In the Linux kernel codebase, on the basis of which release 6.18 is formed, implementation has been accepted Binder interprocess communication mechanism, written in Rust.
Binder is used in Android to enable inter-process communication and remote method invocation (one Android process can call a method or function in another Android process, using Binder to identify, call and pass arguments between processes). The Binder code was rewritten in Rust as part of a security enhancement project, promoting secure programming practices and improving the efficiency of identifying memory problems in Android (about 70% of all dangerous vulnerabilities identified in Android are caused by errors in working with memory).
Using Rust allowed us to solve some problems that the Binder developers encountered, including errors related to reference counting, locking and bounds checking, and significantly reduce the complexity of error handling. The implementation of Binder in Rust is similar in functionality to the original version in C, passes all AOSP (Android Open-Source Project) tests and can be used to create working editions of Android firmware. Despite the advanced capabilities and support for objects with complex ownership semantics, the Rust driver turned out to be smaller than the C version –
5.5 versus 5.8 thousand lines of code.
In the commit description, the author mentions the following reasons for rewriting Binder:
- Binder has been developing for 15 years and during this time its functionality and complexity have increased significantly – the project is at the junction of all Android components and covers many tasks that go beyond IPC:
- correct analysis and transformation of the contents of transactions, which may contain several objects of different types (for example, pointers, file descriptors) interacting with each other;
- control the size of thread pools in user space and ensure that transactions are assigned to threads in a manner that avoids deadlocks when threads in the pool are depleted;
- Keeps track of reference counters of objects shared by multiple processes, correctly forwarding reference counter changes between processes;
- Handles multiple error scenarios and combines 13 different locks, 7 reference counters and atomic variables. At the same time, he must perform such tasks as quickly and correctly as possible.
- The old code accumulated noticeable technical debt, which complicated both the search for errors and further development.
For example, in the cortex there are large functions for more than a thousand lines of code, questionable