In-Kernel Rust
Imported from
_research/manual-study-linux/rust-kernel-layer.md.
In-Kernel Rust
Status: implemented source-backed volume.
Source Surface
rust/kernel/lib.rs: kernel Rust crate root and exposed module surface.rust/kernel/sync/arc.rs: reference-counted ownership wrapper.rust/kernel/task.rs: task wrapper and current-task access.- Additional Rust API surface under
rust/kernel/*: allocation, device, driver, fs, init, error, sync, lists, rbtree, and helpers. Documentation/process/coding-assistants.rst: policy constraints for AI assistant involvement.
Architecture Role
The Rust layer is not a second kernel. It is a safer API membrane over kernel facilities. It exposes selected abstractions while preserving Linux’s existing contracts for allocation, reference counts, pinning, tasks, devices, files, and error codes.
rust/kernel/lib.rs is the module gate. The presence of sync/arc.rs,
task.rs, device.rs, driver.rs, fs.rs, alloc.rs, init.rs, and
error.rs shows the direction: Rust code gets typed wrappers around existing
kernel concepts instead of copying C subsystem implementations.
Ownership Model
The Rust layer is strongest where it turns conventions into types:
- Refcounted kernel objects become wrappers such as Arc-style types.
- Current task access is mediated through a wrapper rather than raw global pointer use.
- Allocation and error paths can use Rust result types while preserving kernel
errnosemantics. - Initialization APIs can encode pinned/in-place construction requirements.
Boundary Limits
Rust does not remove the need to understand Linux contracts. It can encode many ownership and lifetime rules, but it cannot automatically prove every RCU, interrupt-context, lock-ordering, or memory-barrier rule. Those remain API design obligations.
Translation Pattern
For every C subsystem studied in this dossier, the Rust target should ask:
- What object owns lifetime?
- Which references are borrowed, refcounted, pinned, or RCU-protected?
- What operations can sleep?
- Which functions require locks or specific execution context?
- Where must unsafe code exist?
- Can the public API force the safe order?
AI-Native Translation
The in-kernel Rust layer is also a useful AI boundary. If agents are allowed to generate or modify low-level code, the safe target is a constrained API layer with explicit invariants, not arbitrary edits to raw subsystem internals.
Evidence Links
file-notes/linux__rust__kernel__lib.rs.mdfile-notes/linux__rust__kernel__sync__arc.rs.mdfile-notes/linux__rust__kernel__task.rs.mdfile-notes/linux__Documentation__process__coding-assistants.rst.md