moreover these toolchain dependencies need to be
maintained, making sure to be always aligned with upstream requirements,
when stable updates are applied to the kernel.

Moreover, hwe kernels require special attention, since this feature
won't be available in old releases (unless the proper toolchain
requirements are met).

[TODO]

 - explore the possibility to enable Rust support across other
   architectures (right now Rust is only available on amd64 due to
   upstream requirements)

----------------------------------------------------------------
Andrea Righi (14):
      UBUNTU: [Packaging] propagate makefile variables to kernelconfig
      UBUNTU: SAUCE: rust: fix regexp in scripts/is_rust_module.sh
      UBUNTU: SAUCE: scripts: rust: drop is_rust_module.sh
      UBUNTU: SAUCE: rust: allow to use INIT_STACK_ALL_ZERO
      UBUNTU: SAUCE: allows to enable Rust with modversions
      UBUNTU: SAUCE: rust: properly detect the version of libclang used by bindgen
      UBUNTU: [Packaging] rust: add the proper make flags to enable rust support
      UBUNTU: [Packaging] add rust dependencies
      UBUNTU: [Packaging] bpftool: always use vmlinux to generate headers
      UBUNTU: [Packaging] run rustavailable target as debugging before build
      UBUNTU: [Packaging] do not stop the build if rust is not available
      UBUNTU: [Config] enable Rust support
      UBUNTU: SAUCE: enforce rust availability only on x86_64
      UBUNTU: [Config] update CONFIG_RUST_IS_AVAILABLE

Gary Guo (1):
      UBUNTU: SAUCE: modpost: support arbitrary symbol length in modversion

Martin Rodriguez Reboredo (1):
      UBUNTU: SAUCE: scripts: Exclude Rust CUs with pahole

 arch/powerpc/kernel/module_64.c  |  5 +++--
 debian.master/config/annotations | 20 +++++++++++++++++---
 debian.master/control.stub.in    |  6 ++++++
 debian/rules.d/0-common-vars.mk  |  1 +
 debian/rules.d/1-maintainer.mk   |  4 ++--
 debian/rules.d/2-binary-arch.mk  |  6 ++++++
 debian/scripts/misc/kernelconfig |  2 +-
 include/linux/module.h           |  8 +++++---
 init/Kconfig                     |  4 ++--
 kernel/module/version.c          | 22 ++++++++++------------
 lib/Kconfig.debug                |  9 +++++++++
 rust/Makefile                    | 13 +++++++++++++
 rust/macros/module.rs            |  2 +-
 scripts/Makefile.modfinal        |  2 --
 scripts/export_report.pl         |  9 +++++----
 scripts/is_rust_module.sh        | 16 ----------------
 scripts/mod/modpost.c            | 35 +++++++++++++++++++++++++----------
 scripts/pahole-flags.sh          |  4 ++++
 scripts/rust_is_available.sh     |  4 +---
 19 files changed, 111 insertions(+), 61 deletions(-)
 delete mode 100755 scripts/is_rust_module.sh

More information about the kernel-team mailing list