Skip to content

In-Kernel Rust

Imported from _research/manual-study-linux/rust-kernel-layer.md.

In-Kernel Rust

Status: implemented source-backed volume.

Source Surface

  • rust/kernel/lib.rs: kernel Rust crate root and exposed module surface.
  • rust/kernel/sync/arc.rs: reference-counted ownership wrapper.
  • rust/kernel/task.rs: task wrapper and current-task access.
  • Additional Rust API surface under rust/kernel/*: allocation, device, driver, fs, init, error, sync, lists, rbtree, and helpers.
  • Documentation/process/coding-assistants.rst: policy constraints for AI assistant involvement.

Architecture Role

The Rust layer is not a second kernel. It is a safer API membrane over kernel facilities. It exposes selected abstractions while preserving Linux’s existing contracts for allocation, reference counts, pinning, tasks, devices, files, and error codes.

rust/kernel/lib.rs is the module gate. The presence of sync/arc.rs, task.rs, device.rs, driver.rs, fs.rs, alloc.rs, init.rs, and error.rs shows the direction: Rust code gets typed wrappers around existing kernel concepts instead of copying C subsystem implementations.

Ownership Model

The Rust layer is strongest where it turns conventions into types:

  • Refcounted kernel objects become wrappers such as Arc-style types.
  • Current task access is mediated through a wrapper rather than raw global pointer use.
  • Allocation and error paths can use Rust result types while preserving kernel errno semantics.
  • Initialization APIs can encode pinned/in-place construction requirements.

Boundary Limits

Rust does not remove the need to understand Linux contracts. It can encode many ownership and lifetime rules, but it cannot automatically prove every RCU, interrupt-context, lock-ordering, or memory-barrier rule. Those remain API design obligations.

Translation Pattern

For every C subsystem studied in this dossier, the Rust target should ask:

  1. What object owns lifetime?
  2. Which references are borrowed, refcounted, pinned, or RCU-protected?
  3. What operations can sleep?
  4. Which functions require locks or specific execution context?
  5. Where must unsafe code exist?
  6. Can the public API force the safe order?

AI-Native Translation

The in-kernel Rust layer is also a useful AI boundary. If agents are allowed to generate or modify low-level code, the safe target is a constrained API layer with explicit invariants, not arbitrary edits to raw subsystem internals.

  • file-notes/linux__rust__kernel__lib.rs.md
  • file-notes/linux__rust__kernel__sync__arc.rs.md
  • file-notes/linux__rust__kernel__task.rs.md
  • file-notes/linux__Documentation__process__coding-assistants.rst.md