CommunityNews

CommunityNews

Linus Torvalds on Rust support in kernel

On Wed, Apr 14, 2021 at 11:46 AM ojeda@kernel.org wrote:

Some of you have noticed the past few weeks and months that
a serious attempt to bring a second language to the kernel was
being forged. We are finally here, with an RFC that adds support
for Rust to the Linux kernel.

So I replied with my reactions to a couple of the individual patches,
but on the whole I don’t hate it.

HOWEVER.

I do think that the “run-time failure panic” is a fundamental issue.

I may not understand the ramifications of when it can happen, so maybe
it’s less of an issue than I think it is, but very fundamentally I
think that if some Rust allocation can cause a panic, this is simply
fundamentally not acceptable.

Allocation failures in a driver or non-core code - and that is by
definition all of any new Rust code - can never EVER validly cause
panics. Same goes for “oh, some case I didn’t test used 128-bit
integers or floating point”.

So if the Rust compiler causes hidden allocations that cannot be
caught and returned as errors, then I seriously think that this whole
approach needs to be entirely NAK’ed, and the Rust infrastructure -
whether at the compiler level or in the kernel wrappers - needs more
work.

So if the panic was just some placeholder for things that can be
caught, then I think that catching code absolutely needs to be
written, and not left as a to-do.

And if the panic situation is some fundamental “this is what the Rust
compiler does for internal allocation failures”, then I think it needs
more than just kernel wrapper work - it needs the Rust compiler to be
fixed.

Because kernel code is different from random user-space system tools.
Running out of memory simply MUST NOT cause an abort. It needs to
just result in an error return.

I don’t know enough about how the out-of-memory situations would be
triggered and caught to actually know whether this is a fundamental
problem or not, so my reaction comes from ignorance, but basically the
rule has to be that there are absolutely zero run-time “panic()”
calls. Unsafe code has to either be caught at compile time, or it has
to be handled dynamically as just a regular error.

With the main point of Rust being safety, there is no way I will ever
accept “panic dynamically” (whether due to out-of-memory or due to
anything else - I also reacted to the “floating point use causes
dynamic panics”) as a feature in the Rust model.

       Linus

https://lkml.org/lkml/2021/4/14/1099

This thread was posted by one of our members via one of our news source trackers.

Popular Linux topics Top

New
First poster: bot
The Year of the Linux Desktop. The year of the Linux desktop has arrived. This is a guide for how to improve the Linux desktop experienc...
New
CommunityNews
Linux is the poster-child for the C language. But times change. The Rust language has been slowly gathering support for use as a system l...
New
First poster: bot
On Wed, Apr 14, 2021 at 11:46 AM ojeda@kernel.org wrote: Some of you have noticed the past few weeks and months that a serious attempt...
New
First poster: bot
The Linux HOWTOs are detailed “how to” documents on specific subjects. The HOWTO index lists all HOWTOs along with short descriptions. Th...
New
First poster: bot
Refusing to support my friends’ and family members’ devices that do not run Linux is the next step in my personal fight against products ...
New
First poster: bot
Jack Wallen has a bone to pick with cloud services run by Google, Microsoft and Apple. The cloud is run by Linux and open-source. Ther...
New
First poster: bot
This is a ‘Linux Swiss Army Knife’, offering maximum utility while still being able to fit in your pocket. Is it fast? No. Can it run a G...
New
First poster: bot
In my previous article “Why you should migrate everything from Linux to BSD” part 1 and part 2 I addressed some of the “political issues”...
New
Eiji
Hi, I have found a helpful video today. Discord is one of the most popular chat apps. However it’s updater on Linux actually causes more ...
New

Other popular topics Top

AstonJ
Or looking forward to? :nerd_face:
New
Exadra37
I am thinking in building or buy a desktop computer for programing, both professionally and on my free time, and my choice of OS is Linux...
New
New
PragmaticBookshelf
Rust is an exciting new programming language combining the power of C with memory safety, fearless concurrency, and productivity boosters...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
AstonJ
Seems like a lot of people caught it - just wondered whether any of you did? As far as I know I didn’t, but it wouldn’t surprise me if I...
New
gagan7995
API 4 Path: /user/following/ Method: GET Description: Returns the list of all names of people whom the user follows Response [ { ...
New
PragmaticBookshelf
Author Spotlight Erin Dees @undees Welcome to our new author spotlight! We had the pleasure of chatting with Erin Dees, co-author of ...
New
First poster: bot
zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...
New
AstonJ
Curious what kind of results others are getting, I think actually prefer the 7B model to the 32B model, not only is it faster but the qua...
New