Kangrejos 2023

The Rust support in the kernel got merged at the end of last year. This talk shows how the Rust for Linux project has grown since the last Kangrejos, both in technical terms as well as the industry support and community. It also gives a look at future steps and contains a few updates from third-party related projects.

In this talk we take a look at inlining and cross language LTO for Rust Linux kernel modules. It is common for Rust Linux kernel drivers to invoke static C functions or C macros via dedicated helper functions. With the current build system, these helpers are not inlined in the Rust code. We explore what it takes to bend the build system to inline the helper functions properly, and we quantify changes in performance for the Rust null block driver.

The pin-init API has been merged in v6.4. It provides a safe way of creating fallible in-place initializers with a pinning guarantee for the initialized objects. Thus solving the safe pinned initialization problem. This novel API allows us to remove several instances of unsafe and guarantee correct initialization. In this training I explain the basic concepts and go over certain more advanced features that have been implemented after the initial merge.

RCU is a widely-used synchronization mechanism in Linux kernel, and if Rust was to support more use cases in kernel, then RCU should be supported one way or the other.

This presentation uses "design dimensions" as a tool to describe the requirements of different RCU use cases and the abilities of Rust RCU APIs. Some cases are studies in this presentation based on the "design dimensions" tool, and hopefully they can help the RCU users in Rust on trading off between the complexity and the functionality of the Rust RCU APIs.

The unique demands of the Linux kernel often blur the lines between safety and correctness: a prime example is the potentially hazardous act of sleeping inside an atomic context. While at first glance it may seem to be merely a correctness concern, in scenarios involving an RCU read lock, it could escalate to a safety violation by leading to use-after-free issues. Addressing these concerns through safe APIs often involves runtime costs or suffer from ergonomic issues, making them less favourable for kernel work. Klint is a specialized tool that is designed to catch such violations at compile time. It aims to use simple and easy-to-understand rules to generate useful and developer-friendly diagnostics.

Coccinelle for Rust is a program matching and transformatoin tool for Rust code, based on Coccinelle (for C) that has been extensively used in the Linux kernel. Coccinelle for Rust is currently under development. In this talk, we present some examples that illustrate the already-supported features, and propose some future directions.

In C and C++, all pointers to a given object become indeterminate and invalid, respectively, as soon as that object's lifetime ends. This enables some pointer-comparison optimizations, but it also makes it difficult to write some concurrent algorithms, perhaps most notably a lock-free concurrent stack that provides only a single-element push operation and a pop-all operation.

This presentation illustrates this issue with this stack (coded in C) and a closely related stack (coded in Rust), presents some possible resolutions of this issue, and summarized recent past history.

Procedural macros are commonly used in the Rust language to make programs easier to work with. Examples include Debug and Clone, which are procedural macros themselves. However, procedural macros are still new and can be improved. kproc_macros is a project that aims to provide a simple library for writing procedural macros in the Linux kernel.

Interest around Rust support in the media subsystem has seen an uptick recently with the arrival of a first patchset. In this talk, we'll discuss the current status, planned features, and will also bring up points raised by the V4L2 maintainers during the F2F discussions at the 2023 Linux Media Summit. We'll look at possible ways to introduce Rust support to a large subsystem given some of the roadblocks presented at the Media summit, and will dive into what a sustainable maintainership model could look like for Rust abstractions.

PuzzleFS is a container filesystem designed to address the limitations of the existing OCI format. The main goals of the project are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees, some inspired by the OCIv2 design document. Reduced duplication is achieved using the content defined chunking algorithm FastCDC. This implementation allows chunks to be shared among layers. Building a new layer starting from an existing one allows reusing most of the chunks. The author will compare space usage of PuzzleFS images to traditional OCI layouts in a real-world use case, showcasing the storage savings. Another goal of the project is reproducible image builds, which is achieved by defining a canonical representation of the image format. Direct mounting support is a key feature of PuzzleFS and, together with fs-verity, it provides data integrity. Currently, puzzlefs is implemented as a userspace filesystem (FUSE). A read-only kernel filesystem driver is underway. Lastly, memory safety is critical to PuzzleFS, leading to the decision to implement it in Rust. Another goal is to share the same code between user space and kernel space in order to provide one secure implementation.