Nick Desanier (), engaged in Google providing Linux kernel builds using the Clang compiler and also fix bugs in the Rust compiler, to attend a conference session to discuss enabling the development of core components in Rust. Nick is hosting an LLVM micro-conference and thinks it would be a good idea to discuss the technical aspects of possibly integrating Rust support into the core (he already has a working prototype for KBuild) and understand whether such support should be added at all and what restrictions should Rust use. accept.
Recall that in a recent discussion at the Open Source Summit and Embedded Linux conference, Linus Torvalds the emergence of bindings for the development of non-core kernel subsystems (for example, drivers) in languages ββsuch as Rust. The ability to develop drivers in the Rust language would allow, with minimal effort, to create safer and better drivers, free from such problems as accessing a memory area after it is freed, dereferencing null pointers, and buffer overruns. There are already several third-party projects to implement this feature:
- Developers from Fish in a Barrel a toolkit for writing loadable modules for the Linux kernel in Rust, using a set of abstract layers over interfaces and kernel structures to increase security. Layers are automatically generated based on the available kernel header files using the utility . Clang is used to build layers. The built modules use the staticlib package in addition to the layers.
- Researchers at the Chinese University of Hong Kong a project for developing drivers for embedded systems and IoT devices in Rust, which also uses bindgen to generate layers based on kernel header files. The framework allows you to improve the security of drivers without making changes to the kernel - instead of creating additional isolation levels for drivers in the kernel, it is proposed to block problems at the compilation stage by using the more secure Rust language. It is assumed that such an approach may be in demand by equipment manufacturers who develop proprietary drivers in a hurry without a proper audit.
- Framework Developers to translate C code to Rust, experiments on converting kernel modules with minimal manual edits. Of the problems, the use in many parts of the core of code that uses GCC extensions that are not yet supported in C2Rust is noted. To address this issue, C2Rust plans to add support for the GCC inline, cold, alias, used, and section attributes, as well as extend inline assembler capabilities and address issues with structures that are both aligned and boxed (e.g., xregs_state). Of the significant problems that require manual work, it is noted that it is impossible to translate non-trivial C macros into Rust macros and the need to redefine types, since C2Rust translates C types into definitions in the libc package, but this package cannot be used in kernel modules.
Source: opennet.ru