At the ongoing Linux Plumbers 2022 conference these days, an engineer from Western Digital made a presentation on the development of an experimental driver for NVM-Express (NVMe) SSDs written in Rust and running at the Linux kernel level. Despite the fact that the project is still at an early stage of development, the conducted testing showed that the performance of the Rust NVMe driver corresponds to the NVMe driver written in C in the kernel.
The report says that the current NVMe driver in C is completely satisfactory for developers, but the NVMe subsystem is a good platform to explore the feasibility of developing drivers in Rust, as it is quite simple, widely used, has high performance requirements, and has a proven reference implementation. for comparison and supports various interfaces (dev, pci, dma, blk-mq, gendisk, sysfs).
It is noted that the Rust PCI NVMe driver already provides the functionality necessary for operation, but is not yet ready for widespread use, as it requires separate improvements. Plans for the future include getting rid of the existing unsafe blocks, support for removing the device and unloading the driver, supporting the sysfs interface, implementing lazy initialization, creating a driver for blk-mq, and experimenting with an asynchronous programming model for queue_rq.
Additionally, we can note the experiments conducted by the NCC Group to develop drivers in the Rust language for the FreeBSD kernel. As an example, a simple echo driver that returns data written to the /dev/rustmodule file is analyzed in detail. In the next phase of experimentation, the NCC Group is considering reworking core core components in Rust to improve the security of network and file operations.
That being said, although it has been shown that it is possible to create simple modules in Rust, a tighter integration of Rust into the FreeBSD kernel will require additional work. For example, it mentions the need to create a set of abstraction layers over subsystems and kernel structures, similar to add-ons prepared by the Rust for Linux project. In the future, it is planned to conduct similar experiments with the Illumos core and highlight common abstractions in Rust that could be used in Rust-written drivers for Linux, BSD and Illumos.
According to Microsoft and Google, about 70% of vulnerabilities in their software products are caused by unsafe memory management. It is assumed that the use of the Rust language will reduce the risk of vulnerabilities caused by unsafe memory handling, and eliminate the occurrence of errors such as accessing a memory area after it has been freed and buffer overruns.
Memory-safe handling is provided in Rust at compile time through reference checking, keeping track of object ownership and object lifetime (scope), as well as through evaluation of the correctness of memory access during code execution. Rust also provides protection against integer overflows, requires mandatory initialization of variable values before use, handles errors better in the standard library, applies the concept of immutable references and variables by default, offers strong static typing to minimize logical errors.
Source: opennet.ru