Josh Triplett, an Intel-based company and member of the Crates.io development oversight committee, already presented a working group a few days ago in his speech at the Open Source Technology Summit which aims to bring Rust on par with C in Linux kernel programming.
In the working group, which is in the process of being created, Rust developers, together with Intel engineers, will prepare specifications that can highlight the functionality that Rust needs to implement for programming within the Linux kernel. System programming often requires low-level manipulations, such as executing privileged processor instructions and obtaining detailed information about processor status.
Of the similar capabilities already being developed for Rust, support for unnamed structures is supported, unions (union), assembler inserts (the "asm!" macro), and the BFLOAT16 floating point number format.
Josh believes that the future of system programming lies with Rust, and the C language in modern realities claims to be Assembler's place in the past. Rust not only relieves developers of specific C language problems that arise due to low-level work with memory, but also provides applicability in the development of modern programming paradigms.
During the discussion of Josh's speech, the idea was expressed to:
add the ability to develop Rust language drivers to the Linux kernel, which would allow with minimal effort to create better and more secure drivers that alleviate problems such as accessing the memory area after freeing it, referencing null pointers, and exiting more beyond the limits of the buffer.
Greg Kroah-Hartman, responsible for maintaining a stable branch of the Linux kernel, andx expressed willingness to add a Rust driver framework to the kernel if it has any real advantages over C, for example, it will provide safe bindings over the kernel API. Also, Greg considers this framework only as an option that is not active by default, so as not to include Rust in the number of kernel assembly dependencies.
It turned out that several teams are already working in this direction. For example, Fish in a Barrel developers prepared a toolkit for writing loadable modules for the Linux kernel in the Rust language, using a set of abstract layers on top of kernel interfaces and structures to increase security.
Intermediate layers are automatically generated based on the kernel header files available using the bindgen utility. Clang is used to build intermediate layers. Assembled modules, in addition to layers, use the staticlib package.
At the same time, another project is being developed, focused on the development of controllers for embedded systems and Internet of Things devices, which also uses bindgen to generate collars based on kernel header files.
The framework allows you to improve driver security without making changes to the kernel; Rather than creating additional isolation levels for drivers in the kernel, it is proposed to block problems at compile stage using a more secure Rust language.
Equipment manufacturers are supposed to be able to develop this approach in a hurry without a proper audit.
Not all planned functionality has been implemented yet, but the framework is already quite suitable for the job and is used to write a working driver for the supplied LAN9512 USB Ethernet controller on the Raspberry Pi 3 board.
Existing smsc95xx driver was written as a reference implementation when writing the Rust driver in C language.
It is noted that module size and runtime component overhead are not significant when developing a driver for Rust, which allows you to use the framework for resource-limited devices.