Rust-for-Linux VS linux

Rust is backwards compatible when you stick to stable features, but the kernel uses unstable features that can and do incur breaking changes.

https://github.com/Rust-for-Linux/linux/issues/2

> How would this work?

Don't know exactly what you're asking.

> And why would it be a better idea?

Poorly written device drivers are a significant attack vector. It's one of the reasons Linux is now exploring using Rust for its own device drivers.[0] You may be asking -- why Rust and not some other language? Rust has many of the performance and interoperability advantages of C and C++, but as noted, makes certain classes of memory safety issues impossible. Rust also has significant mindshare among systems programming communities.

[0]: https://rust-for-linux.com

Ctrl-F "rust"

https://rust-for-linux.com/ links to LWN articles at https://lwn.net/Kernel/Index/#Development_tools-Rust that suggest that only basic modules are yet possible with the rust support in Linux kernels 6.2 and 6.3.

Rust-for-linux links to the Android binder module though:

> Android Binder Driver: This project is an effort to rewrite Android's Binder kernel driver in Rust.

> Motivation: Binder is one of the most security and performance critical components of Android. Android isolates apps from each other and the system by assigning each app a unique user ID (UID). This is called "application sandboxing", and is a fundamental tenet of the Android Platform Security Model.

> The majority of inter-process communication (IPC) on Android goes through Binder. Thus, memory unsafety vulnerabilities are especially critical when they happen in the Binder driver

... "Rust in the Linux kernel" (2021) https://security.googleblog.com/2021/04/rust-in-linux-kernel... :

> [...] We also need designs that allow code in the two languages to interact with each other: we're particularly interested in safe, zero-cost abstractions that allow Rust code to use kernel functionality written in C, and how to implement functionality in idiomatic Rust that can be called seamlessly from the C portions of the kernel.

> Since Rust is a new language for the kernel, we also have the opportunity to enforce best practices in terms of documentation and uniformity. For example, we have specific machine-checked requirements around the usage of unsafe code: for every unsafe function, the developer must document the requirements that need to be satisfied by callers to ensure that its usage is safe; additionally, for every call to unsafe functions (or usage of unsafe constructs like dereferencing a raw pointer), the developer must document the justification for why it is safe to do so.

> We'll now show how such a driver would be implemented in Rust, contrasting it with a C implementation. [...]

This guide with unsafe rust that calls into the C, and then with next gen much safer rust right next to it would be a helpful resource too.

What of the post-docker container support (with userspaces also written in go) should be cloned to rust first?

Rust-for-Linux issue tracker

Yes, I definitely agree that it's a problem that pr_info implicitly wraps its arguments in unsafe {}. I wrote my own Pull Request with a trival fix.

Note that this template won't work with Linux 6.1, which has very minimal Rust support. You'll want the RustForLinux tree, or maybe Linux 6.2.

You can join Rust for Linux zulip chat by requesting invite using the link in https://github.com/Rust-for-Linux/linux 's README.

These are a bit easier to see what's going on:

https://github.com/torvalds/linux/commit/d5cf50dafc9dd5faa1e...

https://github.com/torvalds/linux/blob/d5cf50dafc9dd5faa1e61...

Unfortunately Github doesn't have a way to render symbols for whitespace, but you can tell by selecting the spaces that the previous version had leading tabs. Linus changed it so that the tokens `default` and the number e.g. `12` are also separated by a tab. This is tricky, because the token "default" is seven characters, it will always give this added tab a width of 1 char which makes it always layout the same as if it were a space no matter if you use tab widths of 1, 2, 4, or 8.

There was also a Gentoo effort to run atop FreeBSD[0]. The challenge of course is that afaik none of the BSD kernel ABIs are considered stable. The stable interface is the BSD libc. That said, with binfmt_misc, I don't see a reason you couldn't just run (at least some) FreeBSD binaries on Linux with a thin syscall translation layer (rather something like qemu-system) and then your layer hooked via binfmt_misc. I'm not aware of anyone who has done this for FreeBSD, but prior efforts existed as alternate binfmts for SysVr4/5 ELF binaries[2]. Either way would take some elbow grease, but you *might* even be able just reuse binfmt_elf and just have a new interpreter for FreeBSD elf.

[0] https://wiki.gentoo.org/wiki/Gentoo_FreeBSD

[1] https://docs.kernel.org/admin-guide/binfmt-misc.html

[2] https://github.com/torvalds/linux/blob/master/fs/binfmt_elf....

> The original less-than check was deemed incorrect

It was only deemed incorrect because of an information leak. Not because it's a valid use-case for user space to copy smaller portions of *hwrpb into user space. https://github.com/torvalds/linux/commit/21c5977a836e399fc71...

Correct. And the combined work needs to carry the MIT license text and copyright attributions for the MIT software authors. With binary distribution it must also be overt, not hidden in some source code drop, but directly accompanying the binary.

Many people who talk about relicensing never credit the MIT developers or distribute the MIT license text. "Because it's GPL now."

I don't think that you believe that, but many developers do.

Some don't see the need for source code scans for Open Source compliance, because the license.txt says GPL, so it's GPL. Prime example is the Linux kernel. There is code under different licenses in there, but people don't even read https://github.com/torvalds/linux/blob/master/COPYING till the end ("In addition, other licenses may also apply.") and conclude it's simply GPL 2 and nothing else.

Also be aware that sublicensing is not the same as relicensing.

> Does he have something against it?

He notoriously hates GNU Emacs, yes.

https://marc.info/?m=122955159617722

https://github.com/torvalds/linux/blob/master/Documentation/...

So If we would only count code and not comments, it is only 9489 LoC Rust. Which would be about 0.03% and if we take all lines and not only LoC it would be around 0.05%

[0] https://github.com/XAMPPRocky/tokei

[1] https://github.com/torvalds/linux/commit/b401b621758e46812da...

AIUI fsync is built on futex_waitv which has been upstreamed. So this has to be more than that.

https://github.com/torvalds/linux/commit/a0eb2da92b715d0c97b...

git clone --no-checkout --depth 1 https://github.com/torvalds/linux.git $dir