The chatter around the Rust language is growing into a deafening roar. Not only is the Linux kernel train bearing down on the 6.1 station, but countless other devs are waking up to the memory-safe language.
Last month, I said Rust’s momentum seemed unstoppable. I stand by that assessment.
But beware of edge cases. In this week’s Secure Software Blogwatch, we brace for one of Linus Torvalds’ famous rants.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The doodle house.
Don’t miss out
What’s the craic? Michael Larabel reports — “The Initial Rust Infrastructure Has Been Merged Into Linux 6.1”:
“Some Linux users in dissent”
Linus Torvalds pulled the initial Rust code into the mainline Linux kernel. [It] has been merged into the mainline Git tree for Linux 6.1.
…
[But] as recently as this weekend there were still some Linux users in dissent over the ideas of the Rust programming language support for the Linux kernel. … This initial 12.5k lines of new code just provides the basic infrastructure. … Building the Linux kernel with the Rust support remains optional.
6.1? I thought it was originally slated for 6.0? Kevin Purdy reminds us — “Linux 6.0 arrives”:
“Torvalds took a wait-and-see approach”
While major Linux releases only happen when the prior number's dot numbers start looking too big—"there is literally no other reason"—there are a lot of notable things rolled into this release. … Not included in 6.0 are Rust enhancements, but those are likely coming in the next point release.
…
Rust, a memory-safe language sponsored by the Mozilla project, started out as something Torvalds took a wait-and-see approach toward … something he was hoping to see in 6.0. … Even just having the "core infrastructure" for Rust in 6.1 signifies a big change in Linux, which has long been dominated by C.
What swayed him? pr0nbot summarizes thuswise:
Linus is a pragmatic fellow and his assessment of Rust is positive. … Something like: It's the first hip language he's looked at that fixes a lot of things that suck about C without adding a load of new suckage like C++. So he's receptive to the idea of Rust in the kernel.
However, that doesn’t mean Rust programmers can automatically jump into kernel programming. Here’s Linus Torvalds’s mini rant:
“You don’t get to choose”
"Rust is safe" is not some kind of absolute guarantee of code safety. … Anybody who believes that should probably … stop believing in the Easter bunny. … This is something that I really need the Rust people to understand. … If you can't deal with the rules that the kernel requires, then just don't do kernel programming.
…
If you want to allocate memory, and you don't want to care about what context you are in, or whether you are holding spinlocks etc, then you damn well shouldn't be doing kernel programming. Not in C, and not in Rust. … That really is very very fundamental. Allocators that "just work" in different contexts are broken garbage within the context of a kernel. … Kernels are special.
…
Having behavior changes depending on context is a total disaster. … This is just how reality is. You don't get to choose the universe you live in.
All of which drew Drew DeVault into thinking this:
“I would have chosen differently”
As Linus recently put it, “Kernel needs trump any Rust needs.” … These constraints have posed, and will continue to pose, a major challenge for Rust in Linux, but on the whole, I think that it will be able to rise to meet them, though perhaps not with as much grace as I would like.
…
In my opinion [Rust] does not belong in the Linux kernel. [But] C is boring — it hasn’t really excited anyone in decades. Rust is exciting, and its community enjoys a huge pool of developers building their brave new world with it. Introducing Rust to the kernel will [expand] the kernel’s developer base from a bunch of aging curmudgeons writing C towards a more inclusive developer pool.
…
Linux is, on the whole, a conservative project. It is deployed worldwide in billions of devices and its reliability is depended on by a majority of Earth’s population. … Rust is one of the riskiest bets Linux has ever considered. … That said, it’s going to happen, and the impact to me is likely to be, at worst, a nuisance. Though I would have chosen differently, I wish them the best of luck.
Aside from memory safety, what’s so “exciting”? blacksmithgu forges a neat list:
I respect the opinion … that Linux should be simple and Rust is adding a lot of complexity to the build and ABI, but the advantage of Rust is not just memory safety. … You get actual tagged enums, modules, sane dependency management, generics, polymorphism, optionals, no unchecked nullability, collections, and many other things. Writing systems software with it — even if you completely ignore memory safety — is a very pleasant experience once you've grokked the language.
But why Rust? Why not C++? DrXym has a prescription: [You’re fired—Ed.]
There is plenty that sucks about C++. Every mistake you can make in C you can make in C++.
…
On top of that it has it's own layer of bull**** to deal with: The rule of 3, the rule of 5, pointer/reference abuse, weird constructor traps around type coercion, destructor traps around use of virtual, fragile base classes, multiple inheritance issues, exceptions, etc., etc. … I'm not surprised the kernel didn't want to go there.
And it’s simply less laborious. So says marlock:
[Here’s] why so many devs are at least interested in exploring Rust as an alternative to C where possible: … Imagine not needing to bend backwards at every second line of code to avoid stupid repetitive pitfalls and reimplement their verbose mitigations all the time throughout the codebase. Plus making the useful code more readable because the extra lines don't need to be in the codebase.
But is the learning curve worth it? You bet, thinks u/NullSurplus:
I find that I don't want to use any other programming language now that I'm becoming proficient in Rust. … I'm starting to feel like Rust is the exact language that I want for all of my projects. It feels like it has the best of both worlds: High level features, and native performance. It feels like it's what programming languages should be.
…
There is room for improvement, but I just don't see myself wanting to return to C++, C# or Python. I'm starting to forget how to use those three languages, and I feel like that would be a lot of knowledge to lose, although I guess I don't really need those languages anymore. … C#'s garbage collector is what lead me down this path to Rust. … There's no reason why they couldn't do reference counting, and I don't understand why they don't. It seems like a more sane approach.
…
I started learning Rust back in February, but I've been programming in various languages for 14 years. … I've already played around with so many languages. Ultimately … I have all my future projects planned in Rust.
But ohmygosh, it seems like adding Rust has doubled the kernel build time. GigaplexNZ sounds succinctly sanguine:
An acceptable tradeoff — if it leads to better memory protection.
And Finally:
Hat tip: planearm
Keep learning
- Learn more about Dev & DevSecOps
- Get up to speed on the SBOM's evolution
- Find out why the NVD needs to evolve to include software supply chain threatss
- See survey report: Tampering top of mind for dev — but detection lags
You have been reading Secure Software Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or ssbw@richi.uk. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Mobilus In Mobili (cc:by-sa; leveled and cropped)