Linux is the poster-child for the C language. But times change. The Rust language has been slowly gathering support for use as a system language in Linux. For example, at the 2020 Linux Plumbers Conference, developers gave serious thought to using the Rust language for new Linux inline code. So, where is it today? I asked Linux's creator, Linus Torvalds, and the Linux stable kernel maintainer Greg Kroah-Hartman for their thoughts.
This isn't just a theory being pushed by Rust enthusiasts. A great deal of Rust in Linux is already being pushed out into the market. Amazon Web Services (AWS) recently released Bottlerocket Linux for containers and it has a great deal of Rust in it.
Also: The Rust programming language just took a huge step forward
Sylvestre Ledru, a Mozilla director by day and Debian Linux developer by night, has ported a Rust version of Coreutils to Linux using the LLVM compiler infrastructure and its Clang C language front-end and tooling infrastructure. Coreutils are the GNU shell core utilities. With these, Ledru has booted Linux and run the most popular Debian packages. This isn't, Ledru admits, production-ready yet, but with a lot of elbow grease, it works today. Eventually, it may replace GNU Coreutils.
Why do any of this in the first place? Rust is popular because it lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS Product Manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar.
In Linux circles, Alex Gaynor and Geoffrey Thomas at the 2019 Linux Security Summit said that about two-thirds of Linux kernel vulnerabilities come from memory safety issues. Rust, in theory, can completely avoid these by using Rust's inherently safer application programmer interfaces (API)s.
Linux developer Nelson Elhage in his summary of the Plumber's meeting on Rust in Linux, added that Linux Rust proponents aren't "proposing a rewrite of the Linux kernel into Rust; they are focused only on moving toward a world where new code may be written in Rust. The three areas of potential concern for Rust support are making use of the existing APIs in the kernel, architecture support," and dealing with application binary interface (ABI) compatibility between Rust and C.
What does Torvalds make of all this? He's in "the 'wait and see' camp -- I'm interested in the project, but I think it's driven by people who are very excited about Rust, and I want to see how it actually then ends up working in practice."
"Personally," Torvalds is "in no way "pushing" for Rust, [but] I'm open to it considering the promised advantages and avoiding some safety pitfalls, but I also know that sometimes promises don't pan out."
Torvalds thinks "Rust's primary first target seems to be drivers, simply because that's where you find just a lot of different possible targets, and you have these individual parts of the kernel that are fairly small and independent. That may not be a very interesting target to some people, but it's the obvious one."
Another point is taking on drivers first for "any initial trials to drivers is simply the architecture side," said Torvalds. "Lots of drivers are only relevant on a couple of target architectures, so the whole issue with Rust code not being supported on some architectures is less of an issue."
Kroah-Hartman agrees that "drivers are probably the first place for an attempt like this as they are the 'end leafs' of the tree of dependencies in the kernel source. They depend on core kernel functionality, but nothing depends on them."
Torvalds knows some people don't like the idea of Rust in userspace at all. "People complain[ing] about "Rustification" in userspace isn't a great sign for any future kernel use, but hey, we'll see. The kernel is different from userspace projects - more difficult in some respects (we use a lot of very odd header files that pushes the boundary of what can be called "C"), but easier in many other respects (mainly in the sense that the kernel is fairly self-contained, and then doesn't rely on other projects for the final binary)."
From where Kroah-Hartman sits, "it will all come down to how well the interaction between the kernel core structures and lifetime rules that are written in C can be mapped into Rust structures and lifetime rules for drivers in Rust to be able to use them properly. That's going to take a lot of careful work by the developers wanting to hook this all up and I wish them the best of luck."
So, while you almost certainly aren't going to be seeing Linux ported from C into Rust anytime soon, there is a lot of interest and action in bringing Rust-based userspace programs, drivers, and eventually Rust-based Linux kernels into the Linux operating system.
Stay tuned. Things are going to get very interesting in the next few years.