Re: [PATCH] docs: rust: add "The Rust experiment" section

[Carlos Bilbao]

On 10/20/23 10:00, Andrew Lunn wrote:
> On Wed, Oct 18, 2023 at 06:41:10PM +0200, Miguel Ojeda wrote:
> > On Wed, Oct 18, 2023 at 6:27 PM Andrew Lunn <andrew@xxxxxxx> wrote:
> > > It very unlikely end users read this document.
> >
> > We can add a note to the Kconfig symbol too -- would that be OK with you?
> >
> > > And that statement is
> > > not limited to end users, it is true for everybody.
> >
> > Agreed, but that bit is meant to emphasize that end users do not have
> > a reason to use it at all (unlike kernel developers etc. from the
> > previous paragraph)
> >
> > > What we should be saying is that Rust for the Linux kernel in general
> > > is not ready for production use. Developing drivers in Rust is
> > > currently for experimentation only. Given the experimental nature of
> > > the work, there is some risk Rust will never be ready for production
> > > use.
> >
> > The risk is that Rust gets dropped from the kernel because it is not
> > used enough, not so much that there is a fundamental problem to solve
> > in order to reach production.
>
> I've talked to a small number of netdev developers, not many, but
> some. The general impression i get is that it is unclear what
> experimental actually means, and they have no idea what makes it not
> production ready. The two are also not necessarily mutually exclusive.
>
> To me, it appears Rust is not production ready because:
>
> You need to disable module versioning.
> You need to disable structure layout randomisation
>
> On X86, you need to disable X86_KERNEL_IBT and RETHUNK, both of which
> are part of the mitigation for speculative execution vulnerabilities
>
> So no vendor is going to release a kernel with these disabled.
>
> Networking also tends to be architecture independent, so production
> features need to run on X86, ARM, ARM64, and to a lesser extent MIPS,
> RISC-V, etc. I know this is documented, but it does not appear to be
> that well known within the networking community.
>
> Networking people also tend to be interested in endianness, does the
> code work on big endian as well as little endian? Big endian is dying
> out, but its not gone yet. However, with only x86 supported in
> mainline today, it does not seem possible to test big endian. I assume
> the rust type system will actually deal with this to a large extent?
> But are developers writing abstractions which are sound with respect
> to endianness?
>
> I think it would be good to describe the experiment a bit. With a
> multi year experiment, you often have short term goals and long term
> goals.  What are these goals? What is the Rust for linux community
> trying to prove in the next few kernel cycles? What do you consider to
> be 4 or more cycles away? What do you consider not so important now
> because its not needed for your short term goals? That might also help
> developers understand when it will transition to production ready, but
> still be experimental.
>
> And you obviously need a disclaimer, Rust for Linux is a community,
> developers are free to scratch their own itch, so things might happen
> in a different order. And information like this might help get people
> involved, helping solve some of the limitations, spur research into
> different goals etc.

Points such as:

- Clarifying the definition of 'experimental' and why Rust is not yet
  considered production-ready.

- Providing insights into the short-term and long-term goals of the
  project.

- Addressing concerns related to endianness.

are indeed important aspects to consider, and documenting them would help.
But that's not what this commit is about, and the index page is the last
place to comment on such evolving topics.

> 	Andrew

Thanks,
Carlos