
CommunityNews
Linus Torvalds on Rust support in kernel
On Wed, Apr 14, 2021 at 11:46 AM ojeda@kernel.org wrote:
Some of you have noticed the past few weeks and months that
a serious attempt to bring a second language to the kernel was
being forged. We are finally here, with an RFC that adds support
for Rust to the Linux kernel.So I replied with my reactions to a couple of the individual patches,
but on the whole I don’t hate it.HOWEVER.
I do think that the “run-time failure panic” is a fundamental issue.
I may not understand the ramifications of when it can happen, so maybe
it’s less of an issue than I think it is, but very fundamentally I
think that if some Rust allocation can cause a panic, this is simply
fundamentally not acceptable.Allocation failures in a driver or non-core code - and that is by
definition all of any new Rust code - can never EVER validly cause
panics. Same goes for “oh, some case I didn’t test used 128-bit
integers or floating point”.So if the Rust compiler causes hidden allocations that cannot be
caught and returned as errors, then I seriously think that this whole
approach needs to be entirely NAK’ed, and the Rust infrastructure -
whether at the compiler level or in the kernel wrappers - needs more
work.So if the panic was just some placeholder for things that can be
caught, then I think that catching code absolutely needs to be
written, and not left as a to-do.And if the panic situation is some fundamental “this is what the Rust
compiler does for internal allocation failures”, then I think it needs
more than just kernel wrapper work - it needs the Rust compiler to be
fixed.Because kernel code is different from random user-space system tools.
Running out of memory simply MUST NOT cause an abort. It needs to
just result in an error return.I don’t know enough about how the out-of-memory situations would be
triggered and caught to actually know whether this is a fundamental
problem or not, so my reaction comes from ignorance, but basically the
rule has to be that there are absolutely zero run-time “panic()”
calls. Unsafe code has to either be caught at compile time, or it has
to be handled dynamically as just a regular error.With the main point of Rust being safety, there is no way I will ever
accept “panic dynamically” (whether due to out-of-memory or due to
anything else - I also reacted to the “floating point use causes
dynamic panics”) as a feature in the Rust model.Linus
https://lkml.org/lkml/2021/4/14/1099
This thread was posted by one of our members via one of our news source trackers.
First Post!

bot
Corresponding tweet for this thread:
Share link for this tweet.
Popular Linux topics










Other popular topics









Latest in Blogs/Talks
Latest (all)
Categories:
Popular Portals
- /elixir
- /rust
- /wasm
- /ruby
- /erlang
- /phoenix
- /keyboards
- /js
- /rails
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /java
- /haskell
- /emacs
- /svelte
- /onivim
- /typescript
- /crystal
- /c-plus-plus
- /tailwind
- /kotlin
- /gleam
- /react
- /flutter
- /elm
- /ocaml
- /vscode
- /opensuse
- /ash
- /centos
- /php
- /deepseek
- /zig
- /scala
- /html
- /debian
- /nixos
- /lisp
- /agda
- /sublime-text
- /textmate
- /react-native
- /kubuntu
- /arch-linux
- /revery
- /ubuntu
- /manjaro
- /django
- /spring
- /diversity
- /nodejs
- /lua
- /julia
- /c
- /slackware
- /neovim