During the “Linux Plumbers 2022” conference that was ongoing these days, a Western Digital engineer gave a presentation on the development of a controller experimental for SSD NVM-Express (NVMe) written in Rust and running at the Linux kernel level.
Despite that the project is still in an early stage of development, the tests carried out showed that the performance of the Rust NVMe driver corresponds to the NVMe driver written in C in the kernel.
I'm Matthew Wilcox, I'm one of the authors of the NVMe spec, I was the one who suggested I make an NVMe driver to demonstrate the value of Rust. It has been successful beyond my wildest expectations.
Regarding the report presented the current NVMe C driver is said to be fully satisfactory for developers, but the NVMe subsystem is a good platform to explore the feasibility of developing drivers in Rust, as it is quite simple, widely used, has high performance requirements, has a proven reference implementation for comparison, and supports various interfaces ( dev, pci, dma, blk-mq, gendisk, sysfs).
It is observed that the Rust PCI NVMe driver already provides the necessary functionality for operation, but it is not yet ready for widespread use, as it requires separate enhancements.
Plans for the future include getting rid of existing insecure blocks, support to remove the device and download the driver, support sysfs interface, implement lazy initialization, create a controller for blk-mq, and experiment with an asynchronous programming model for queue_rq.
Furthermore, we can point the experiments carried out by the NCC Group to develop controllers in the Rust language for the FreeBSD kernel. As an example, a simple echo controller that returns data written to the /dev/rustmodule. In the next phase of experimentation, the NCC Group is considering reworking core core components in Rust to improve the security of network and file operations.
That said, although it has been shown that it is possible to create simple modules in Rust, tighter integration of Rust into the FreeBSD kernel will require additional work.
For example, he mentions the need to create a set of abstraction layers over kernel subsystems and structures, similar to the plugins prepared by the Rust project for Linux. In the future, we plan to perform similar experiments with the Illumos core and highlight common abstractions in Rust that could be used in drivers written by Rust for Linux, BSD, and Illumos.
According to Microsoft and Google, around 70% of vulnerabilities in their software products are due to insecure memory management.
Using the Rust language is supposed to reduce the risk of vulnerabilities caused by insecure memory handling and will eliminate the occurrence of errors such as accessing an area of memory after it has been freed and buffer overflow.
Memory safety is provided in Rust at compile time by checking references, tracking object ownership, and object lifetime (scope), as well as by evaluating the correctness of memory access during the execution of the code.
Rust also provides integer overflow protection, requires variables to be initialized before use, better handles errors in the standard library, enforces the concept of immutable variables and references by default, and offers strong static typing to minimize logical errors.
It is worth mentioning that it may be possible that future work will go hand in hand with the work that Miguel Ojeda has presented on his "Rust for Linux" drivers, which have been presented as a series of patches.
Finally if you are interested in knowing more about it, you can check the details in the following link.