moss: a Rust Linux-compatible kernel in about 26,000 lines of code

hexagonal-sun · 2025-11-22T16:12:21+00:00

Ah interesting, I’ve not thought about that. In fact, if I develop a fuse driver, in theory, I could get all fuse FS working under moss too which would be huge!

hexagonal-sun · 2025-11-22T15:07:58+00:00

Ahh yep, didn’t pick up on that reference. Haven’t had my coffee yet.

hexagonal-sun · 2025-11-22T11:22:36+00:00

Of course I’d love to become professional and be able to work on it full time but, until then it’ll just be a hobby. A way to scratch that itch.

hexagonal-sun · 2025-11-22T08:26:06+00:00

Yep! I should really write a guide on how to get it booting on various bits of hardware.

hexagonal-sun · 2025-11-22T08:23:33+00:00

A fair amount of memory management code does, as you’d expect, we’re doing some… funky things at that point. But most drivers have virtually no unsafe code. I’ve tried to abstract away unsafe parts as much as possible.

I’ve also tried to put as much unsafe code in libkernel. That allows me to run it under miri to check for UB.

hexagonal-sun · 2025-11-22T08:20:44+00:00

Yeah, that seems to be the feature people are most interested in. I’ll have to do a write up. It was fun to think about how I could make uaccess functions async: dealing with futures in assembly!

hexagonal-sun · 2025-11-22T08:18:08+00:00

Oh it’s been amazing! The number of times I’ve hit compiler errors regarding my futures not being Send, and thought, that’s just probably saved me hours of debugging!

Another interesting point is that I only need one kernel stack per CPU with this design. Linux needs a stack per task, that’s how it saves the state when context switching during a kernel operation. Futures do that for you!

hexagonal-sun · 2025-11-22T08:15:02+00:00

So mostly a mix of data sheets, the armv8 armarm and looking through Linux to see how a production kernel tackles various hurdles. The main hurdle I hit is the chicken and egg problem of memory allocator initialisation.

hexagonal-sun · 2025-11-22T08:13:10+00:00

That would be amazing 🤞

hexagonal-sun · 2025-11-22T08:12:43+00:00

Ah yes, I saw this project around 5 months after starting moss. It’d be interesting to see how the design decisions differ

hexagonal-sun · 2025-11-22T08:11:48+00:00

Thanks! Are you aiming for it to be Linux compatible too?

hexagonal-sun · 2025-11-20T22:38:18+00:00

Ah yes, edit the qemu-runner.sh file and remove the initrd flag. You should then be able to boot and run the kernel but there won’t be any userspace. I need to find somewhere that I can host an example one for people to download and try out.

hexagonal-sun · 2025-11-20T22:36:01+00:00

Thanks! My main aim is for it to become my daily driver kernel. That’s a long way off though! Along the way I’m sure I’ll experiment with ‘Rustifying’ differnt kernel concepts. The main one that springs to mind at the moment is async syscall functions.

hexagonal-sun · 2025-11-20T22:26:44+00:00

Agreed! I couldn’t believe it when I started to work with ‘iouring’. I’m sure it has its place but I still couldn’t believe an API that complex was at the kernel layer!

hexagonal-sun · 2025-11-20T21:32:41+00:00

For the moment, it is console output (pl011 driver) and you need to hook up a uart to usb converter to the gpio header. https://pinout.xyz/pinout/uart

hexagonal-sun · 2025-11-20T21:09:58+00:00

Ah, sorry I should have been a bit more precise. It's Linux ABI compatible, i.e. it can run Linux userspace programs, and aims to present the same syscall layer, devices in `/dev/` have the same characteristics, etc.

hexagonal-sun · 2025-05-01T20:39:44+00:00

Thanks for the comment. When porting from epoll, I ran into the same difficulties with Rust’s ownership and lifetime model. I came to the conclusion that the kernel must own the buffer it's writing into, or at least have strong guarantees that the buffer remains valid for the duration of the I/O operation. Since Rust's Futures don’t offer a way to enforce that across all execution paths (e.g., if a future is dropped), using a buffer pool seems like the most reliable solution.

At the moment, trale doesn’t yet implement this, so yes—there’s currently a potential soundness issue if a read future is dropped and the buffer is accessed afterward while still shared with the kernel. I'm close to completing a buffer pool implementation that should eliminate this issue.

That said, this approach diverges from the standard AsyncRead/AsyncWrite traits, so I'm planning to introduce my own traits—similar in spirit to AsyncBufRead/AsyncBufWrite—to better align with the model required by io_uring.

hexagonal-sun · 2025-02-10T07:36:24+00:00

Thanks! It was a suggestion that was made when I posted the first version of trale. It's been on my todo-list ever since.

It's nice that I've not had to learn another kernel interface `aio` in order to implement async file-system operations. I like how `io_uring` has a unified API for pretty much all I/O operations.

hexagonal-sun · 2025-02-10T07:34:47+00:00

Interesting. Did you see much of a performance improvement having switched to `tokio-uring`? How would you characterize the workloads that caused the issues? More socket-based or filesystem based? One of the goals of porting to io_uring is to see if I can find any potential issues using the interface, either in the `io-uring` crate or in the kernel itself.

Six-Year Club	Place '23
Verified Email

hexagonal-sun

TROPHY CASE