News: 0183431130

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Rust Will Save Linux From AI, Says Greg Kroah-Hartman

(Wednesday May 27, 2026 @05:00PM (BeauHD) from the validate-all-input dept.)


Linux stable kernel maintainer Greg Kroah-Hartman [1]says Rust [2]can help Linux deal with a flood of AI-discovered security bugs (namely [3]Dirty Frag , [4]Copy Fail , and [5]Fragnesia ) by preventing common C mistakes around memory, locking, error handling, and untrusted data at build time rather than during human review. It's "not a silver bullet" and does not mean rewriting the whole kernel, but he said new drivers and subsystems will increasingly use Rust as Linux evolves forward. ZDNet reports:

> Kroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where "we forgot to unlock" in an error path. "The majority of the bugs in the kernel are this tiny, minor stuff," he explained. "Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C. This is why we don't like it." Kroah-Hartman argued that the "best beauty of Rust" is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: "The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy. You just can't write code to access these values...without grabbing the lock. The compiler will not let you."

>

> Those properties, he argued, directly remove a huge fraction of the bugs he sees: "This is going to save us those two things. First, 60% of the bugs in the kernel right there, they're gone. Thank you." The payoff is earlier, more automated enforcement: "If this happens at build time, not review time, don't make me a maintainer who has to read your code [and] say, 'Oh, then you properly check that error value. Oh, did you properly grab the locks in the right spot?' Rust gives us that for free. This is the best thing ever." Even if Rust vanished tomorrow, Kroah-Hartman argued, it has already forced the kernel to clean up C code and interfaces. He credited Rust's influence outright: "We stole this from Rust. Thank you. It's a good idea, so if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas. We thank you, you've made Linux better with it just by existing."

>

> [...] What ultimately sold a number of core maintainers, including him, on Rust was how it "makes reviewing code easier." With CI

[6]Continuous Integration

bots enforcing builds and Rust's type system enforcing key invariants, maintainers can "focus on the logic" rather than resource bookkeeping: "I can care about that one function. I don't have to worry about the rest of this stuff, because I assume that it works properly, because it was built properly." Internally, he said, the top maintainers have already made their call on Rust's status: "The Linux kernel maintainers, we get together every year and talk about what the processes are doing. Last year, we said the [7]Rust experiment is over. It's not an experiment. This is for real ." The rationale: "The people behind it are real. We trust them. We know what they're doing. They've shown and put in the work to make Rust a viable language in the kernel, and we're going to make this stick. Let's go full speed ahead. And, as always," he said wryly, "world domination proceeds."

"If you never remember anything else in my talk, just remember these four words. It came from Microsoft Security many, many years ago," Kroah-Hartman told attendees. "They realized all input is evil. You have to validate all input."



[1] https://www.youtube.com/watch?v=0vhGWclF7LU&t=810s

[2] https://www.zdnet.com/article/rust-will-save-linux-from-ai-says-greg-kroah-hartman/

[3] https://linux.slashdot.org/story/26/05/08/1913238/new-linux-dirty-frag-zero-day-gives-root-on-all-major-distros

[4] https://it.slashdot.org/story/26/04/30/207231/new-linux-copy-fail-vulnerability-enables-root-access-on-major-distros

[5] https://linux.slashdot.org/story/26/05/13/1621258/fragnesia-made-public-as-latest-linux-local-privilege-escalation-vulnerability

[6] https://practical-tech.com/2018/07/10/continuous-integration-and-delivery-tool-basics/

[7] https://thenewstack.io/rust-goes-mainstream-in-the-linux-kernel/


Wait, 4 words? (Score:2)

by mackil ( 668039 )

> "If you never remember anything else in my talk, just remember these four words. It came from Microsoft Security many, many years ago," Kroah-Hartman told attendees. "They realized all input is evil. You have to validate all input."

Which four words are we supposed to remember?

Re: (Score:2)

by Guspaz ( 556486 )

"All input is evil"

embarrassing what qualifies as a programmer (Score:2)

by dfghjk ( 711126 )

"This is what we live with in C. This is why we don't like it."

It is not, it's what is lived with in a codebase, C has nothing to do with it. Also, there is nothing about an approach mandated by one language that cannot be implemented in C, Rust creators have not made anything that kernel developers cannot otherwise do.

It is sad what programmers have become that cause claims like this to be made.

"With CI [Continuous Integration] bots enforcing builds ..."

The battle is already lost.

"They realized all input

Re: (Score:2)

by haruchai ( 17472 )

"what he is alleged to do"

WTF? that's like saying Linux is "alleged" to have been named after Linus Torvalds

Re: (Score:2)

by DamnOregonian ( 963763 )

Every single thing in this post is wrong.

Well done, sir.

What's the benefit of Rust here though? (Score:2)

by drinkypoo ( 153816 )

If you've got the AI tools to tell you how you screwed up with C, why do you need Rust? Just fix what the LLM says you broke. Now you have the speed of C without the bugs. It ought to be easy to find that class of error, right?

Re: (Score:2)

by caseih ( 160668 )

Better yet, the LLM can just write the secure C code in the first place.

If Mythos is so great, why not close the loop?

Re: (Score:2)

by Himmy32 ( 650060 )

The problem is that time between the AI tool discovering a bug and the release of the patch, there's a bunch of panicked work by the developers and a time where the vulnerability is exploitable without an available patch. So if they can avoid several classes of errors and those are most of what the AI are finding, there's a bunch of work saved.

If it was just the developers using the AI tools though and the patch notes weren't open, then you'd more correct.

Rust Can't Even Save Linux from Vulnerabilities (Score:2)

by BrendaEM ( 871664 )

[1]https://www.phoronix.com/news/... [phoronix.com]

[1] https://www.phoronix.com/news/First-Linux-Rust-CVE

Re: (Score:2)

by DamnOregonian ( 963763 )

Rust can't save you from bad logic. In fact, in some cases, it may even encourage it with some of its difficult semantics.

That being said, LinuxBugs - CMemBugs + RustBugs < LinuxBugs.

There was a college student trying to earn some pocket money by
going from house to house offering to do odd jobs. He explained this to
a man who answered one door.
"How much will you charge to paint my porch?" asked the man.
"Forty dollars."
"Fine" said the man, and gave the student the paint and brushes.
Three hours later the paint-splattered lad knocked on the door again.
"All done!", he says, and collects his money. "By the way," the student says,
"That's not a Porsche, it's a Ferrari."