Rust-for-Linux
rustig
Our great sponsors
Rust-for-Linux | rustig | |
---|---|---|
79 | 9 | |
3,792 | 215 | |
1.6% | 0.0% | |
0.0 | 0.0 | |
2 days ago | over 2 years ago | |
C | Rust | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Rust-for-Linux
-
The Linux Kernel Prepares for Rust 1.77 Upgrade
Rust is backwards compatible when you stick to stable features, but the kernel uses unstable features that can and do incur breaking changes.
https://github.com/Rust-for-Linux/linux/issues/2
- Rust in Linux Kernel
-
Mark Russinovich: “Working towards enabling Windows driver development in Rust”
> How would this work?
Don't know exactly what you're asking.
> And why would it be a better idea?
Poorly written device drivers are a significant attack vector. It's one of the reasons Linux is now exploring using Rust for its own device drivers.[0] You may be asking -- why Rust and not some other language? Rust has many of the performance and interoperability advantages of C and C++, but as noted, makes certain classes of memory safety issues impossible. Rust also has significant mindshare among systems programming communities.
[0]: https://rust-for-linux.com
-
The Linux Kernel Module Programming Guide
Ctrl-F "rust"
https://rust-for-linux.com/ links to LWN articles at https://lwn.net/Kernel/Index/#Development_tools-Rust that suggest that only basic modules are yet possible with the rust support in Linux kernels 6.2 and 6.3.
Rust-for-linux links to the Android binder module though:
> Android Binder Driver: This project is an effort to rewrite Android's Binder kernel driver in Rust.
> Motivation: Binder is one of the most security and performance critical components of Android. Android isolates apps from each other and the system by assigning each app a unique user ID (UID). This is called "application sandboxing", and is a fundamental tenet of the Android Platform Security Model.
> The majority of inter-process communication (IPC) on Android goes through Binder. Thus, memory unsafety vulnerabilities are especially critical when they happen in the Binder driver
... "Rust in the Linux kernel" (2021) https://security.googleblog.com/2021/04/rust-in-linux-kernel... :
> [...] We also need designs that allow code in the two languages to interact with each other: we're particularly interested in safe, zero-cost abstractions that allow Rust code to use kernel functionality written in C, and how to implement functionality in idiomatic Rust that can be called seamlessly from the C portions of the kernel.
> Since Rust is a new language for the kernel, we also have the opportunity to enforce best practices in terms of documentation and uniformity. For example, we have specific machine-checked requirements around the usage of unsafe code: for every unsafe function, the developer must document the requirements that need to be satisfied by callers to ensure that its usage is safe; additionally, for every call to unsafe functions (or usage of unsafe constructs like dereferencing a raw pointer), the developer must document the justification for why it is safe to do so.
> We'll now show how such a driver would be implemented in Rust, contrasting it with a C implementation. [...]
This guide with unsafe rust that calls into the C, and then with next gen much safer rust right next to it would be a helpful resource too.
What of the post-docker container support (with userspaces also written in go) should be cloned to rust first?
- Teknisk karrierevej i Danmark som softwareudvikler
-
The state of Flatpak security: major Projects are the worst?
Rust-for-Linux issue tracker
- rust devs in a nutshell
-
Rustproofing Linux (Part 1/4 Leaking Addresses)
Yes, I definitely agree that it's a problem that pr_info implicitly wraps its arguments in unsafe {}. I wrote my own Pull Request with a trival fix.
-
how to compile a rust "hello world" with kernel 6.1?
Note that this template won't work with Linux 6.1, which has very minimal Rust support. You'll want the RustForLinux tree, or maybe Linux 6.2.
-
If your dream was to be part of a big project like the linux kernel, what would be the first step if you are already an average programmer?
You can join Rust for Linux zulip chat by requesting invite using the link in https://github.com/Rust-for-Linux/linux 's README.
rustig
-
Is there something like "super-safe" rust?
There is also rustig though it seems quite dead.
-
Is Rust really safe? How to identify functions that can potentially cause panic
There’s the rustig tool (https://github.com/Technolution/rustig) that looks for code paths leading to the panic handler. Not sure if it still works though.
-
My thoughts on Rust and C++
That's fair. I think I may just be a bit sore that Rustig was allowed to bit-rot and findpanics hasn't seen a commit since 2020.
- What improvements would you like to see in Rust or what design choices do you wish were reconsidered?
-
Things I hate about Rust, redux
There's Rustig which does it for panics, though it seems unmaintained and uses inspection of the final binary rather than source code/AST inspection.
You might be interested in this: https://github.com/Technolution/rustig
-
Three Things Go Needs More Than Generics
> Doesnt Rust have implicit panics on indexing out of bounds?
It does yes. A fair number of other constructs can panic as well.
> I wonder if any codebases lint those away.
Clippy has a lint for indexing so probably.
For the general case, it's almost impossible unless you're working on very low-level software (embedded, probably kernel-rust eventually) e.g. `std` assumes allocations can't fail, so any allocation will show up as a panic path.
https://github.com/Technolution/rustig can actually uncover panic paths, but because of the above the results are quite noisy, and while it's possible to uncover bugs thanks to rustig it requires pretty ridiculous amounts of filtering.
-
Linus Torvalds on Rust support in kernel
This comment is strongly confused.
> [1] https://github.com/Technolution/rustig
That's a binary analysis tool. It is only approximate, and does not claim to be an accurate analysis like unsafe-checking and typechecking are:
https://github.com/Technolution/rustig#limitations
> All paths leading to panic! from one of those functions (whether actually used or not) will be reported.
It also only works on x86_64 binaries.
Panics are an ugly leftover from the bad old days before Rust had nice monad-like syntax for Result error-handling (the "?" syntax). It's time for panic to sunset.
What are some alternatives?
jakt - The Jakt Programming Language
go101 - An up-to-date (unofficial) knowledge base for Go programming self learning
gccrs - GCC Front-End for Rust
bastion - Highly-available Distributed Fault-tolerant Runtime
rfcs - RFCs for changes to Rust
pwninit - pwninit - automate starting binary exploit challenges
dafny - Dafny is a verification-aware programming language
kani - Kani Rust Verifier
koka - Koka language compiler and interpreter
gdbstub - An ergonomic, featureful, and easy-to-integrate implementation of the GDB Remote Serial Protocol in Rust (with no-compromises #![no_std] support)
PrawnOS - Libre Mainline Kernel and Debian for arm laptops
go - The Go programming language