top | item 37629874

Platform that enables Windows driver development in Rust

339 points| mustache_kimono | 2 years ago |github.com | reply

142 comments

[+] 1letterunixname|2 years ago|reply

For those who don't remember, Russinovich prior to taking over his boss' job and possible succession as the next MSFT CEO, he owned a software tools and NT kernel consulting company where Redmond sent their engineers to learn NT kernel dev. Also, he found Sony's DRM rootkit, Symantec's rootkit-like file protection, and caught Best Buy pirating ERD Commander.

I'm kind of kicking myself now that I nuked my LinkedIn in 2014 having 2 degrees from the whole Valley and Mark as 1st. Oh well, there's freedom and agility in relative obscurity. What's that reggae song by Desmond Dekker about it's pointless to talk about how much you did, made, or who you used to know? xD

[+] miki123211|2 years ago|reply

> he owned a software tools and NT kernel consulting company where Redmond sent their engineers to learn NT kernel dev.

Apple apparently used to do something similar, internal Apple Docs were nothing compared to Jonathan Levin's books[1], so Apple would routinely buy those for their OS engineers.

It's pretty interesting to me that companies of that size can't really do these things themselves, despite being in a much better position by having access to the engineers actual source code. These third parties (or at least Levin) had to rely on reverse-engineering to a large degree.

[1] https://newosxbook.com

[+] badrabbit|2 years ago|reply

How can you mention him and not mention sysinternals? I rely on that suite to do my job every day! Sysinternals have had more of an impact than perhaps even Azure itself considering how basically every company using windows in the world uses at least one sysinternals tool.

[+] taskforcegemini|2 years ago|reply

The sysinternals tools should be part of any windows installation. They are a must in mine.and are sorely missed whenever I need to fix/debug a friends computer. why else did MSFT acquihire them/Mark Russinovich?

[+] kramerger|2 years ago|reply

He is a good coder, but having read his books I don't think he would be a good CEO.

My take from the first book was that he has an extremly black and white view of the world.

[+] kleiba|2 years ago|reply

Apparently it's good for a comment on HN.

[+] drvdevd|2 years ago|reply

The song is Fu Man Chu, by Desmond Dekker and the ACES.

[+] tester756|2 years ago|reply

>and possible succession as the next MSFT CEO

wat

[+] pgporada|2 years ago|reply

That's Live and Learn off of Double Dekker. It's good stuff.

[+] ww520|2 years ago|reply

Is he going to be the CEO? That would be fantastic. He was super technical and super knowledgeable about Windows kernel. He was a true hacker.

[+] sn9|2 years ago|reply

> ... having 2 degrees from the whole Valley and Mark as 1st.

I'm having trouble parsing this. What does this mean?

[+] jjallen|2 years ago|reply

What kind of benefits do you think you would derive from being “connected” with him on LinkedIn?

[+] mustache_kimono|2 years ago|reply

OG Tweet: https://twitter.com/markrussinovich/status/17057307039574058...

[+] 38|2 years ago|reply

non crap link:

http://farside.link/twitter.com/markrussinovich/status/17057...

[+] zamalek|2 years ago|reply

Nice /s, it's not idiomatic:

    pub struct QueueContext { 
      buffer: PVOID, 
      length: usize, 
      timer: wdf::Timer, 
      current_request: WDFREQUEST, 
      current_status: NTSTATUS, 
      spin_lock: wdf::SpinLock, 
    }

[+] jeroenhd|2 years ago|reply

Almost all of those refer back to FFI integer types, because that's what the Windows driver API uses. The Linux kernel has similar issues when it comes to writing Rust drivers, and so does every other project interoperating with C.

Types like NTSTATUS have a significant amount of documentation attached to it. Unlike C and C++, you can't just assign an integer value to an enum value. I suppose they could've generated a wrapper class and required you to cast every time, but then you'd get code that's 50% .into()s and that would probably add overhead to your driver as well.

As far as I can tell, you never set or alter these enum values, other than maybe the void* for buffer; you only ever read from them. A match {} block should work just fine on NTSTATUS. WDFREQUEST is a handle, so you can't really do anything with it other than maybe swap it out for another handle of the same type.

Timer and SpinLock have been converted into idiomatic Rust objects, wrapping unsafe library calls in their bodies. Other than that, I don't really see how you'd make this code idiomatic without adding a significant performance burden.

[+] BaculumMeumEst|2 years ago|reply

could you clarify what you mean?

[+] kramerger|2 years ago|reply

I think they would need to rewrite everything to get rid of that

[+] IshKebab|2 years ago|reply

What were you expecting exactly?

[+] unknown|2 years ago|reply

[deleted]

[+] meresahkaan|2 years ago|reply

[deleted]

[+] fortran77|2 years ago|reply

You know what would be even better? Device drivers in a memory managed language like C#!

[+] jeroenhd|2 years ago|reply

Microsoft is pushing more and more code into user space. The latest change is that they now insist printer manufacturers use UWP printer apps rather than drivers to add custom functionality to their printers; these apps are usually written in languages like C#.

I agree with Microsoft that the best method is probably to run less manufacturer code in the kernel, not to make the kernel accessible more easily. Running a garbage collector in the kernel sounds near impossible to pull off without GC bugs because C# isn't exactly suited for "I want to access some buffer but I can't because it hasn't been paged in and I'm in an interrupt handler".

[+] danparsonson|2 years ago|reply

Would that be better though? I have no experience of driver development by my feeling is that device drivers being low-level and fundamental building blocks of a working operating system, doesn't fit well with garbage collection interrupting execution on its own schedule.

[+] ndiddy|2 years ago|reply

I’d prefer not to have my mouse stutter because the driver paused to run the garbage collector.

[+] CodeCompost|2 years ago|reply

Microsoft tried that already. It failed miserably. I don't think they gave a reason but I suspect that garbage collection caused too many freezes in early 2000s hardware.

[+] anaisbetts|2 years ago|reply

It is very difficult to write device drivers in even C++ while still maintaining the ability to write pageable kernel drivers. Drivers must have very strict control over availability of memory because it will likely access it at times when a page fault is not possible (i.e. during an interrupt handler). The C# language and runtime would have to add features to explicitly accomodate this at a bare minimum

[+] MStrehovsky|2 years ago|reply

Here's an example [1] of a device driver in C#. It is possible. It is also not recommended.

[1] https://github.com/VollRagm/KernelSharp

[+] nextaccountic|2 years ago|reply

C# doesn't help against data races

Indeed pretty much no mainstream language prevents data races at compile time like Rust does

[+] dataking|2 years ago|reply

I'm not aware that C# has security or reliability advantages over Rust. It may be better integrated into the Microsoft ecosystem but from the point of view of a driver developer who has to support more than one OS, Rust would seem to be a good tradeoff between security, performance, and reliability vs. C/C++.

[+] __jem|2 years ago|reply

Rust is memory managed, it just doesn't have a garbage collector.

[+] j16sdiz|2 years ago|reply

Many common device class supports user mode driver. I think that supports writing in memory managed languages

[+] raincole|2 years ago|reply

C# is my main language but this is one of the few cases where it's not the best choices.