Linux 7.2 Introducing The Rust Zerocopy Library To Eliminate More "Unsafe" Code
Miguel Ojeda already mailed in the many Rust code changes for the in-development Linux 7.2 kernel. This is quite a big Rust code with more than forty thousand new lines of Rust code in the kernel.
The Rust changes are so big this cycle since they are pulling in the "zerocopy" library to allow eliminating some additional "unsafe" Rust code elements within the kernel. The Rust pull request explains of integrating the Zerocopy code:
Beyond pulling in Zerocopy to improve dealing with "unsafe" code around conversions, the Rust code for Linux 7.2 also adds support for AutoFDO. The Rust kernel code can now benefit from Automatic Feedback Directed Optimizations by the compiler to yield better performance. With the Rust Binder code was around a 13% performance difference.
There is also Rust support for software tag-based Kernel Address Sanitizer (KASAN), support for the upcoming Rust 1.98 release, and other improvements.
The full set of Rust feature changes submitted for the Linux 7.2 merge window can be found via this pull request.
The Rust changes are so big this cycle since they are pulling in the "zerocopy" library to allow eliminating some additional "unsafe" Rust code elements within the kernel. The Rust pull request explains of integrating the Zerocopy code:
"Introduce support for the 'zerocopy' library:
Fast, safe, compile error. Pick two.
Zerocopy makes zero-cost memory manipulation effortless. We write `unsafe` so you don't have to.
It essentially provides derivable traits (e.g. 'FromBytes') and macros (e.g. 'transmute!') for safely converting between byte sequences and other types. Having such support allows us to remove some 'unsafe' code.
It is among the most downloaded Rust crates and it is also used by the Rust compiler itself.
It is licensed under "BSD-2-Clause OR Apache-2.0 OR MIT".
The crates are imported essentially as-is (only +2/-3 lines needed to be adapted), plus SPDX identifiers. Upstream has since added the SPDX identifiers as well as one of the tweaks at my request, thus reducing our future diffs on updates -- I keep the details in one of our usual live lists.
In total, it is about ~39k lines added, ~32k without counting 'benches/' which are just for documentation purposes.
The series includes a few Kbuild and rust-analyzer improvements and an example patch using it in Nova, removing one 'unsafe impl'.
I checked that the codegen of an isolated example function (similar to the Nova patch on top) is essentially identical. It also turns out that (for that particular case) the 'zerocopy' version, even with 'debug-assertions' enabled, has no remaining panics, unlike a few in the current code (since the compiler can prove the remaining 'ub_checks' statically).
So their "fast, safe" does indeed check out -- at least in that case."
Beyond pulling in Zerocopy to improve dealing with "unsafe" code around conversions, the Rust code for Linux 7.2 also adds support for AutoFDO. The Rust kernel code can now benefit from Automatic Feedback Directed Optimizations by the compiler to yield better performance. With the Rust Binder code was around a 13% performance difference.
There is also Rust support for software tag-based Kernel Address Sanitizer (KASAN), support for the upcoming Rust 1.98 release, and other improvements.
The full set of Rust feature changes submitted for the Linux 7.2 merge window can be found via this pull request.