this post was submitted on 03 Sep 2024
422 points (97.3% liked)

Linux

48697 readers
1718 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Linux people doing Linux things, it seems.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 163 points 3 months ago* (last edited 3 months ago) (34 children)

Here's the thing: you're not going to force all of us to learn Rust.

That's precious coming from Linux developers.

I am a heavy Linux user. I run multiple microservices on multiple headless devices all Linux.

This sounds like every fucking Windows user you'll ever encounter.

"Here's the thing: you're not going to force all of us to learn to use Linux."

So, yeah...

[–] [email protected] 57 points 3 months ago

It's just their ego showing through.

It basically now comes down to the current devs depending on new Rust devs for anything that interacts with Rust code.

They could just work together with Rust devs to solve any issues (API for example).

But their ego doesn't allow for it. They want to do everything by themselves because that's how it always was (up until now).

Sure, you could say it's more efficient to work on things alone for some people, and I'd agree here, but realistically that's not going to matter because the most interactivity that exists (at the moment) between Rust and C in Linux is... the API. Something that they touch up on once in a while. Once it's solid enough, they don't have to touch it anymore at all.

This is a completely new challenge that the Linux devs are facing now after a new language has been introduced. It was tried before, but now it's been approved. The only person they should be mad at is Linus, not the Rust devs.

[–] [email protected] 56 points 3 months ago (2 children)

I finally watched the talk today and that wasn't what I thought he meant. What I thought he was getting at was that the rust parts of the kernel interact with lots of other modules written by people who don't know rust. When those C modules change their semantics in ways that break the rust code, they can't go fix it because they don't know rust. In fact, whenever they make a change, they don't even know if they broke some rust module, because they don't understand the rust code well enough. And this is something that everyone is going to have to live with for the foreseeable future, because you can't force all those other kernel hackers to learn rust.

load more comments (2 replies)
load more comments (32 replies)
[–] [email protected] 79 points 3 months ago* (last edited 3 months ago) (1 children)

"It’s herding cats: introducing Rust effectively is one part coding work and ninety-nine parts political work..."

All software development in a team is. More like 20/80 or 40/60 if you're lucky.

[–] [email protected] 86 points 3 months ago (22 children)

Except in this case, it was a bunch of old C devs who aren't just resistant but openly hostile to change, and they'd rather bully people into silence than try to progress.

[–] [email protected] 58 points 3 months ago (17 children)

Here's what I think. Both opinions are correct.

Rust is sufficiently different that you cannot expect C developers to learn rust to the level they have mastered C in order to be working at the kernel level. It's not going to happen.

I don't really know too much about rust. Maybe one day I'll actually mess around with it. But the one time I looked at a rust git repo I couldn't even find where the code to do a thing was. It's just different enough to be problematic that way.

So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don't want to learn a new language in order to help isn't going to make many friends on that team.

[–] [email protected] 58 points 3 months ago* (last edited 3 months ago) (11 children)

But that's the thing where you are wrong. They clearly state they don't want C developers to learn Rust. In the particular video posted he was saying "I want you to explain to me how this particular API works so that I can do it"

The concerns about who fixes what on a merge when the C code breaks Rust code are valid, but that's easily fixed by gathering with the Rust developers, explaining the changes and letting them fix it.

load more comments (11 replies)
[–] [email protected] 22 points 3 months ago (5 children)

But the one time I looked at a rust git repo I couldn't even find where the code to do a thing was.

IMO that tells more about how the project was organized and names things than the language used.

So I think probably, the best way IS to go the way linus did. Just go ahead and write a very basic working kernel in rust. If the project is popular it will gain momentum.

As the other commenter pointed out, there's Redox. The issue is that this completly disregards an incremental approach: you have to rewrite everything before it comes usable, you can't do it piece by piece. Currently the approach of Rust for Linux is not even to rewrite things, but to allow writing new drivers in Rust.

Trying to slowly adapt parts of the kernel to rust and then complain when long term C developers don't want to learn a new language in order to help isn't going to make many friends on that team.

Have you seen the conference video? That's not just refusal to learn a new language, it's open hostility. And it's not the only instance, for example Asahi Lina also reported unreasonable behaviour by some maintainers just because she wrote Rust code, even when Rust was not involved.

load more comments (5 replies)
[–] technotony 16 points 3 months ago (4 children)

RedoxOS! There's been solid progress too, beyond just having a functional microkernel, they have many of the userspace tools/their version of coreutils, even a desktop environment already mostly implemented!

My understanding is that it shouldn't be too bad to port some other things over as well. The main issue I had was just the lack of drivers, especially since it's still tricky even on Linux, and the microkernel architecture (though more secure) also means there's no way to reuse any of those from Linux

load more comments (4 replies)
[–] [email protected] 14 points 3 months ago* (last edited 3 months ago) (4 children)

Good news there's a project that aims to implement Unix in Rust called Redox and it's already a good enough project for studying microkernel design

load more comments (4 replies)
load more comments (13 replies)
[–] [email protected] 50 points 3 months ago* (last edited 3 months ago) (10 children)

part of the problem is that old-time kernel developers are used to C and don't know Rust," Torvalds said. "They're not exactly excited about having to learn a new language that is, in some respects, very different. So there's been some pushback on Rust."

Linus hit the nail on the head. If you've been a Kernel dev for a decade or more, and have spent decades learning the ins and outs of C, why would you want to switch to something that is similar, but different in a lot of ways, just because a small subset of devs think it's the best way forward? Let them handle Rust and the majority of devs will keep using C, even though Rust is objectively better.

As one of the other quotes suggested: fork the kernel project and rewrite it entirely in Rust, that way there isn't any push back from the C devs. Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it's running or being used every day.

[–] [email protected] 100 points 3 months ago* (last edited 3 months ago) (6 children)

This specific talk was about defining shared common interfaces so these different groups could work together and the guy who actually talked him into stepping down essentially said "I'm gonna keep writing C and if that breaks your rust stuff that's not my problem". This isn't about convincing the c devs to write rust it's about convincing them to work together when some of them seem to have made up their mind to sabotage rust support (either through indifference or willful interface regressions). Personally I'm more ashamed what this points to for someone new wanting to come in contribute to Linux.

load more comments (6 replies)
[–] [email protected] 26 points 3 months ago (1 children)

As one of the other quotes suggested: fork the kernel project and rewrite it entirely in Rust

That's not practically possible given the scale of the kernel. And doing a total rewrite is almost always a recipe for getting stuck and, if you ever create anything, creating something worse.

Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it's running or being used every day.

Almost all real-world software development is like this. That's what we do.

load more comments (1 replies)
[–] [email protected] 25 points 3 months ago (4 children)

The kernel is probably too large to rewrite the whole thing at once. This could lead to a future without any new C kernel devs, leading to stagnation, while the Rust kernel could be many years away from being finished. (Assuming we actually move away from C.)

At that point you might as well just start an entirely new kernel and hope it is good enough to eventually replace the Linux one once all devs are gone. Kinda the X11 and wayland thing.

[–] [email protected] 17 points 3 months ago

You can very safely remove the "probably" from your first sentence.

load more comments (3 replies)
[–] [email protected] 23 points 3 months ago (2 children)

It blows my mind that Linus is just so darn based all the time. That guy has a good take on like every issue.

load more comments (2 replies)
[–] [email protected] 18 points 3 months ago (2 children)

Replacing C with Rust in the upstream kernel is akin to replacing the engine in a car while it's running or being used every day.

That's in no way what's been proposed. Rust is used in a very well defined niche, nobody wants to get rid of C.

But it's just that sentiment that got us here, you're arguing against a non-existent threat, and thus reject the whole proposal.

load more comments (2 replies)
[–] [email protected] 16 points 3 months ago (9 children)

even though Rust is objectively better.

In some of its characteristics, Rust is certainly a good language. The borrow checker, however, still haunts my restless dreams today.

[–] [email protected] 32 points 3 months ago

The borrow checker is exactly what the kernel needs.

load more comments (8 replies)
load more comments (4 replies)
[–] nyan 39 points 3 months ago (4 children)

One detail about Rust in the kernel that often gets overlooked: the Linux kernel supports arches to which Rust has never been ported. Most of these are marginal (hppa, alpha, m68k—itanium was also on this list), but there are people out there who still use them and may be concerned about their future. As long as Rust remains in device drivers only this isn't a major issue, but if it penetrates further into the kernel, these arches will have to be desupported.

(Gentoo has a special profile "feature" called "wd40" for these arches, which is how I was aware of their lack of Rust support. It's interesting to look at the number and types of packages it masks. Lotta python there, and it looks like gnome is effectively a no-go.)

[–] [email protected] 26 points 3 months ago (1 children)

It seems like gcc rust would pretty much fix that issue, since soon gcc will be able to compile rust for any architecture gcc supports.

load more comments (1 replies)
[–] mindbleach 15 points 3 months ago (1 children)

wd40

We are all such dorks.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 36 points 3 months ago (2 children)

i wonder if theres a goose farm in his future

[–] [email protected] 32 points 3 months ago (5 children)

Ted is the maintainer of ext4 and there are not many people in the world who understand this code.

For Rust to succeed, it has to get the subsystem maintainers to agree. It is going to be many years of petting very angry bobcats...

And that is not even the worst I've heard, makes you a bit numb if you follow LKML.

[–] [email protected] 14 points 3 months ago (1 children)

not many people in the world who understand this code.

Kinda sounds like maybe he writes some freaky garbo C that nobody can figure out 😅

load more comments (1 replies)
load more comments (4 replies)
load more comments (1 replies)
[–] [email protected] 15 points 3 months ago (1 children)

Adding rust to a massive mature C project that targets lots of architectures and has many contributors is a difficult process. If it succeeds it is going to take a lot more time and patience.

load more comments (1 replies)
[–] [email protected] 14 points 3 months ago (11 children)

Not an expert in both the languages but I heard that C developers are trained to use memory smartly, sometimes even reuse a range of allocated memory for completely different purpose to save cycles freeing and reallocating. But for Rust developers, everything is about making sure when one should get the hand away from the memory, and whose memory is allowed to be touched.

Sounds to me like sharing rides that maximise economically but we may have some oops moments sitting on someone's laps vs absolute private rides to make sure no one in your family will be harmed but we have to make sure everyone gets a car only when needed.

It is quite interesting to see how it will work out eventually...

[–] [email protected] 24 points 3 months ago (3 children)

I heard that C developers are trained to use memory smartly

Kernel coders are an entirely different breed, and when I worked with a few of them they were just stunning. The smartest man I know on the planet so far coded on the Unix kernel -- the one that IBM forced back to Novell who'd already fired their staff after selling it, and thus shelved it and killed Unix. He is and was amazing.

So yes, I can confirm that Kernel devs know how to manage their memory -- they use very little, they allocate and free it, and they build very small, tight, optimized kernels by knowing how the optimizer will do things and how to hint it to do what they know needs to happen.

Yeah, it's a skill. Yeah, it takes skilled people. I'd like to one day find out that really big training wheels will let anyone build code that well, but I've seen the goal and I don't expect we're there yet.

Let the kernel be built by kernel devs.

[–] [email protected] 58 points 3 months ago* (last edited 3 months ago)

They are amazing but at the end of the day they are still humans and they can make mistakes. In the YouTube video referenced one of the C devs is heavily against rust.

Decided to go look for CVEs from code the guy manages (Ted Ts'o) I found these

CVE-2024-42304 — crash from undocumented function parameter invariants

CVE-2024-40955 — out of bounds read

CVE-2024-0775 — use-after-free

CVE-2023-2513 — use-after-free

CVE-2023-1252 — use-after-free

CVE-2022-1184 — use-after-free

CVE-2020-14314 — out of bounds read

CVE-2019-19447 — use-after-free

CVE-2018-10879 — use-after-free

CVE-2018-10878 — out of bounds write

CVE-2018-10881 — out of bounds read

CVE-2015-8324 — null pointer dereference

CVE-2014-8086 — race condition

CVE-2011-2493 — call function pointer in uninitialized struct

CVE-2009-0748 — null pointer dereference

Do you see a pattern in the type of error here? It's pretty much entirely memory related and right in the wheelhouse of something rust would just outright not allow short of just slapping everything into unsafe blocks.

The Old Guard is not perfect, and they are acting as a barrier to new talent coming in. Sometimes change is good and I'm heavily in the camp that rust one of those times. Linus seems to agree as he allowed the code into the kernel which he would never do lightly or just because it's fomo

[–] [email protected] 12 points 3 months ago* (last edited 3 months ago)

But on the other hand you can’t expect some smaller and smaller subset of the population to primarily just learn C and meet the criteria of a kernel dev.

I absolutely agree with all your points, and most rust devs would agree, but the general idea is that over time that energy (which would have been spent tweaking malloc and such) should be spent on the rust compiler and memory management systems, which is already magic as someone who as written a lot of c, c++, and spent the better part of a year learning rust. (I’m no expert of course, but I have a pretty decent grasp on the low level memory management of both the Linux kernel and the rust compiler).

So that over time the effort that would be spent on memory management and kernel functionality can be properly divided. Rust not being efficient somewhere in catching memory faults or managing memory? Fix it. Someone writing unsafe rust code? Fix it.

I think at the end of the day everyone wants the same thing which is a memory safe kernel, and I think that rust Is being shoehorned into kernel projects too early in places where it shouldn’t be, but I also think there is unnatural resistance to it just because it’s different elsewhere to "how it's always been done."

load more comments (1 replies)
load more comments (10 replies)
[–] [email protected] 14 points 3 months ago

IMO this has been very publicized in certain circles, and will have the effect of martyrdom. More people are going to be interested in doing this.

load more comments
view more: next ›