Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Linux

Rust in Linux: Maturing with Support from Cisco, Samsung, Canonical (zdnet.com) 44

ZDNet shares on update on "Rust in Linux: Where we are and where we're going next," citing a talk at the Linux Plumbers Conference in Richmond, Virginia by Linux/Rust developer Miguel Ojeda: In brief, Rust Linux is continuing to mature and is getting strong support from developers and vendors, such as Cisco, Samsung, and Canonical... Rust is taking the steps it needs to become — along with C — a fully-fledged member of the Linux language toolchain... That's not to say that we're ready to retire C for Rust just yet. In fact, that day is unlikely ever to come. But Rust is definitely on its way to becoming an important language for Linux development...

As for the day-to-day work that's required to make Rust fully integrated with Linux, the "official" website of the initiative is now the self-explanatory Rust for Linux. This site is your one-stop source for all things Rust on Linux... However, the move forward has not been straightforward. Rust on Linux developers have discovered some problems along the way. For example, while deadlocks, when two or more threads are waiting on the other to finish, are safe in Rust, because they don't result in undefined behavior, they're not safe in the Linux kernel. The programmers are working on fixing this issue...

A related issue is that there's growing interest in backporting Rust support into long-term support (LTS) versions of Linux, specifically 5.15 and 6.1. Some people are especially showing interest in the super LTS Linux 6.1 kernel. However, Linux doesn't generally allow backports into LTS Linuxes. So, if you really, really want fully featured Rust support in an older LTS kernel, you're going to need to pay for it in one way or the other. Another general rule that Rust developers have decided they're going to try to "break" is the rule against duplicate drivers. Usually, no one wants anyone wasting time reinventing the wheel, but some maintainers are open to the idea of experimenting with Rust, by starting simple with a driver they're already familiar with...

These movements are small steps forward, but they're all critical for making Rust equal to C as a Linux programming language.

This discussion has been archived. No new comments can be posted.

Rust in Linux: Maturing with Support from Cisco, Samsung, Canonical

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Saturday November 18, 2023 @04:04PM (#64015157)

    Boy, if there's one company I think of when I think of secure code, it's Cisco.

  • by Press2ToContinue ( 2424598 ) on Saturday November 18, 2023 @04:12PM (#64015169)
    Cisco, Samsung, and Canonical jumping on this bandwagon feels like when your dad starts using TikTok - it's cool, but also, isn't it a bit late? And backporting Rust? That's like trying to install Windows 95 on a Tesla - sure, it's technically possible, but why would you? Let's not even start on the 'duplicate drivers' rule. That's like saying, 'Hey, we already have a perfectly good wheel, but let's reinvent it... in Rust.' Because who doesn't love a bit of extra, unnecessary challenge? Next thing you know, we'll be hearing about Rust-based AI taking over the world.
  • by backslashdot ( 95548 ) on Saturday November 18, 2023 @05:09PM (#64015221)

    Anyone actually believe it will happen? I mean, in a non-token manner. I'm sure it'll be out in 2024, which will also be the year of Linux on the desktop. Amirite?

  • by OneOfMany07 ( 4921667 ) on Saturday November 18, 2023 @05:15PM (#64015227)

    "... while deadlocks, when two or more threads are waiting on the other to finish, are safe in Rust, because they don't result in undefined behavior ..."

    Which I read to mean "the deadlock will be detected and signaled for cleanup automatically"... How?

    I saw the link on "deadlocks" in the original text about avoiding them with correct use of mutexes, but that's just "write code that won't cause this issue". I've glanced at Rust a bit ago, but beyond more explicit labels of how arguments are used I didn't see a ton that looked special or different.

    • by jsonn ( 792303 ) on Saturday November 18, 2023 @05:39PM (#64015269)
      They are solved the same way that memory leaks are solved. By defining it as consistent state.
    • by istartedi ( 132515 ) on Saturday November 18, 2023 @05:42PM (#64015277) Journal

      Yeah, I don't get this either. Any sane threading library will have a function that allows you to time out if you can't acquire a lock. If you don't use that on something that might stay locked forever, it's your fault.

      • by byronivs ( 1626319 ) on Saturday November 18, 2023 @06:00PM (#64015307) Journal

        Puts the normally vigilant to sleep with false sense of security. Once we get it in there we can fix it all right up. We really need to get it in there so it's like it was never not in there. Zealotry convinces the unwitting that it's a good idea because it's a good idea. Anyway I can see and name a crusade when I see one.

        • by aberglas ( 991072 ) on Saturday November 18, 2023 @08:04PM (#64015509)

          I would love to read something succinct about how Rust handles locking and pointers.

          All I can find is long books that go into uninteresting detail or short articles that tell me how good Rust is.

          For memory, my impression is that Rust is like Visual Basic, you use lots of dynamic arrays rather than things like linked list. Plus maybe smart pointers with counters. (Plus the trivial case like a string object with an unshared pointer to an array of characters.)

          For locking, if you use shared memory there is a deep problem. The only really good solution is ACID as used in databases, which involves locking, guaranteed serializable, deadlock detection with rollback etc. using transactions, but is too heavy for a kernel. ACID copies data, it is pointers that are hard.

          • by mrfaithful ( 1212510 ) on Sunday November 19, 2023 @12:37AM (#64015709)

            ACID copies data, it is pointers that are hard.

            I see in Rust threads a common pattern. Someone expresses difficulty in handling stuff that would normally be okay for a C pointer, there are arguments back and forth before eventually you get to choose between: The Rust Way which is complicated and will likely involve much re-architecting and Just Clone It (tm) where you just make copies of everything and forget about trying to wrestle the borrow checker.

            Now, to be clear I'm not denigrating Rust here, that's just a common theme on Rust threads. If anything I'm denigrating the common responses to "I can't do X in rust..."

      • by loonycyborg ( 1262242 ) on Saturday November 18, 2023 @06:38PM (#64015395)
        And what you do if it times out? Abort the program? If locking is responsible for data being in known state then there is no other choice.
    • by functor0 ( 89014 ) on Saturday November 18, 2023 @06:26PM (#64015361)
      My reading of it is that Rust doesn't solve anything for lock inversion: https://www.lurklurk.org/effec... [lurklurk.org].
    • by piojo ( 995934 ) on Saturday November 18, 2023 @07:52PM (#64015499)

      "... while deadlocks, when two or more threads are waiting on the other to finish, are safe in Rust, because they don't result in undefined behavior ..."

      Which I read to mean "the deadlock will be detected and signaled for cleanup automatically"... How?

      Having done a bit of Rust (not much), I believe this means deadlocks are acceptable according to the Rust ethos/compiler, since they don't result in a horribly broken execution such as you would get by overwriting the stack pointer. The program (or those threads) won't continue, but the program is still working as you programmed it.

    • by jmv ( 93421 ) on Sunday November 19, 2023 @02:05AM (#64015771) Homepage

      Rust does not make deadlocks safe (they cannot be). Rather, it disallows some ways of structuring your code and will then refuse to compile your code until you've written it in a way that the compiler can prove that a deadlock (or memory error, or other types of error) cannot occur. That can sometimes make Rust code much harder to write, but the benefit is that you can be much more aggressive at using threads because you don't have to "play it safe because of the risk of errors".

    • I haven't done anything with Rust, and probably won't ever do anything that low level, but, as far as I understand it, by having language features that allow avoiding explicit mutexes most of the time, hidden in the bowels of unsafe code of useful and (mostly) cost-free abstractions. For when you need it, a sentinel is introduced that forces programmers to deal with the failure case (leaking and so on, but no undefined execution) or allow the program to crash.

      At the low level of the kernel, with extra special requirements, you probably can still do some mitigation with typing, but it's a bit beyond me.

  • by Anonymous Coward on Saturday November 18, 2023 @06:07PM (#64015331)

    I assume the next step is Python in the kernel and we can have the slowest most insecure OS in the world.

    Seriously, search the CVE databases and look for Rust projects. It's worse than even Java.

    It's buggy, easy to accidentally write insecure code, bloated, slow, and difficult to maintain. Why Rust? It sucks. It's being pushed by inexperienced children as the hot new thing because they don't know what they are doing.

  • by gweihir ( 88907 ) on Sunday November 19, 2023 @03:10AM (#64015807)

    With their history of backdoored products, they will probably just try to get backdoors into the kernel.

  • by vbdasc ( 146051 ) on Sunday November 19, 2023 @03:18AM (#64015825)

    People wanted to put C++ code in Linux, but Linus didn't let them. Then, Linus relented and allowed Rust, as a replacement for the never-happened C++ - in - Linux. That's the whole reason for the existence of Rust in Linux.

    Rust is designed to compete with C++ , not with C.

    • by wertigon ( 1204486 ) on Sunday November 19, 2023 @06:40PM (#64017009)

      To be fair, writing kernel code in C++, where you want to keep things as close to the metal as humanly possible, ideally writing assembler if the damn thing wasn't so hard to trace... Is not the best of ideas.

      In kernel space you can't use a ton of the features C++ brings to the table without incurring significant performance problems. Often times memory is constrained, and just invoking an iterator can allocate four bytes of memory extra. "Bruh who cares about 4 bytes don't you have two gigs spare?" and again, no you do not. Modern CPUs have L1, L2, L3 cache and keeping within the limits of these caches massively reduce memory paging and thus massively reduce the time spent waiting for, say, L3 calls.

      When you are writing code that should fit within 16 kb of L1 cache, all of a sudden memory usage becomes very important. This is not to say C is the proper tool everywhere within the kernel though.

      • by gmit ( 4661911 ) on Friday November 24, 2023 @06:33PM (#64029587)
        You have heard some terms, but you have absolutely no idea what are you talking... In 99% of kernel you don't have to be 'as close to the metal as humanly possible'. 'ideally writing assembler' - lol. why? You can use almost all C++ features if you understand them. Making code that doesn't perform well is easy to do in any language... Your cache elaboration is so missed it's impossible to figure out where to begin with...

grep me no patterns and I'll tell you no lines.

Working...