Will there be performance and security improvements?
Memory safety would be the main advantage.
It’s a better, more modern language in general. It has way better tooling (better, more user friendly compiler, better package manager), really good set of modern features (null-safety, good error handling, type-classes, algebraic types), it’s easier to modularize your code (workspaces, modules). Rust does a lot of things right and is fun to work with. That’s why it’s the most liked language overall. It’s not hype, it really is that good. It will just make working on the kernel easier. And on top of that it offers some memory safety and concurrency features.
P.S. I forgot about amazing documentation. Again, way better then what you can find for C.
P.P.S Zero cost abstractions.
The “tooling” argument is kind of backwards when we’re in the kernel. The package manager is not allowed to be used. Even the standard library is not allowed to be used. Writing code free of the standard library is kind of new in the Rust world and getting compiler support for it has been one of the major efforts to get Rust into the kernel. Needless to say tools around no-stdlib isn’t as robust as in the user world.
Not true, you can use cargo to build Linux drivers: https://github.com/not-matthias/kernel-driver-with-rust/blob/master/Cargo.toml
I’ve been watching Asahi Lina develop a big GPU driver for Apple silicon and development was so much faster because a whole category of bugs were largely absent once the code compiled, and memory issues are notoriously difficult to fix. Also error handling is easier and much cleaner.
Security? Probably. I wouldn’t expect any measurable improvements to performance but the with compiler being able to do more checks it might enable some clever optimization trickery that would be harder to maintain in C.
Still, Rust on the kernel probably won’t leave the realm of drivers any time soon, so it all depends on if you have the hardware that will use a driver written in Rust.
Memory safety is likely to prevent a lot of bugs. Not necessarily in the kernel proper, I honestly don’t see it being used widely there for a while.
In third party drivers is where I see the largest benefit; there are plenty of manufacturers who will build a shitty driver for their device, say that it targets Linux 4.19, and then never support/update it. I have seen quite a few third party drivers for my work and I am not impressed; security flaws, memory leaks, disabling of sensible warnings. Having future drivers written in rust would force these companies to build a working driver that didn’t require months of trawling through to fix issues.
Now that I think about it, in 10 years I’ll probably be complaining about massive unsafe blocks everywhere…
