What is wrong with the commenters on Phoronix? There seem to be a bunch of old dudes who can’t accept that C is unsafe and no amount of “skill” will prevent it from being unsafe. They look at 3 decades of unsafe C with thousands of CVEs and still think it’s a skill issue.
If you think the comments about Rust are bad, you should check out any article about X11/Wayland or systemd.
Yeah, I don’t understand the wayland and systemd hate. Personally, the alternatives are worse in many areas. managing services before systemd was terrible and I’m very happy it’s here. Making services depend on magic comments is a terrible system IMO. Can’t remember if that’s upstart or rinit or whatever.
Wayland hate I at least understand. Their security model makes it not a 1:1 replacement for X11 yet, but that’s what it’s marketed as.
Old NVIDIA gpu here. Wayland is still completely broken for me. I shouldn’t have to buy specific hardware to make my Linux work.
Learning that the hard way 😂
I love C and C++ and I talk to someone else who does (comp sci grad) but he’s hugely biased against rust and says shit like “rust is cringe it has training wheels, just be good at C”
it’s like a weird tech anti-intellectualism
It’s just elitism. They think because they’ve suffered to learn C and have learned all the footguns of the language that they are smarter than people who haven’t, so they see anything higher level than C as being a baby language for babies. 30 years ago I’m sure there was the equivalent of people who exclusively worked in assembly who thought the same about C programmers.
Technically, it is a skill issue though, but requires borderline perfection to achieve safe code. It’s still a bad argument and detracts from progress in an area where it’s sorely needed. Correct me if I’m wrong, but my understanding is that everything unsafe is because the logic used left something exposed where rust has rules in the language the prevents those had coding practices. C is inherently unsafe, it just doesn’t have built in safe guards to keep the dev from using it wrong.
Technically, it is a skill issue though, but requires borderline perfection to achieve safe code
If near perfection is the minimum to achieve a goal, then it can’t be a skill issue, IMO. But I agree with the rest. It’s a terrible argument that keeps getting repeated, not only for C but many other places in the tech world.
Well performance is important and Rust is fast on paper afaik but idk how it works in real use cases. I don’t remember seeing performance benefits on Rust compared to other languages that are not C.
There’s a paper about this and with C as the baseline, Rust was 4% slower for the specific tests they ran.
In these tests, Rust is actually faster than C sometimes.
So it really does depend on the workload. However, the safety that rust provides cannot be understated. It’s easy to cut corners like in C, but it’s difficult to do it right. Rust provides the closest result of right and fast.
I find this headline incredibly misleading. Proper non-trivial Rust drivers already exist in the kernel. The entire Apple graphical stack for the ARM M-series SoCs is written in Rust, and it’s beyond excellent
I’m not sure it’s mainline yet? It may just be part of the Asahi project. From my understanding, they are being developed out of tree and will be merged/submitted later.
… depending on what you want to do.
Anything useful is still “unsafe.”
Anything useful is still “unsafe.”
So you take care with the bits that have to deal with C, just like you have to with C code itself, and then all the rest of your code is still safe by default. Still a net improvement, yes?
In a driver, there’s a lot more than just C and hardware interaction. You also have to deal with:
Concurrency and Synchronization – Managing locks, spinlocks, atomic operations, and ensuring safe access to shared resources.
Memory Management – Allocating kernel memory safely, handling DMA buffers, and avoiding memory leaks or invalid accesses.
Interrupt Handling – Dealing with IRQs, deferring work using tasklets, workqueues, or bottom halves.
State Management – Handling suspend, resume, and power states efficiently.
Error Handling and Recovery – Ensuring robustness in the presence of hardware failures or unexpected states.
Device Trees and ACPI – Parsing platform configuration data.
Firmware Communication – Loading and interfacing with device firmware blobs.
Kernel APIs and Subsystems – Interacting with networking, block devices, input devices, and other kernel frameworks.
Performance Optimizations – Managing cache coherency, NUMA awareness, and latency-sensitive operations.
Security Considerations – Preventing privilege escalation, ensuring safe user-space interaction, and sandboxing where applicable.
Yes, interfacing with hardware often requires unsafe Rust or C, but a lot of driver logic isn’t directly interacting with raw hardware registers. Rust can help improve safety in many of these areas by reducing common C pitfalls like use-after-free, null dereferences, and buffer overflows.
