rfcs
Rust-for-Linux
rfcs | Rust-for-Linux | |
---|---|---|
673 | 81 | |
5,881 | 3,917 | |
1.2% | 1.7% | |
9.8 | 0.0 | |
7 days ago | 10 days ago | |
Markdown | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfcs
-
Don't defer Close() on writable files
That nobody has gone through the effort of collating its requirements and writing an RFC after https://github.com/rust-lang/rfcs/pull/770 was closed (back in 2015).
I assume a big issue is that this is full of edge cases up the ass, and the value is somewhat limited in the sense that if you know you want durable writes you'll sync() and know you're fucked if you get an error, but close() does not guarantee a sync to disk, as the linux man page indicates:
> A successful close does not guarantee that the data has been successfully saved to disk, as the kernel uses the buffer cache to defer writes.
-
An Optimization That's Impossible in Rust
I never heard of "German strings" in place of the small string optimization before! And there had been way too many proposals to add such types to the standard library [1] [2] [3] [4]. My understanding is that:
1. Both `Vec` and `String` should share the same layout as part of the standard library's contract.
2. Unlike `String`, the equivalent optimization for `Vec` is more questionable especially when T might be any type. C++ standard libraries frequently do implement multiple layouts for std::string but not for std::vector for the same reason.
3. Rust never allows an implicit copying of `String` in the first place, which greatly benefits from the SSO, so the lack of SSO in Rust is less important compared to C++.
[1] https://github.com/rust-lang/rust/issues/4991
[2] https://github.com/rust-lang/rust/issues/20198
[3] https://github.com/rust-lang/rfcs/pull/2990
[4] https://github.com/rust-lang/unsafe-code-guidelines/issues/4...
- Async2 – The .NET Runtime Async experiment concludes
-
Jiff: A brand new Datetime library for Rust, from the builder of ripgrep
nrc was poking at the problem in 2016 https://internals.rust-lang.org/t/struct-field-defaults/3412 which led to this RFC https://github.com/rust-lang/rfcs/pull/1806
It got postponed because it wasn't going to make it into Rust 2018: https://github.com/rust-lang/rfcs/pull/1806#issuecomment-327...
-
Cultivating Open Source Community
You can check out Rust-langs RFC Repo to see their well-documented and thorough process for an RFC.
-
Generics in Rust: murky waters of implementing foreign traits on foreign types
Finally, I found the answer in the RFC Book (RFC stands for Request For Comments). RFC 2451 from 2018-05-30 that starts with the following lines:
-
Ask HN: What April Fools jokes have you noticed this year?
RFC: Add large language models to Rust
https://github.com/rust-lang/rfcs/pull/3603
- Rust to add large language models to the standard library
-
Why does Rust choose not to provide `for` comprehensions?
Man, SO and family has really gone downhill. That top answer is absolutely terrible. In fact, if you care, you can literally look at the RFC discussion here to see the actual debate: https://github.com/rust-lang/rfcs/pull/582
Basically, `for x in y` is kind of redundant, already sorta-kinda supported by itertools, and there's also a ton of macros that sorta-kinda do it already. It would just be language bloat at this point.
Literally has nothing to do with memory management.
- Coroutines in C
Rust-for-Linux
-
Deploying Rust in Existing Firmware Codebases
The goal of rust for linux isn't to wholesale translate linux into rust, but simply to be able to write pieces of linux (largely new ones) in rust. I think it's very unlikely anyone (including google) will take on a wholesale translation anytime soon. That said
> It's unlikely that Google has much sway here
Google has helped fund the rust for linux project pretty much from the start [1], they're one of three organizations mentioned on the homepage due to their sponorship [2]. They're actively involved in it, and have already ported their android "binder" driver into it with the intent to ship it in android. This strikes me as a very weird take.
[1] https://www.memorysafety.org/blog/supporting-miguel-ojeda-ru...
[2] https://rust-for-linux.com/
- Rust for Linux
-
The Linux Kernel Prepares for Rust 1.77 Upgrade
Rust is backwards compatible when you stick to stable features, but the kernel uses unstable features that can and do incur breaking changes.
https://github.com/Rust-for-Linux/linux/issues/2
- Rust in Linux Kernel
-
Mark Russinovich: “Working towards enabling Windows driver development in Rust”
> How would this work?
Don't know exactly what you're asking.
> And why would it be a better idea?
Poorly written device drivers are a significant attack vector. It's one of the reasons Linux is now exploring using Rust for its own device drivers.[0] You may be asking -- why Rust and not some other language? Rust has many of the performance and interoperability advantages of C and C++, but as noted, makes certain classes of memory safety issues impossible. Rust also has significant mindshare among systems programming communities.
[0]: https://rust-for-linux.com
-
The Linux Kernel Module Programming Guide
Ctrl-F "rust"
https://rust-for-linux.com/ links to LWN articles at https://lwn.net/Kernel/Index/#Development_tools-Rust that suggest that only basic modules are yet possible with the rust support in Linux kernels 6.2 and 6.3.
Rust-for-linux links to the Android binder module though:
> Android Binder Driver: This project is an effort to rewrite Android's Binder kernel driver in Rust.
> Motivation: Binder is one of the most security and performance critical components of Android. Android isolates apps from each other and the system by assigning each app a unique user ID (UID). This is called "application sandboxing", and is a fundamental tenet of the Android Platform Security Model.
> The majority of inter-process communication (IPC) on Android goes through Binder. Thus, memory unsafety vulnerabilities are especially critical when they happen in the Binder driver
... "Rust in the Linux kernel" (2021) https://security.googleblog.com/2021/04/rust-in-linux-kernel... :
> [...] We also need designs that allow code in the two languages to interact with each other: we're particularly interested in safe, zero-cost abstractions that allow Rust code to use kernel functionality written in C, and how to implement functionality in idiomatic Rust that can be called seamlessly from the C portions of the kernel.
> Since Rust is a new language for the kernel, we also have the opportunity to enforce best practices in terms of documentation and uniformity. For example, we have specific machine-checked requirements around the usage of unsafe code: for every unsafe function, the developer must document the requirements that need to be satisfied by callers to ensure that its usage is safe; additionally, for every call to unsafe functions (or usage of unsafe constructs like dereferencing a raw pointer), the developer must document the justification for why it is safe to do so.
> We'll now show how such a driver would be implemented in Rust, contrasting it with a C implementation. [...]
This guide with unsafe rust that calls into the C, and then with next gen much safer rust right next to it would be a helpful resource too.
What of the post-docker container support (with userspaces also written in go) should be cloned to rust first?
- Teknisk karrierevej i Danmark som softwareudvikler
-
The state of Flatpak security: major Projects are the worst?
Rust-for-Linux issue tracker
- rust devs in a nutshell
-
Rustproofing Linux (Part 1/4 Leaking Addresses)
Yes, I definitely agree that it's a problem that pr_info implicitly wraps its arguments in unsafe {}. I wrote my own Pull Request with a trival fix.
What are some alternatives?
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
jakt - The Jakt Programming Language
rust - Empowering everyone to build reliable and efficient software.
dafny - Dafny is a verification-aware programming language
crates.io - The Rust package registry
rustig - A tool to detect code paths leading to Rust's panic handler
polonius - Defines the Rust borrow checker.
gccrs - GCC Front-End for Rust
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
PrawnOS - Libre Mainline Kernel and Debian for arm laptops
rust-gc - Simple tracing (mark and sweep) garbage collector for Rust
koka - Koka language compiler and interpreter