I have a very old LG LCD tv that has an USB for service only. With a simple universal remote a series of clicks activated the media player function that was supposed to be disabled in that model. Same instructions said that using an infrared emitter connected to an audio jack and playing an mp3 file could achieve the same results. Not exactly the same scenario but it is a bit of a proof of concept.

TV security is probably non existent.

I imagine that more advanced remotes may exist in the future making them a more interesting target.

How would the payload get into the remote in the first place? If it's an antifeature or a built-in backdoor, it can be implemented in Rust just as well. The point is that if the remote is not harmful by itself but the code in it is crappy, then it's basically inexploitable.

So... you agree it it can deliver a payload to the TV to hack the TV, right?

So... you agree it it can deliver a payload to the TV to hack the TV, right?

A remote can send messages to the TV over infrared but never actually receives any input. All it does is react to keypresses, one at a time. So even if the code it runs is theoretically vulnerable as hell, in the context there is basically no way to exploit it.

The remote could be an attack vector for your smart TV, which is basically a computer with a big screen, and may have network access and even a microphone and camera. A cheap TV remote sounds an interesting target. But let's not tell that to the various governments sponsoring high level hacking organizations just yet ;-)

Of course you also need to consider the case for using Rust in the first place on such a ultra low end, ultra cheap microcontroller. If you are writing code for a TV remote, the safety guarantee requirements are exactly zilch, so there is no actual problem with using plain C if it means less workarounds.

Nothing prevents people from writing the same kind of code they were already writing in C though. You don't have to rely on monomorphism at that level. But even if you do, it's still generating code that you would have otherwise have written by hand anyway. And there are ways to give hints to the compiler to encourage it to not inline anything. There's also some useful crates that can automatically convert impl return types into enums, which are 10x faster than trait objects while not needing allocations.

But I wouldn't be so quick to judge the memory consumption of monomorphism. There were prior attempts by Rust's compiler team to investigate automatically converting generic type definitions into dyn traits and trait objects, and it actually generated more code, used more memory, and burned more CPU cycles. This is something that you need to be very careful with measuring.

To my (limited) knowledge, Rust has the same ABI as C. In this sense, any Rust code introduced into the kernel, should be portable going forward. Rust is an awesome addition to Linux, one that will transform the entire kernel into a more stable, less buggy, more easily testable/performant piece of code.