Rust in the Linux kernel (Google security blog)

The Google security blog has adetailed article on what a device driver written in Rust looks like."That is, we use Rust's ownership discipline when interacting with Ccode by handing the C portion ownership of a Rust object, allowing it tocall functions implemented in Rust, then eventually giving ownershipback. So as long as the C code is correct, the lifetime of Rust fileobjects work seamlessly as well, with the compiler enforcing correctlifetime management on the Rust side, for example: open cannot returnstack-allocated pointers or heap-allocated objects containing pointers tothe stack, ioctl/read/write cannot free (ormodify without synchronization) the contents of the object stored in filp->private_data, etc."