The Linux kernel community is embroiled in a heated debate over the integration of Rust code, with contributors clashing over safety benefits, maintainability challenges, and the potential risks of a multi-language codebase.
The discussion, sparked by a policy document published by Rust for Linux lead developer Miguel Ojeda, highlights growing tensions between advocates of memory-safe Rust and defenders of the kernel’s decades-old C foundations.
Ojeda published a document outlining guidelines for Rust adoption. The draft emphasises that subsystems may opt out of Rust for “bandwidth reasons,” but Christoph Hellwig – a veteran kernel developer – immediately challenged its validity.
“I don’t think having a web page in any form is useful. If you want It to be valid it has to be in the kernel tree and widely agreed on,” Hellwig argued, while accusing the document of factual inaccuracies.
Hellwig cited private conversations where Linus Torvalds allegedly vowed to override maintainers’ objections to Rust code—a claim Ojeda acknowledged but downplayed, stating such overrides are rare and not unique to Rust.
Technical concerns: Bindings and maintenance
Hellwig criticised Rust’s kernel bindings as “nothing like idiomatic Rust,” warning they could “creep everywhere like a cancer” and fragment the codebase. He questioned the long-term viability of mixing C and Rust, fearing endless rewrites between languages and strained maintainer resources.
Jarkko Sakkinen echoed concerns about the process, stressing that Rust patches lack clear testing guidelines.
“Here’s one observation from DMA patches: there was no test payload,” commented Sakkinen. “AFAIK that alone should lead into an automatic and non-opinionated NAK.”
Rust could reduce bugs in Linux while improving memory safety
Proponents, including Greg KH, countered that Rust eliminates entire classes of bugs plaguing C code:
“The majority of bugs (quantity, not quality/severity) we have are due to the stupid little corner cases in C that are totally gone in Rust. Things like simple overwrites of memory (not that Rust can catch all of these by far), error path cleanups, forgetting to check error values, and use-after-free mistakes.
That’s why I’m wanting to see Rust get into the kernel, these types of issues just go away, allowing developers and maintainers more time to focus on the REAL bugs that happen (i.e. logic issues, race conditions, etc.)”
Steven Rostedt highlighted data showing exponential vulnerability reductions in projects like Android after adopting Rust. “I do feel that new drivers written in Rust would help with the vulnerabilities that new drivers usually add to the kernel,” he argued.
Practical barriers and maintainer burnout
Developers also emphasised practical barriers to Rust adoption.
Sakkinen noted setup complexities, lamenting that documentation focuses on host-level tools rather than cross-compilation workflows for BuildRoot or Yocto. “If I got a Rust patch for review cycle, I would not have any idea what to do with it,” he said.
Laurent Pinchart and Lyude Paul raised concerns about maintainer burnout, citing the monumental task of redesigning APIs like V4L2’s lifetime management for Rust compatibility.
Hellwig, meanwhile, bluntly warned that maintainers might abandon the kernel over Rust’s added complexity.
“Dealing with an uncontrolled multi-language codebase is a pretty sure way to get me to spend my spare time on something else,” said Hellwig. “I’ve heard a few other folks mumble something similar, but not everyone is quite as outspoken.”
Rust for Linux: An ongoing debate
Ojeda reiterated the benefits of adoption outweigh short-term pains and that, ultimately, “Rust is worth the tradeoffs for Linux.”
Kees Cook framed the goal as “better code quality,” accelerating development by reducing debugging. However, Hellwig demanded transparency, accusing Torvalds of hiding behind “experiment” rhetoric while forcing Rust onto subsystems.
The heated debate underscores a pivotal moment for the kernel. While Rust offers compelling safety advantages, its integration hinges on addressing tooling gaps, easing maintainer burdens, and fostering consensus—a challenge as complex as the kernel itself.
See also: Rust 1.85.0 released, 2024 Edition stabilised
Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo, AI & Big Data Expo, Cyber Security & Cloud Expo, and other leading events.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
