Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Programming Linux

Linux Kernel Gets More Infrastructure for Rust, Increasing Interest in the Language (sdtimes.com) 39

Linux 6.1 (released last month) included what Linus Torvalds described as "initial Rust scaffolding," remembers this update from SD Times But now, "work has already been done since the 6.1 release to add more infrastructure for Rust in the kernel, though still none of the code interacts with any C code."

And there's still no actual Rust code in Linux: "You need to get all those things that can make sure that Rust can compile, and you can do the debugging and all these things," explained Joel Marcey, director of advocacy and operations for the Rust Foundation, "and make sure that the memory safety is there and all that sort of stuff. And that has to happen first before you can actually write any real code in Rust for the Linux kernel itself."

Marcey explained that Linux is going to be doing this inclusion very piecemeal, with lots of little integrations here and there over time so they can see how it is working. "I would imagine that over the next year, you're going to see more small incremental changes to the kernel with Rust, but as people are seeing that it's actually kind of working out, you'll be able to maybe, for example, write Linux drivers or whatever with Rust," said Marcey....

According to Bec Rumbul, executive director of the Rust Foundation, Rust being added to the kernel is an "enormous vote of confidence in the Rust programming language." She explained that in the past other languages have been planned to make it into the kernel and ended up not getting put in. "I think having someone with the kind of intellectual gravity of Linus Torvalds saying 'No, it's going in there,' that kind of says an awful lot about how reliable Rust already is and how much potential there is for the future as well," she said.

Rumbul believes that there will be an increased interest in the language, which is still relatively new (It first made its debut in 2010) compared to some of the other languages out there to choose from. "I suspect that because Rust is now in the kernel, and it's just being talked about much ... more widely, that it will seem like an attractive prospect to a lot of people that are looking to develop their skills and their knowledge," she said. Rumbul hopes people will also be inspired to participate in the language as contributors and maintainers, because those are some of the less popular roles within open source, but are extremely critical to the health of a language, she explained.

The Rust Foundation also launched a new security team in September to ensure best practices (including a dedicated security engineer). Their first initiative will be a security audit and threat modeling exercises. "We want to basically shore up," Rust operations director Marcey tells SD Times, "to ensure that Rust itself is actually as secure as we always say it is."

In this year's Stack Overflow Developer Survey, 86.73% of developers said they love Rust.
This discussion has been archived. No new comments can be posted.

Linux Kernel Gets More Infrastructure for Rust, Increasing Interest in the Language

Comments Filter:
  • In this year's Stack Overflow Developer Survey, 86.73% of developers said they love Rust.

    What's the point of including four significant digits when the majority of those have never tried Rust?

    • In this year's Stack Overflow Developer Survey, 86.73% of developers said they love Rust.

      What's the point of including four significant digits when the majority of those have never tried Rust?

      Grab the interest of bean counters?

  • by piojo ( 995934 ) on Sunday November 27, 2022 @02:21PM (#63083470)

    The Rust Foundation also launched a new security team in September... "to ensure that Rust itself is actually as secure as we always say it is."

    I'm nervous about the possibility of supply chain attacks in the ecosystem. Rust isn't like C++ where you can choose one or two well trusted large libraries and have most of the features you want. The Rust standard library is decent but not extensive. Something as simple as easy exception creation/handling needs a third party library. And the third party libraries use third party libraries. It would be all too possible for someone to become a contributor, then slip in some malicious code. I think this is Rust's biggest vulnerability, and I hope it's addressed in the next couple years.

    • In other words, it has the same vulnerabilities as J2EE, which recently gave us (and in some case is still "giving") the log4shell bug - trusting 3rd parties for basic functionality.
      • It is vulnerable to this same class of attacks, yes. True also with python, javascript, java and so on.

        It is less vulnerable to standard library attrition -- as we see with the URL pakages in python where everyone uses requests, for example.

        Win some, lose some.

    • That was an explicit decision during Rust development. It means that they can give strong future proof guarantees for the standard library, without having to give the same guarantee for all of Rust. Opens them for supply chain attacks, yes, but then is protection against backward compatibility attacks which was, effectively, what caused log4j.

      Looked at another way, the problem is not supply chain attacks, but having a good set of dependencies, supported similarly to the Rust language for all the "standard"

    • > the third party libraries use third party libraries.

      https://xkcd.com/2347/ [xkcd.com]

    • by ArmoredDragon ( 3450605 ) on Sunday November 27, 2022 @05:46PM (#63083818)

      m nervous about the possibility of supply chain attacks in the ecosystem. Rust isn't like C++ where you can choose one or two well trusted large libraries and have most of the features you want.

      Yeah it's not at all like C++. For one, C++ got heavy lobbying to get included in the Linux kernel, and was denied. So don't treat it like C++. Having said that...

      The Rust standard library is decent but not extensive.

      That's a deliberate design choice. The Rust maintainers WANT a small standard library. By having a small standard library, you don't find yourself having to live with bad past design decisions anywhere near as often, which is a big problem that C++ has.

      Something as simple as easy exception creation/handling needs a third party library.

      Well I have to ask, why on earth do you need exceptions to begin with? In C++ they're heavily HEAVILY abused, and in general shouldn't even be used at all. An exception is supposed to be an exceptional event, so what do C++ programmers do...Oh the file wasn't found? Better throw a "file not found exception" and unwind the stack so that we can catch it somewhere else. Oh and here's a scenario where a function might have nothing to return, so let's return a null pointer, so the caller can try to dereference it only to throw a null pointer exception, so that we can then unwind the stack so that it can then be caught somewhere else, so that...

      It's madness. Do yourself a favor, and don't do that bullshit. You shouldn't even be allowing exceptions to occur to begin with, it's just shitty design. For example, it's much better to check if a variable has a null pointer first, rather than simply surrounding the code with a try/catch and then blindly dereferencing it (Java programmers tend to be really bad at this.)

      This is why Rust uses option and result enums, and has no exceptions at all. Under the hood, these are standard Rust enums, which in C parlance are tagged unions. A Rust function that can return something never returns nothing only so the caller can throw an exception and unwind the stack. Option and Result give the programmer no choice other than to check if something is wrong first and then choose how to handle it. No blind dereferencing allowed. Besides, if something has really gone horribly wrong, that is, a truly exceptional event like say your binary executed an invalid opcode, your program should probably stop entirely, not unwind the stack and then do some convoluted bullshit with it later, because at that point you're almost certainly in a bad state where you shouldn't be trusting anything to work correctly. In Rust, this is called a panic. You can write your own panic handler, but unless you've got some profoundly good reason to do so (i.e. you're writing software whose outcome means life vs death) then why? It's already incredibly easy to write code in Rust that is guaranteed to never panic so long as the underlying hardware is functioning correctly. THAT is what exceptions should be for, not handling null pointers or files not being found.

      The only good reason to do anything with exceptions at all in Rust, that I can think of, that aren't life or death scenarios, is if your code is calling into some badly written C++ library. Then yeah, you'll want to use maybe the catch-unwind crate.

      This is not at all to say that Rust is perfect. Rust has a few warts, and here's one of them:

      https://github.com/rust-lang/r... [github.com]

      What you're talking about here isn't. Those are features, not bugs.

      • by ljw1004 ( 764174 ) on Sunday November 27, 2022 @11:59PM (#63084376)

        I think the point might be that (1) rust rightly uses result type for errors, (2) result type for errors is insufferable boilerplate in rust without either 'anyhow' or 'thiserror' third party crates (depending on whether you're writing an application or a library)

        • by piojo ( 995934 )

          Yes indeed, thank you. I wrote "exceptions" so my point would be clear to non-Rust programmers, but I didn't realize I was creating an ambiguity. (I've never had to deal with C/C++ exceptions from Rust code.)

          After I posted, I checked and found something nice: 'anyhow' doesn't depend on any other crates. If only the same could be said of 'clap', 'regex', 'rand', etc. (I see a lot of these crates have minimal mandatory dependencies, and the current version of 'cargo add' tells me which features are enabled an

      • Oh and here's a scenario where a function might have nothing to return, so let's return a null pointer, so the caller can try to dereference it only to throw a null pointer exception

        That doesn't work in C++, which has no null pointer exception. Dereferncing a null pointer is undefined behavior and typically results in a segfault-style crash, same as in C.

        What you describe is common (and, I agree, bad) in Java.

  • I think Linux should just stick with C and not morph into an hybridised clusterfuck of C and Rust. Devs interested in Rust should probably go with a cleanroom implementation. For instance RedoxOS, which is not encumbered with all the legacy baggage that Linux has.
    Never underestimate Gall’s Law which states that. "all complex systems that work evolved from simpler systems that worked. If you want to build a complex system that works, build a simpler system first, and then improve it over time" That is
    • Don't worry, nothing major will be written in it. All the flakes who gravitate to the "new hotness" will get bored and move on to something else before actually getting to production quality code.
    • All the insults we give towards Windows apply to Unix equally. The bad design is from C and it is madness in the 21st century to be dealing with memory management and keeping track of these these things in a non safe environment. Rust is a Godsend

  • Rust isn't self hosting. It's another toy language.

If all else fails, lower your standards.

Working...