Rust in Linux: Fixing the Edges, Not the Core

Linus Torvalds integrated Rust support into the Linux kernel in 2022, starting with version 6.1. This wasn't a rejection of C but a shift to enhance kernel security, acknowledging that perimeter code poses significant risks. The kernel's core, written in C, is meticulously maintained, making it less prone to memory-related vulnerabilities. Kernel memory management traditionally relies on manual C functions like kmalloc and kfree due to the need for deterministic performance, making a garbage collector unsuitable. Most vulnerabilities stem from error-prone code using these allocators, particularly in device drivers and networking stacks. Rust mitigates these risks by shifting memory management responsibility from humans to the compiler through ownership and borrowing concepts. Rust offers compile-time memory safety without runtime overhead, unlike languages like Go, making it suitable for the kernel. The current implementation utilizes a hybrid model where Rust is used for new device drivers and abstractions. Existing core subsystems written in C will remain unchanged for now due to complexity and optimization. This approach allows kernel evolution toward a safer model without the massive task of rewriting the existing code.