filmov
tv
Programming memory safe OVS in Rust
Показать описание
Speakers Yi-Hung Wei (VMware)
Programming in unsafe languages like C is easily in jeopardy of memory issues such as buffer and stack overflows, dangling pointers, accesses of uninitialized or deallocated memory, and memory leakage. These memory safety issues can be exploited and leads to serve security vulnerability, and unpredictable behavior. For example, memory bugs in OVS’s packet processing, especially in parsing packet content and building the flow key, are prone to attacks, since it is always be executed for every packet. Thus, an attacker can craft packets to exploit the memory issue and launch a buffer overflow attack, such as [1]. Other than the security vulnerability, a small memory leakage in the packet processing path can quickly accumulated and leads to ovs-vswitchd crash when it runs out of memory, such as [2]. Bugs like these two are hard to detect and common in software written in C language.
Rust is a system programming language that provides memory safety without runtime overhead. Rust gives users fine control over the use of memory, but keeps track of the lifetime and ownership of each memory region. This model leads to less likely of memory leak, dangling pointers, or memory corruption issues. In this talk, we are working on replacing one of the memory safety critical parts in OVS from C code to Rust, starting by flow_extract(). We will share our experiences and lessons learned in this process.
[2] commit 1bddcb5dc598 (“ofproto-dpif-xlate: Fix bug that may leak ofproto_flow_mod”)
Programming in unsafe languages like C is easily in jeopardy of memory issues such as buffer and stack overflows, dangling pointers, accesses of uninitialized or deallocated memory, and memory leakage. These memory safety issues can be exploited and leads to serve security vulnerability, and unpredictable behavior. For example, memory bugs in OVS’s packet processing, especially in parsing packet content and building the flow key, are prone to attacks, since it is always be executed for every packet. Thus, an attacker can craft packets to exploit the memory issue and launch a buffer overflow attack, such as [1]. Other than the security vulnerability, a small memory leakage in the packet processing path can quickly accumulated and leads to ovs-vswitchd crash when it runs out of memory, such as [2]. Bugs like these two are hard to detect and common in software written in C language.
Rust is a system programming language that provides memory safety without runtime overhead. Rust gives users fine control over the use of memory, but keeps track of the lifetime and ownership of each memory region. This model leads to less likely of memory leak, dangling pointers, or memory corruption issues. In this talk, we are working on replacing one of the memory safety critical parts in OVS from C code to Rust, starting by flow_extract(). We will share our experiences and lessons learned in this process.
[2] commit 1bddcb5dc598 (“ofproto-dpif-xlate: Fix bug that may leak ofproto_flow_mod”)
0:10:08
0:30:15
0:42:01
0:39:25
0:20:32
0:26:12
0:25:57
0:30:19
0:04:03
0:09:07
0:22:46
0:32:13
0:47:35
0:25:00
0:32:49
0:36:04
0:42:20
0:45:14
1:07:05
0:06:25
1:30:35
![[2017] Improve VNF](https://i.ytimg.com/vi/amlhowbtlSw/hqdefault.jpg)
0:30:31
0:19:53
1:07:04