[Rust-VMM] [Rust-vmm] Goals for this list

Allison Randal allison at lohutok.net
Thu Dec 20 14:12:45 UTC 2018

On 12/19/18 5:19 PM, Anthony Liguori wrote:
> I did look at he work you've done and it's great!  I do think it's
> important to cover everything though and especially to get architectures
> like aarch64.

Thanks, it really was just a proof-of-concept. Rust is much better than
C at selective compilation for different architectures, so that's
another area where well-written Rust would be a huge improvement over
poorly-translated C-to-Rust.

> I think while the bindgen results are not beautiful, having a bindgen
> layer gives us something we can build nicer interfaces on top of.

My primary concern was tight control over security at the lower layers,
hence the emphasis on keeping that interface to KVM extremely clean and
small. Totally understandable that other Rust hypervisor implementations
may have other priorities.

I'm curious whether rewriting (a subset of) the KVM kernel module itself
in Rust would end up being a significant advantage for memory safety and
security at an even lower layer. (Rust's ability to drop in as a
compatible replacement for C components is a great advantage for
gradually improving the memory safety of critical pieces of legacy C
code.) I haven't decided whether to do a proof-of-concept on that yet,
though, as my current focus is security vulnerabilities at the hardware
level that punch through VM isolation (L1TF, etc.).


More information about the Rust-vmm mailing list