SNIA-SDC23-Hindborg-Multi-Queue-Linux-Block.pdf

1、MULTI QUEUE LINUX BLOCK DEVICEDRIVERS IN RUSTStorage Developer Conference 2023Andreas HindborgSamsung GOST1AGENDAWhy Memory Safety in the Linux Kernel in General is ImportantMemory Safety in RustThe Rust for Linux Communityblk-mq Rust APInull_blknvme2WHY CARE ABOUT MEMORY SAFETYMicroso?:70%of all se

2、curity bugs are memory safety issues Chrome:70%of all security bugs are memory safety issues 20%of bugs fixed in stable Linux Kernel branches for drivers are memory safety issues 65%of recent Linux kernel vulnerabilities are memory safety issues ASOP:Memory safety vulnerabilities disproportionately

3、represent our most severe vulnerabilities 41%of fixes submitted to C null_blk are fixes for memory safety issues 1243763GOAL:PREVENT MEMORY SAFETY RELATEDBUGS IN LINUX4WHY RUST INSTEAD OF Rust is Much Like C:Ahead of time compiledFocus on maximum programmer control and zero runtime overheadWorks wel

4、l for bare metal workStatically typedPerformance on par with C/C+Easy to link with C programsBasic control flow structures are the same(no throwing of exceptions)5DIFFERENCES BETWEEN RUST AND CStrong type systemModule system(no include files)All statements including blocks evaluate to valuesAll valu

5、es have move semantics by defaultReferences-One mutable or many immutableStatic lifetime analysisGeneric TypesMacros(Simple expansion and AST Transforms)RAII is encouragedAsync/Await primitivesSafe subset without UB through static analysis6MEMORY SAFETY7MEMORY SAFETY IN RUSTRust has a safe subsetMem

6、ory safeType safeThread safeIn safe RustNo buffer overflowsNo use a?er freeNo dereferencing null or invalid pointersNo double freeNo pointer aliasingNo type errorsNo data races8THIS IS NOT UNSAFE BEHAVIOR IN RUSTDeadlocksRace conditionsMemory leaksFailing to call destructorsInteger overflows(checked