Hacker News new | ask | show | jobs
by nuta 1692 days ago
Author here. I'm surprised to see my hobby project on Hacker News.

I know this kind of stuff spark the ``it's meaningless to rewrite everything (especially Linux) in Rust'' debate. I agree 100% that rewriting Linux in Rust (or your favorite language) is just a waste of time and such a project won't live long.

That said, what I'd say here is that it's fun. Really fun. Implementing ABI compatibility requires you to understand under the hood of the kernel. You can learn how printf(3) works. You can learn what happens before main().

Especially, in Rust, it's inspiring to explore ways to write a kernel safely and expressively. One of my favorite part is the implementation of read system call [1].

Lastly, You can try this OS on SSH. Hope you enjoy :)

    ssh root@kerla-demo.seiya.me
[1]: https://github.com/nuta/kerla/blob/main/kernel/syscalls/read...
15 comments
rakoo 1692 days ago
> I know this kind of stuff spark the ``it's meaningless to rewrite everything (especially Linux) in Rust'' debate. I agree 100% that rewriting Linux in Rust (or your favorite language) is just a waste of time and such a project won't live long.

Considering that this is exactly how Linux was born (just a hobby project for fun), I wouldn't assume so fast that it's useless. Moreover, you don't need to justify yourself if you just want to have fun !

link
uuddlrlr 1692 days ago
Any rust project like this inevitably gets sardonic replies about rewrite-in-rust fanaticism.

I agree they shouldn't have to justify themselves, but it is handy to preempt that.

link
Iv 1691 days ago
Also, the rust community is too nice to openly admit it, but it's goal IS to displace C as the main low level language especially for the kernel. This is doomed to attract a lot of attention
link
hnlmorg 1692 days ago
I don't see why we need to pretend that every hobby has the potential for greatness. Being a hobby is a good enough end to itself.

In fact in this instance I think it's a little disingenuous to quote Linux and say it could happen again. The industry is totally different now. There's much more competition than there was when Linux was released and that competition is much more mature too. Plus the bar for a production-quality kernel is a lot higher than it was when Linux was released.

link
sennight 1691 days ago
> In fact in this instance I think it's a little disingenuous to quote Linux and say it could happen again.

Seems apropos to me, given the fact that a Linux ABI compatible hobby project is under discussion - and that everyone here is familiar with the famous Usenet announcement.

> The industry is totally different now. There's much more competition than there was when...

I wonder how you define "competition"? Because there were way more operating systems in use then, and the industry was far more fractured. Fractured in a way that was meaningful - not like today where you can spin up a VM and be productive in short order, thanks to the significant lack of distinguishing difference. That is the really interesting thing about these hobby projects - they introduce possibilities that are either completely ignored by organizations suffering from inertia constraints, or can't be mimicked because they're diametrically opposed to present designs.

link
hnlmorg 1691 days ago
> I wonder how you define "competition"? Because there were way more operating systems in use then, and the industry was far more fractured.

There is way more competition now:

  + Linux (countless distributions)
  + FreeBSD
  + OpenBSD
  + NetBSD
  + DragonflyBSD
  + HardenedBSD
  + Darwin
  + Minix 3 (which wasn't free when Linux was released)
  + Illumos
  + OpenIndiana
  + Nexenta OS
  + SmartOS
  + ...and many others based off OpenSolaris / Illumos
This isn't even an exhaustive list of UNIX-like platforms that are new since Linux and free.

Don't conflate standardisation of the industry with a lack of options. More options do exist today and are in use (eg some games consoles run FreeBSD, Netflix uses BSD, Nexenta is used in some enterprise storage solutions, Darwin may not be used in any free capacity but macOS is clearly used heavily by HN readers, and so on and so forth).

Moreover, I've used FreeBSD, Solaris, OpenSolaris, Nexenta and OpenBSD on production systems over the last 10 years (and the list gets more esoteric if we look past 10 years). So just because you might exist in a Linux-only ecosystem it doesn't mean that's the case for the entire IT industry.

link
sennight 1690 days ago
Odd, you purportedly know the difference between an OS and a distro - but that doesn't stop you from generating the above nonsense list. Just look at the last 5 items... seriously - all these Illumos derivatives are distinct operating systems in competition with one another? And to a degree that is no different from Netware vs OS/2?! Be serous, that list only further proves my point about the total lack of distinguishing difference in the present offerings - relative to the pre-linux environment.

> So just because you might exist in a Linux-only...

Obnoxiously presumptuous.

link
hnlmorg 1690 days ago
> but that doesn't stop you from generating the above nonsense list.

lol it's not nonsense. Every item I've listed offers something unique.

> Just look at the last 5 items... seriously - all these Illumos derivatives are distinct operating systems in competition with one another?

Actually the differences in the Illumos derivatives are quite fundamental:

- Nexentra is aimed at being an enterprise storage solution with Debian user land. That's massively unlike Illumos

- Smart OS is designed to be a smarter virtualisation and containerisation host OS. It even bundles Linux's KVM virtualization. It's not intended to be run as a desktop platform

- OpenIndiana and Illumos are probably the most similar, however OpenIndiana aims to be more true to OpenSolaris while Illumos aims to be more of a hybrid upstream. So while they're both multi-paradigm (like how Debian can be a desktop or server OS) there are some major differences in their commit tree.

Honest question: how close are you to the Illumos projects? Or are you just an outsider looking in and making assumptions about equivalence based on your experience with Linux? I ask because Illumos forks are much more akin to BSD forks than they are Linux distros.

> Be serous, that list only further proves my point about the total lack of distinguishing difference in the present offerings - relative to the pre-linux environment.

Even if you want to pare down the list to upstreams, you still have half a dozen BSDs (I really hope you at least have enough experience with BSD to realise these aren't just respins like Linux distros), Illumos, Minix, and Darwin. Verses your point in the 90s which was basically non-free BSD, non-free SysV, non-free QNX, non-free Minix etc....you still have those options now PLUS the ones I've listed.

This is the problem with your argument. You're assuming the old choices have gone away, which they haven't...well, apart from SCO and Minix is now free. And in addition we have dozens of interesting new platforms, some of which I've exampled, too.

There's no way on Earth we have less choice now than in the 90s. We might have the industry largely standardising on a subset but that's an entirely different argument and it's only representative of the lowest common denominator doing common problems. However if you look slightly outside of the status quo and you'd see there is a lot of variety still happening in the industry. I know this first hand too -- as I've said in my previous post, I've worked in plenty of places that weren't just Linux shops :)

link
_joel 1691 days ago
> Being a hobby is a good enough end to itself.

Indeed, there's a word for it which I find particularly lovely, autotelic.

link
elihu 1691 days ago
> There's much more competition than there was when Linux was released and that competition is much more mature too.

I think it's the opposite. When Linux was released, basically every major tech company had their own variant of Unix. Now almost everyone has migrated to Linux or Windows.

Competing with modern Linux by creating a drop-in replacement for Linux would be a pretty difficult task given that people have been optimizing Linux for decades now, but on the other hand I think there are ways to improve dramatically on the traditional POSIX-style API that Linux mostly adheres to. For a random example, why can't a given process have more than one "current working directory" at a time? That seems like an arbitrary limitation imposed by an implementation detail in early Unix system, and it causes problems for modularity. There are many other little details like that. I think if Linux is replaced by something eventually, it'll most likely be because the new thing has a cleaner, more powerful, or more generally usable API.

(Kerla is apparently not trying to invent a new API; I'm just saying that's the direction I would recommend to anyone project with a goal of seriously competing with Linux.)

link
elihu 1691 days ago
Follow up to add: another way to compete with Linux is on security. The Linux kernel generally has a pretty good security record I think, but there have been plenty of serious bugs over the years. How many exploitable array-out-of-bounds errors or use-after-free errors remain in the Linux kernel? No one knows. If you can rule those out by using a safer language, that might be compelling to a lot of users who care about security above other concerns.

Of course that's hard to pull off in practice. Linux might have classes of errors that wouldn't exist if it were written in Rust, but even if using Rust eliminates three fourths of the code defects, the end result could be less secure if Linux gets ten or a hundred times as much scrutiny from people actively looking through the code for bugs to fix.

link
hnlmorg 1691 days ago
If OpenBSD has taught us anything, it's that when you need to start hardening at that level, C stops becoming weakest link and actually the design of the broader UNIX ABIs are the bigger problem. This is why things like selinux and cgroups exist in Linux -- POSIX ABIs are about as secure as Win32 APIs in Windows and thus you need to take additional steps to isolate your running processes if you really care about them behaving.
link
hnlmorg 1691 days ago
> I think it's the opposite. When Linux was released, basically every major tech company had their own variant of Unix. Now almost everyone has migrated to Linux or Windows.

There wasn't many UNIXes that targeted x86 aside from 386BSD. And even those that were available were often expensive. Even Minix wasn't free at that time. Which is exactly the reason Linus created his hobby OS.

Now we have a dozen different flavours of BSD, countless Linux distributions and several OpenSolaris spin offs too. Plus many other underdogs used in speciality domains. And that's before even looking at the commercial offerings like QNX, Solaris and macOS.

Just because there are a couple of industry heavyweights that take up the majority of common use cases, don't be fooled into thinking there is a lack of choice nor even that the industry is scared to use anything outside of Linux and Windows.

> Competing with modern Linux by creating a drop-in replacement for Linux would be a pretty difficult task given that people have been optimizing Linux for decades now, but on the other hand I think there are ways to improve dramatically on the traditional POSIX-style API that Linux mostly adheres to. For a random example, why can't a given process have more than one "current working directory" at a time? That seems like an arbitrary limitation imposed by an implementation detail in early Unix system, and it causes problems for modularity. There are many other little details like that. I think if Linux is replaced by something eventually, it'll most likely be because the new thing has a cleaner, more powerful, or more generally usable API.

That's not the goal of this nor any other project that aims for ABI compatibility with Linux and there are plenty of research kernels out there if that's your thing.

> (Kerla is apparently not trying to invent a new API; I'm just saying that's the direction I would recommend to anyone project with a goal of seriously competing with Linux.)

The only way to seriously compete with Linux would be to get large commercial backing. And even then, good luck. Linux won not because it is the best but instead because it's "good enough". Same is true with Windows. Any engineer with aspirations of creating a "better kernel" or "better OS" needs to remember that.

link
nuta 1692 days ago
Thanks! I'll keep doing Just for Fun :D
link
jedimastert 1691 days ago
Aside from "rewrite in rust" debate that I was unaware of, there seems to be this pervasive attitude among the HN hivemind that the end-goal for all projects, side- or main-, is "launch", and therefore needs a market analysis to decide the "worth" of such an idea, and it ends up being rather silly.

For example, I've written a Mandelbrot visualizer so many times I've lost count. Not because the world needs another poorly written or optimized rainbow-ladybug-simulator, but because it serves as a slightly-non-trivial hello-world. For example, it's the first end-to-end thing I made in Common Lisp. https://git.sr.ht/~amtunlimited/mandelbrot-plot

link
pjmlp 1691 days ago
I have a A* search algorithm and a toy compiler that I use exactly for the same purpose.

I just rewrite them all the time as means to get a feeling about programming languages.

I dumped a couple of other stuff on GitHub so that HR people are happy to get a link that they never read anyway.

Then I get back to Java and .NET at the office. :)

link
jedimastert 1691 days ago
I've actually been considering adding a toy compiler to my collection of getting-up-to-speed projects, do you mind sharing what you think are good features?
link
pjmlp 1691 days ago
Try to follow along the Tiger Book, in the variant that appeals to you.

https://www.cs.princeton.edu/~appel/modern/

It covers most areas quite alright even if a bit aged.

link
spoiler 1691 days ago
Not OP, but there's also "crafting interpreters". In the second half of the book you emit bytecode for whatever language you designed in the first half, and also implement a VM for said bytecode.
link
sophacles 1691 days ago
This is really cool. Ignore the haters:

* Some people bake bread even though there's a good bakery nearby.

* Some people grow gardens even though there's a farmers' market down the street.

* Some people restore old cars even though there's a good restoration professional in town.

* Some people make k8s clusters on rpi even though they could rent that for cheap.

You're making an OS that's linux compatible even though there's already linux. And that is awesome!

link
teekert 1691 days ago
Yes, and some people write an OS that is similar to Minix and won't ever be ported to anything beyond 386 and AT harddisks ;)
link
0xTJ 1692 days ago
Wow, I really like the implementation of that syscall. I've got my own toy OS project in C, for the M68k, and my `read` is "a little" less clean [0, 1].

[0]: https://gitlab.com/0xTJ/mosys/-/blob/master/src/vfs.c#L469

[1]: https://gitlab.com/0xTJ/mosys/-/blob/master/src/vfs.c#L907

link
nuta 1692 days ago
Thanks! By the way, your MUTEX_WITH macro looks pretty interesting to me. I've never seen the idea.
link
qwerty456127 1692 days ago
Even "rewriting Linux in Rust" is far from a waste if you make it run and if your code quality is good enough for others to join.

If only you could write an entirely new (meant to be better, for some cases at least) kernel compatible with Linux hardware drivers - this would be not waste at all but in fact fantastic.

link
nuta 1692 days ago
The most challenging point is, as others said, the lack of the compatibility with Linux Driver API. I believe it would be really hard to implement and keep following changes in Linux.

An idea in my mind is to use Kerla for virtualized environments like KVM where only limited device drivers are needed (virtio for example).

link
phkahler 1692 days ago
>> The most challenging point is, as others said, the lack of the compatibility with Linux Driver API.

IMHO getting a minimal set that works is good enough to get people on board. This is still nontrivial. But for example, getting FUSE working would be useful. Even if the driver itself was not ABI compatible, it would bring functionality and someone might then aim for ABI compatibility afterward which would open even more doors.

link
yjftsjthsd-h 1691 days ago
> The most challenging point is, as others said, the lack of the compatibility with Linux Driver API. I believe it would be really hard to implement and keep following changes in Linux.

Especially since, as I understand it, even Linux isn't compatible with the Linux driver API across versions; they can and will change internals at will and just update in-tree drivers to match. Hence some of the difficulty doing things like getting a newer kernel on assorted embedded devices (ex. 99% of phones) because you have to port the vendor's drivers to the new version and both sides changed stuff.

link
monopoledance 1692 days ago
Thanks for checking in. Makes me happy to see your excitement for learning the inner workings of things.

What do you think about other Rust OS projects like Redox?

https://www.redox-os.org/

link
nuta 1692 days ago
In addition to its huge contribution to OS development in Rust, as a microkernel enthusiast, it sounds exciting to writing a microkernel in Rust, in the "Everything is a URL" principle. Moreover, it can run a good-looking GUI on a real machines [1]! I know it's very hard to be realized.

Aside from Redox, I'd mention Tock [2], an embedded operating system. It introduces a novel components isolation using Rust's power. I believe this field is where Rust shines and am looking forward to seeing it in production.

[1]: https://www.redox-os.org/screens/ [2]: https://www.tockos.org

link
panick21_ 1692 days ago
There are more good efforts, the BeTrusted guys are working on Xous, its a microkernel for a phone like device called the Precurser.

https://github.com/betrusted-io/xous-core

As a embedded service processor OS for a big server rack, Oxide Computer is working on 'HubrisOS'. They seem to have not released it yet, but that will be open sourced.

https://github.com/oxidecomputer

Those are two efforts where I know real resources are going into.

link
surajrmal 1692 days ago
Is Hubris targeted at BMCs? Or is something different?
link
bcantrill 1692 days ago
Hubris is targeted at microcontrollers. Much more information (and, importantly, the source code!) will be available in our talk at the Open Source Firmware Conference[0], the abstract for which elaborates on our motivations and use case:

On Hubris and Humility: when "write your own OS" isn't the worst idea

Hubris is a small open-source operating system for deeply-embedded computer systems, such as our server's replacement for the Baseboard Management Controller. Because our BMC replacement uses a lower-complexity microcontroller with region-based memory protection instead of virtual memory, our options were limited. We were unable to find an off-the-shelf option that met our requirements around safety, security, and correctness, so we wrote one.

Hubris provides preemptive multitasking, memory isolation between separately-compiled components, the ability to isolate crashing drivers and restart them without affecting the rest of the system, and flexible inter-component messaging that eliminates the need for most syscalls -- in about 2000 lines of Rust. The Hubris debugger, Humility, allows us to walk up to a running system and inspect the interaction of all tasks, or capture a dump for offline debugging.

However, Hubris may be more interesting for what it doesn't have. There are no operations for creating or destroying tasks at runtime, no dynamic resource allocation, no driver code running in privileged mode, and no C code in the system. This removes, by construction, a lot of the attack surface normally present in similar systems.

This talk will provide an overview of Hubris's design, the structure of a Hubris application, and some highlights of things we learned along the way.

[0] https://talks.osfc.io/osfc2021/featured/

link
panick21_ 1692 days ago
I think its an FPGA with a costume Open-Source Titan chip on it (RISC-V). It is not really a traditional BMC, its more like a service processor that does secure boot and gets you in the OS. It does a few other things but I think they really want it to have minimum functionality.

This is a great talk about what they do and why: https://www.youtube.com/watch?v=vvZA9n3e5pc

link
bcantrill 1691 days ago
This is a very reasonable inference, as it absolutely was when I gave that talk. ;) Very shortly after that talk, however, we came to the realization that the OpenTitan was not going to be what we needed when we needed it, and moved to a Cortex M7-based microcontroller for our service processor (and a separate M33-based microcontroller for our root of trust); Hubris is the operating system that runs on those two MCUs.
link
monopoledance 1692 days ago
Thanks for sharing!

I have to say, I feel a bit “dirty” carrying so much unused and legacy code around with Linux, so I like people trying to reinvent the wheel just for the pleasure of a fresh start. For the aesthetics. Even if it’s merely a fantasy and not replacing anything soon, realistically. They are also keeping OS development accessible to new generations of geeks. The unfriendliness of C, the gigantic codebase and seemingly distinct culture make the Linux kernel quite off putting, filtering possible engagement by unfortunate parameters IMO. Novel OS development in Rust takes away at least some of those barriers and some of the gained knowledge may be applicable with the Linux kernel later.

link
baktubi 1692 days ago
Spending your time how you want to is never meaningless. Especially if you’re creating value in the world.
link
matheusmoreira 1691 days ago
> That said, what I'd say here is that it's fun. Really fun. Implementing ABI compatibility requires you to understand under the hood of the kernel.

> You can learn how printf(3) works. You can learn what happens before main().

Yes! It's such a wonderful experience. This is exactly what I most enjoy doing, just seeing how things work, maybe making my own version. I hope you have lots of fun.

You're reimplementing Linux's kernel-userspace binary interface, right? The system call interface is stable and language agnostic, it's really nice. Some pointers for anyone who'd like to know more:

https://man7.org/linux/man-pages/man2/syscalls.2.html

https://man7.org/linux/man-pages/man2/syscall.2.html

https://github.com/torvalds/linux/blob/master/Documentation/...

link
bpye 1691 days ago
I honestly think there is real value here for firecracker style containers. Running memory safe code for your whole stack, with a minimal number of virtio devices? Fantastic!

The permissive license would also be interesting in some applications.

link
allochthon 1691 days ago
I'm new to Rust and am far less along than you are, as evidenced by this project. I noticed that in the few files I spot checked, there aren't many/any tests. Without any context or opinion, I'm curious whether unit and integration testing are hard for a project like this.
link
nuta 1691 days ago
Good point. As you say Kerla lacks unit tests I focused on running a SSH server as soon as possible.

IMO, writing and running tests in the kernel space is pretty easy thanks to Rust’s flexible testing feature [1].

[1]: https://os.phil-opp.com/testing/

link
nix23 1692 days ago
Really cool that you mentioned OSv on your github, really not enough eye's on it, i think.
link
stjohnswarts 1691 days ago
It doesn't matter if it's meaningless to the hackernews crowd, it really only matters if it has meaning to you and if you're learning.
link
sandGorgon 1690 days ago
How did you set-up the ssh system? Where a new vm is spawned on ssh ?
link
a-dub 1692 days ago
nice project! curious how the rust ownership model works in a monolithic kernel context. are the lifetimes of kernel structures associated with a process "owned" by the process itself somehow?
link
nuta 1691 days ago
I’m not sure this answers what you asked, objects that are referenced from multiple objects are simply wrapped with Arc<T>.
link
a-dub 1690 days ago
sortof. i'm just kinda curious if any of rust's cool memory management features work particularly well or have to be bypassed in a monolithic kernel context.
link
bitcoinmoney 1691 days ago
How long did it take you to write this?
link
nuta 1691 days ago
About 3-4 months in total: took 1.5 month to run a simple Hello World program, 1 month to implement bunch of system calls, and another 1 month to implement features essential to run Dropbear SSH server (tty/pry, bug fixes, …).
link