Rust will save Linux from AI, says Greg Kroah-Hartman

["At the Rust Week conference in Utrecht, Netherlands, Linux stable kernel maintainer Greg Kroah-Hartman made a bold statement: 'I'm here to talk about untrusted data and Linux, and how Rust is going to save us.' After 'a long month or two on the kernel security list,' he pushed that point even further: 'I'm going to make even a bolder statement and say, 'You are going to save Linux.' Sorry, it's all on you.'", "Kroah-Hartman was referring to the sudden flood of serious Linux security holes being discovered, such as Dirty Frag, Copy Fail, and Fragnesia, that have come to light thanks to the latest AI bug-detection programs. As a result, the kernel team is now issuing '13 CVEs [Common Vulnerabilities and Exposures] a day, or something, something crazy.' He thinks Rust is one of the few realistic ways to slash the class of bugs that come from C's traditional error-handling and resource-management pitfalls.", "Kroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where 'we forgot to unlock' in an error path. 'The majority of the bugs in the kernel are this tiny, minor stuff,' he explained.

'Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C.

This is why we don't like it.'", "Kroah-Hartman argued that the 'best beauty of Rust' is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: 'The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy.

You just can't write code to access these values...without grabbing the lock. The compiler will not let you.'", "Those properties, he argued, directly remove a huge fraction of the bugs he sees: 'This is going to save us those two things. First, 60% of the bugs in the kernel right there, they're gone.

Thank you.' The payoff is earlier, more automated enforcement: 'If this happens at build time, not review time, don't make me a maintainer who has to read your code [and] say, 'Oh, then you properly check that error value. Oh, did you properly grab the locks in the right spot?' Rust gives us that for free. This is the best thing ever.'", "Even if Rust vanished tomorrow, Kroah-Hartman argued, it has already forced the kernel to clean up C code and interfaces.

He credited Rust's influence outright: 'We stole this from Rust. Thank you. It's a good idea, so if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas.