Re: [PATCH] docs: rust: add "The Rust experiment" section

[Andrew Lunn]

On Wed, Oct 18, 2023 at 06:41:10PM +0200, Miguel Ojeda wrote:
> On Wed, Oct 18, 2023 at 6:27 PM Andrew Lunn <andrew@xxxxxxx> wrote:
> >
> > It very unlikely end users read this document.
> 
> We can add a note to the Kconfig symbol too -- would that be OK with you?
> 
> > And that statement is
> > not limited to end users, it is true for everybody.
> 
> Agreed, but that bit is meant to emphasize that end users do not have
> a reason to use it at all (unlike kernel developers etc. from the
> previous paragraph)
> 
> > What we should be saying is that Rust for the Linux kernel in general
> > is not ready for production use. Developing drivers in Rust is
> > currently for experimentation only. Given the experimental nature of
> > the work, there is some risk Rust will never be ready for production
> > use.
> 
> The risk is that Rust gets dropped from the kernel because it is not
> used enough, not so much that there is a fundamental problem to solve
> in order to reach production.

I've talked to a small number of netdev developers, not many, but
some. The general impression i get is that it is unclear what
experimental actually means, and they have no idea what makes it not
production ready. The two are also not necessarily mutually exclusive.

To me, it appears Rust is not production ready because:

You need to disable module versioning.
You need to disable structure layout randomisation

On X86, you need to disable X86_KERNEL_IBT and RETHUNK, both of which
are part of the mitigation for speculative execution vulnerabilities

So no vendor is going to release a kernel with these disabled.

Networking also tends to be architecture independent, so production
features need to run on X86, ARM, ARM64, and to a lesser extent MIPS,
RISC-V, etc. I know this is documented, but it does not appear to be
that well known within the networking community.

Networking people also tend to be interested in endianness, does the
code work on big endian as well as little endian? Big endian is dying
out, but its not gone yet. However, with only x86 supported in
mainline today, it does not seem possible to test big endian. I assume
the rust type system will actually deal with this to a large extent?
But are developers writing abstractions which are sound with respect
to endianness?

I think it would be good to describe the experiment a bit. With a
multi year experiment, you often have short term goals and long term
goals.  What are these goals? What is the Rust for linux community
trying to prove in the next few kernel cycles? What do you consider to
be 4 or more cycles away? What do you consider not so important now
because its not needed for your short term goals? That might also help
developers understand when it will transition to production ready, but
still be experimental.

And you obviously need a disclaimer, Rust for Linux is a community,
developers are free to scratch their own itch, so things might happen
in a different order. And information like this might help get people
involved, helping solve some of the limitations, spur research into
different goals etc.

	Andrew