Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
In the future, some Linux subsystems will only be written in Rust.
Rust is much safer than C, but it's no silver bullet for bad logic.
The Linux kernel will not be rewritten in Rust. Well, not yet anyway.
At Open Source Summit India 2026 in Mumbai, Linux stable kernel maintainer Greg Kroah‑Hartman said in his keynote that "the [Linux] kernel is moving toward Rust. Git is moving toward Rust. Lots of projects are starting to move toward Rust."
Also: Red Hat will support your RHEL forever now - for a price
He didn't always feel that way. Kroah-Hartman added, "A number of years ago, when a friend of mine said, 'Ah, you got to try this new language. It's called Rust.' I was like, 'What? No, C is great.' His friend continued, "'No, no, no! It makes programming fun again.' I'm like, 'Nah, programming is fun in C.' He was right. I should have done it then. Rust is actually fun. It makes programming fun. It takes a lot of stuff away from having to worry about the compiler, which can fix a lot of your problems for you, and it makes code a little bit better."
Why Rust makes life so much easier
So, Kroah-Hartman has moved from being a Rust skeptic to one of its strongest champions inside the kernel. He now regards Rust as a permanent part of Linux, not an experiment. His case is straightforward: Rust's ownership and type system can eliminate most of the "stupid little tiny things" that dominate kernel Common Vulnerabilities and Exposures (CVEs), while making life easier for overworked maintainers. "Rust," in short, "makes my life so much easier."
Kroah-Hartman should know. He oversees the Linux kernel CVE process, and he has a unique vantage point as the stable‑kernel maintainer. In India, he said Linux sees "about 13 CVEs a day" and has been running at "almost nine changes an hour" for a decade or more. Most of those vulnerabilities, he argued, are not exotic attacks but simple C mistakes -- unchecked pointers, forgotten unlocks, and sloppy cleanup paths: "This is what we're fixing 13 times a day. Small, trivial, little bugs like this all the time."
Also: 'I'm not a programmer' anymore: Linus Torvalds on the only two tools he uses now
How can Rust help with this issue? Easy. Kroah-Hartman continued: "Here is my statement, totally unscientific. I've seen every CVE the kernel has done in the past 25 years. I think 80% would be gone, just because they would be caught by Rust." The remaining 20% are the logic bugs he'd prefer to focus on: "Rust will still crash just fine. You can do really foolish things in Rust, but all the tiny, stupid, trivial things Rust will handle for us."
Kroah‑Hartman consistently framed language choices in terms of reviewer workload rather than developer convenience. Linux has "over 5,000 developers" but "about 150 core maintainers that review the majority of the code," a skew that drives his priorities. "We optimize for reviewers. We don't optimize for developers because we have a lot of developers," he said, suggesting Rust's ability to enforce locking and lifetime rules at build time means reviewers can spend their limited bandwidth on logic rather than bookkeeping: "If it builds as a reviewer, I know it's OK. I can look at the logic."
Also: Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it
The Rust effort has already reshaped C in the kernel. To make Rust bindings safe, maintainers revisited long‑standing C APIs, adding guard and scoped‑allocation mechanisms that mirror Rust's automatic cleanup. "We have the guards, the scoped reference counting, to C because Rust showed us we could," he said.
"We added a lot more memory safety stuff to the kernel and other APIs because we realized Rust showed us we could do that, and we made the C code more reliable and better. So if Rust were to disappear tomorrow, the kernel's better off for it."
The default for new work in key subsystems
This shift has been coming for some time. As Kroah-Hartman wrote back in 2025 on the Linux Kernel Mailing List (LKML), "Rust also gives us the ability to define our in-kernel APIs in ways that make them almost impossible to get wrong when using them. We have way too many difficult/tricky APIs that require way too much maintainer review to 'ensure that you got this right,' that is a combination of both how our APIs have evolved over the years (how many different ways can you use a 'struct cdev' in a safe way?) and how C doesn't allow us to express APIs in a way that makes them easier/safer to use. Forcing maintainers of these APIs to rethink them is a GOOD thing, as it is causing us to clean them up for EVERYONE, C users included already, making Linux better overall."
Moreover, Rust is becoming the default for new work in key subsystems. "New drivers for some subsystems are only going to be accepted in Rust. Look at the graphics subsystem, the most complex drivers out there that it is today; those guys are going to be in Rust only," he said. Binder, the Android IPC mechanism at the heart of billions of devices, now has parallel C and Rust implementations in the kernel. The C version "will go away soon," leaving the Rust version "as the bedrock of all Android devices going forward."
Formally, the kernel leadership has already blessed Rust as a first‑class language. "This experiment is now no longer an experiment," Kroah‑Hartman said. "The kernel community maintainers came together last year … and we said the Rust experiment is over. It's real. We're going to accept this thing going forward."
Also: IBM and Red Hat launch Lightwell to defend open-source code from AI attacks
Now, that shift doesn't mean the Linux kernel will be rewritten in Rust. As he said at the Rust Week conference earlier this year in Utrecht, Netherlands, "We don't want rewrites, so unless you're the maintainer and owner of that file, just do it for new stuff. Leave existing C code alone, and let's evolve forward after that."
That said, having watched Linux grow from the start, I get the sense that the day may come when the Linux kernel will be rewritten in Rust. It won't be anytime soon, but I can see it happening. It's much safer by design. Were someone to ask me today what language they should learn to become a kernel contributor, I'd tell them to pick up Rust.
Also: I've tested many portable Linux distros, but PorteuX is the one I keep on my USB drive
Meanwhile, Kroah-Hartman acknowledged that "change is hard" for a community steeped in C, including himself: "I like C. I've been doing C for many, many, many years." Indeed, he's been at it for "Longer than many people here have even been alive. It's hard." But he returned to the same theme that first sold him on Rust: "Rust makes coding fun again. I found it makes it so that you don't have to worry about where my references are, where I grab my locks properly, did I do this stuff, did I do this? I can focus on logic, and that's the beauty of it."
Kroah-Hartman continued, "Rust can be more fun for maintainers and more secure Linux for users, and that's the most important thing overall." He ended with that familiar Linux punchline: "And of course, world domination is proceeding as planned."
View original source — ZDNet ↗


