Miguel Ojeda, author of the Rust-for-Linux project, has proposed a third component option for developing device drivers in the Rust language for Linux kernel developers to consider. Rust support is considered experimental, but has already been agreed upon for inclusion in the linux-next branch. The development is funded by Google and the ISRG (Internet Security Research Group), which is the founder of the Let's Encrypt project and promotes HTTPS and the development of technologies to improve Internet security.
Recall that the proposed changes make it possible to use Rust as a second language for developing drivers and kernel modules. Rust support is presented as an option that is not enabled by default and does not result in the inclusion of Rust among the required build dependencies for the kernel. Using Rust to develop drivers will allow you to create safer and better drivers with minimal effort, free from problems such as accessing a memory area after it is freed, dereferencing null pointers, and buffer overruns.
Memory-safe handling is provided in Rust at compile time through reference checking, keeping track of object ownership and object lifetime (scope), as well as through evaluation of the correctness of memory access during code execution. Rust also provides protection against integer overflows, requires mandatory initialization of variable values before use, handles errors better in the standard library, applies the concept of immutable references and variables by default, offers strong static typing to minimize logical errors.
The new version of the patches continues to eliminate the comments made during the discussion of the first and second versions of the patches. The most noticeable changes:
- A transition has been made to using the stable release of Rust 1.57 as the reference compiler and a link to the stabilized edition of the Rust 2021 language has been provided. Previously, patches were tied to the beta branch of Rust and used some language features that were classified as unstable. The transition to the Rust 2021 specification allowed us to initiate work to avoid the use of such unstable features in patches as const_fn_transmute, const_panic, const_unavailable_unchecked and core_panic and try_reserve.
- The development of the alloc version of the Rust library included in the patches has continued, modified to rid the memory allocation functions of possible generation of the “panic” state when errors occur, such as out of memory. The new version implements the “no_rc” and “no_sync” options to disable functionality not used in the kernel Rust code, making the library more modular. Work continues with the main alloc developers, aimed at transferring the changes needed for the kernel to the main library. The “no_fp_fmt_parse” option, required for the library to work at the kernel level, has been moved to the Rust base library (core).
- The code has been cleaned to get rid of possible compiler warnings when building the kernel in CONFIG_WERROR mode. When building code in Rust, additional compiler diagnostic modes and Clippy linter warnings are enabled.
- Abstractions are proposed for use in Rust code for seqlocks (sequence locks), callback calls for power management, I/O Memory (readX/writeX), interrupt and thread handlers, GPIO, access to devices, drivers and credentials.
- The tools for driver development have been expanded to include relocatable mutexes, bit iterators, simplified pointer bindings, improved fault diagnostics, and data bus-independent infrastructure.
- Improved work with links using a simplified Ref type, based on the refcount_t backend, which uses the kernel API of the same name for counting references. Support for the Arc and Rc types provided in the standard alloc library has been removed and is not available in code executed at the kernel level (options have been prepared for the library itself that disable these types).
- The patches include a version of the PL061 GPIO driver, rewritten in Rust. A special feature of the driver is that its implementation almost line by line repeats the existing GPIO driver in the C language. For developers who want to get acquainted with creating drivers in Rust, a line-by-line comparison has been prepared that allows them to understand which constructs in Rust the C code is converted into.
- The main Rust codebase has adopted rustc_codegen_gcc, a rustc backend for GCC that implements ahead-of-time (AOT) compilation using the libgccjit library. With proper development of the backend, it will allow you to collect the Rust code involved in the kernel using GCC.
- In addition to ARM, Google and Microsoft, Red Hat has expressed interest in using the Rust language in the Linux kernel. Let us recall that Google directly provides support for the Rust for Linux project, is developing a new implementation of the Binder interprocess communication mechanism in Rust, and is considering the possibility of reworking various drivers in Rust. Microsoft has begun implementing drivers for Hyper-V in Rust. ARM is working on improving Rust support for ARM-based systems. IBM has implemented Rust support in the kernel for PowerPC systems.
Source: opennet.ru