Linus On C vs Rust Linux Problems

TL;DR

The C-versus-Rust kernel conflict is framed as a clash of programming philosophies about control and safety, not just a tooling debate.

Briefing Cornell Notes

Briefing

Linux’s C-versus-Rust fight in the kernel isn’t mainly about syntax or performance—it’s about clashing programming philosophies, and that clash keeps turning technical disagreements into culture wars. Linus Torvalds frames the controversy as involving “healthy arguments” alongside growing negativity, and the tension has flared repeatedly in Linux kernel circles as Rust contributions increasingly touch C interfaces and vice versa. The result is a community collision where “how to do safe systems programming” becomes as contested as “who should adapt to whom.”

A key driver is the way kernel culture forms from the top down. Torvalds is known for blunt, sometimes harsh feedback, including telling contributors that certain changes are “total crap” even when they don’t immediately break user programs. In that environment, Rust presentations and proposals can get met with unusually aggressive pushback—something described as recurring at LinuxCon and other Linux-focused events, not limited to Rust. That pattern matters because it shapes expectations: arguments are treated as normal, but the line between critique and hostility is easy to cross.

The deeper friction is described as a philosophical mismatch between C and Rust. C is portrayed as “control” and “freedom” in the sense that developers can do almost anything at any time—an “anarchy” model where responsibility is largely on the programmer. Rust is portrayed as “freedom through authority,” where the type system and ownership rules constrain what’s possible to prevent whole classes of bugs. When Rust’s safety model is applied across C boundaries—like modifying a C interface from Rust—each side can interpret the other’s approach as either disrespecting hard-won expertise or imposing constraints that don’t fit the existing kernel workflow.

The controversy also has a concrete flashpoint: a kernel maintainer reportedly quit after non-technical conflict tied to adapting a C plugin for Rust. That mirrors the broader “editor wars” analogy—VI versus Emacs—where technical preferences become identity markers. Rust supporters argue that memory safety is the long-term direction for operating systems, while C maintainers emphasize that the kernel already has extensive safety infrastructure (including debug builds and testing harnesses) and that Rust’s learning curve and “unsafe Rust” realities complicate adoption.

Even Rust’s advocates concede the limits. Memory bugs can still happen in Rust, and writing certain kernel-adjacent components may require large amounts of unsafe code and careful layout work. Examples discussed include complex string representations and the need for unions, manual drop logic, and pointer manipulation—cases where Rust can be safer in principle but still demands deep expertise in practice.

The discussion broadens beyond Rust: Zig is floated as a middle ground because it can be written closer to C while offering safer tooling, potentially reducing cultural resistance. Others note that replacing “Linux” in full would require rewriting not only kernel code but also vast user space, and that kernel change alone won’t solve the broader ecosystem’s C footprint.

Overall, the core takeaway is that Rust’s integration into Linux is less a simple “better language wins” story than a long, high-friction transition requiring shared standards, realistic expectations about unsafe code, and a community willing to keep debates technical rather than personal.

Cornell Notes

Linux’s C-versus-Rust kernel conflict is driven by more than engineering tradeoffs: it reflects competing philosophies about control, safety, and how much authority a language should impose. Torvalds’ blunt feedback culture and repeated hostile presentation experiences help explain why technical disagreements can escalate into identity-level conflict. The hardest part is crossing language boundaries—Rust changing C interfaces and C integrating Rust contributions—where each side expects the other to adapt. Rust is argued to improve memory safety, but “unsafe Rust” and complex type-driven designs still require deep expertise and can produce new failure modes. The debate also considers alternatives like Zig and highlights that kernel-only rewrites won’t address the larger user-space C ecosystem.

Why does the C-versus-Rust debate keep turning into a culture clash rather than staying purely technical?

The conflict is framed as philosophical: C emphasizes freedom/control where developers can do almost anything, while Rust emphasizes freedom through authority via ownership and type-system constraints. When Rust contributions modify C interfaces (or C contributions adapt Rust code), each side can interpret the other’s approach as either undermining established kernel practices or imposing constraints that don’t fit the existing workflow. Add a community feedback style that tolerates sharp, even insulting critique, and disagreements about safety and correctness can quickly become personal.

What role does Linus Torvalds’ feedback style play in how Rust proposals are received?

Torvalds is described as outspoken and willing to label certain changes as “total crap,” including cases where behavior is technically incorrect (e.g., an error like ENOENT being invalid under expected semantics). That style sets expectations for direct confrontation. The transcript also notes that aggressive pushback during Rust-related presentations is reported as recurring at LinuxCon and other Linux events, suggesting the issue isn’t isolated to Rust—it’s amplified by existing norms.

What’s the practical kernel problem when Rust and C meet at the boundary?

The boundary problem is submitting changes across language interfaces. Rust may need to adapt or modify C APIs, while C maintainers may require Rust contributions to fit C expectations. Because C is currently the “bedrock” language in the kernel, Rust proposals can be perceived as asking C maintainers to change, while C maintainers ask Rust to conform. That asymmetry fuels resentment and slows integration.

Does Rust eliminate memory bugs in the kernel?

No. The transcript explicitly notes that memory bugs can still be created in Rust—for example, forgetting to clear a hashmap or creating memory leaks. It also emphasizes that some kernel-adjacent work may require substantial unsafe Rust and careful low-level reasoning, meaning Rust isn’t a “get out of jail free” card even if it reduces certain classes of errors.

Why is “unsafe Rust” and complex type-driven design a sticking point for kernel contributors?

Some kernel data structures require intricate layout and semantics. The transcript describes cases like specialized string representations (with prefix and heap pointer behavior) that demand unsafe operations, unions, manual drop logic, and pointer manipulation. Those tasks can take hundreds of lines in Rust compared with far fewer lines in C, making adoption harder for maintainers who don’t want to invest in Rust’s deeper abstractions and unsafe patterns.

Why do some people suggest Zig as an alternative to Rust for kernel work?

Zig is presented as a middle ground: it can be written with a C-like feel and integrates with C-style pointer patterns, potentially reducing cultural resistance from C developers. The transcript also argues Zig might be easier for C people to accept because it doesn’t force the same ownership/type-system worldview as Rust, though it’s also described as less mature and not guaranteed to reach mainstream kernel adoption.

Review Questions

What philosophical difference between C and Rust is repeatedly used to explain the intensity of the kernel debate?
How do language-boundary changes (Rust touching C interfaces and vice versa) create asymmetric expectations between contributor groups?
Why does the transcript argue that Rust’s safety benefits don’t automatically translate into simpler kernel development in practice?

Key Points

1
The C-versus-Rust kernel conflict is framed as a clash of programming philosophies about control and safety, not just a tooling debate.
2
Community norms around blunt critique—associated with Torvalds—help explain why technical disagreements can escalate into hostility.
3
Repeated aggressive reactions to Rust presentations are described as recurring at Linux-focused events, suggesting a broader cultural pattern.
4
Cross-language contributions are the hardest operational problem: Rust changing C interfaces and C integrating Rust code creates asymmetric expectations about who must adapt.
5
Rust can still produce serious bugs, including memory leaks, and some kernel tasks require extensive unsafe Rust and careful low-level design.
6
Kernel integration friction is worsened by Rust’s learning curve and by the complexity of certain abstractions (e.g., specialized string layouts).
7
Alternatives like Zig are discussed as potentially reducing cultural resistance by offering a more C-like workflow while still aiming for safer tooling.

Highlights

Torvalds’ blunt feedback culture is portrayed as a catalyst for how Rust proposals get received, including examples where contributors are told their changes are “total crap.”

The boundary problem—Rust modifying C interfaces and C integrating Rust contributions—is identified as the practical source of recurring friction.

Even with Rust’s safety goals, the transcript stresses that unsafe Rust and complex type-driven layouts can require hundreds of lines and deep expertise.

Zig is proposed as a “middle ground” that might be easier for C developers to adopt because it can resemble C in workflow and pointer handling.

Topics

Linux Kernel
C vs Rust
Memory Safety
Language Boundaries
Zig Alternative

Mentioned

Linus Torvalds
Miguel
Bill Joy
Ted
Liz Rice
Isov Veent
Polar Signal
Federi
BR branik
Br branik
Dax
Dex
Judo
IO
ENOENT
ebpf
LPES
VI
Emacs
SSH
CPU