web analytics

Rust vs. C — Linux’s Uncivil War – Source: securityboulevard.com

rust-vs-c-—-linux’s-uncivil-war-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Richi Jennings

A crab on a rock in CubaMemory safety: Good. Cheese  motion:  Bad.

The big debate over using Rust in the Linux kernel continues. After one of Linus Torvalds’ ALL CAPS interventions last week, kernel 2IC Greg Kroah-Hartman wades in with a please-and-thank-you follow-up.

In case we were in any doubt, it’s now clear the memory-safe language is really happening in the Linux kernel. In today’s SB  Blogwatch, we walk off sideways.

Your humble blog­watcher curated these bloggy bits for your enter­tain­ment. Not to mention:  2024?

Kernel Panic in the Rust Belt

What’s the craic? Michael Larabel reports: Compelling Case For New Linux Kernel Drivers To Be Written In Rust

Rust rather than C
The debate over the Linux kernel’s Rust programming language policy continues. While some kernel maintainers are against it, Linus Torvalds has reportedly said he would override maintainers that may be against honoring Rust.

Greg Kroah-Hartman has also been a big proponent of Rust kernel code. He’s crafted another Linux kernel mailing list post … outlining the benefits of Rust and encouraging new kernel code/drivers to be in Rust rather than C.

Techstrong Gang Youtube

AWS Hub

What’s going on? Thomas Claburn explains: Linux royalty backs adoption of Rust

Grandstanding
In case you came in late, Rust was added to the Linux kernel in 2022 because it allows better memory safety than C. … The majority of serious bugs and vulnerabilities in large codebases arise from memory safety errors, which could or should be avoided by using memory-safe languages and tooling. … Rust isn’t a silver bullet that will magically solve all problems. But it will help.

Some Linux kernel maintainers remain unconvinced that adding Rust code to the open source project is a good idea. [This is] the latest in a spat which began last month when a proposed patch to allow Rust-written device drivers to call the primarily C-based kernel’s core DMA API was challenged by kernel maintainer Christoph Hellwig, [who] likened maintaining a multi-language codebase to cancer.

The ensuing argument prompted Hector Martin, then project lead of Asahi Linux, to demand that Linus Torvalds decide whether the patch would be pulled into the kernel or not. Torvalds eventually responded by … scolding Martin for grandstanding on social media about the issue. Martin later quit.

Boys and their toys? Thorsten Leemhuis is lost in translation: An attempt at analysis

Big consequences
Torvalds is not alone in his backing: This is shown by statements from many central Linux developers mentioned by Rust-for-Linux maintainer Miguel Ojeda. … Greg Kroah-Hartman also recently spoke out strongly in favor of Rust and recently included Rust interfaces himself in a new Kernel feature.

[But] established kernel developers and maintainers are taking a very close look at what they are bringing into the nest, in their usual way—in small, manageable steps in each area. This takes time and will also lead to disputes. [But] this is quite normal when developing complex software with thousands of developers and modifications with big consequences.

Horse’s mouth? Greg Kroah-Hartman:

The majority of bugs (quantity, not quality/severity) we have are due to the stupid little corner cases in C that are totally gone in Rust.

I’m not saying that Rust has no … issues, I’m saying that a huge majority of the stupid things we do in C just don’t happen in the same code implemented in Rust (i.e., memory leaks, error path cleanups, return value checking, etc.) So, … let’s make different types of errors in the future, not continue to make the same ones we should have learned from already, please.

Strong argument. zubspace thinks it’s an interesting discussion:

It’s an interesting discussion. There’s always a divide when you slowly migrate from one thing to another. What makes this interesting is that the difference between C code and Rust code is not something you can just ignore. You will lose developers who simply don’t want or can spend the time to get into the intricacies of a new language. And you will temporarily have a codebase where 2 worlds collide. I wonder how in retrospect they will think about the decisions they made today.

Some C diehards are Luddites. But Taircron just doesn’t get it:

I just don’t get it. I’m an embedded dev. I’m disturbingly fluent in C, and barely fluent in Rust. [But even] I know Rust is the future.

It’s just a question of how long until everything … shall be in Rust. There’s no reason any modern dev team should be allowing themselves the risks that Rust protects against. Yes, there’ll be a learning curve, and no, we can’t throw out the existing millions of lines of C. But why would anyone think continuing with C forever is a valid option?

But is Rust the best way to get there from here? jake calls some sort of transition “inevitable:”

There is no doubt … that eventually, C will no longer be used as the language for the Linux kernel. … However, I have many doubts that Rust is the language that will be the one to take the place of C. If Rust is truly better than C for kernel work, Rust will take over as kernel coders spread the news. That’s how it works. The best, most efficient code wins. That’s how it has always worked in the 60ish years I’ve been coding in the free software world.

What it’ll take is a major paradigm shift in programming that [the] vast majority of kernel coders can get behind. My gut feeling is that the seeds of this new way of looking at programming haven’t even been planted as yet. … I’ll bet that the bulk of the Linux kernel will probably still be coded in C long after I am gone.

A bad worker blames their tools, though? david.emery thinks there’s more to it than that:

Language counts! … Sure, the expert programmer can produce fault-free C or C++. It takes a lot more than understanding just the language semantics; there’s a lot of experience and “do it this way, don’t do it that way” that programmers need to learn—usually the hard way. … As a profession, I don’t think we learn from our mistakes, in large part because we often won’t admit the mistakes in the first place.

Meanwhile, johnsonwax cuts to the chase:

So many of these arguments seem to boil down to ‘I know every dusty corner of C needed to ensure contributed code is memory safe,’ — knowledge they spent decades accruing and which Rust overnight makes useless. It’s a huge loss of expertise status, and that ultimately becomes the driving motivation. Seen it many times in my career. … I’ve seen entire institutions blocked from moving forward because you had some of these people in key places.

And Finally:

Dude can’t sing, but it is funny

Hat tip: stmw

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weird­est web­sites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past per­formance is no guar­antee of future results. Do not stare into laser with re­maining eye. E&OE. 30.

Image sauce: Chandler Cruttenden (via Unsplash; leveled and cropped)

Recent Articles By Author

Original Post URL: https://securityboulevard.com/2025/02/rust-linux-war-richixbw/

Category & Tags: Application Security,Cloud Security,Cybersecurity,DevOps,Endpoint,Featured,Governance, Risk & Compliance,Humor,Industry Spotlight,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,Threats & Breaches,Vulnerabilities,Christoph Hellwig,Greg Kroah-Hartman,Hector Martin,Linus Torvalds,Linux,memory exploit,memory safe,memory safe language,rust,Rust adoption,Rust Programming Language,SB Blogwatch – Application Security,Cloud Security,Cybersecurity,DevOps,Endpoint,Featured,Governance, Risk & Compliance,Humor,Industry Spotlight,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,Threats & Breaches,Vulnerabilities,Christoph Hellwig,Greg Kroah-Hartman,Hector Martin,Linus Torvalds,Linux,memory exploit,memory safe,memory safe language,rust,Rust adoption,Rust Programming Language,SB Blogwatch

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos