OpenVMM – A New VMM for Windows and Linux, Written in Rust

Original Article ↗ Hacker News Discussion ↗

Role of Rust and “Written in Rust” Branding

  • Large part of the thread debates why “written in Rust” appears in titles.
  • Some see it as useful metadata (language matters for security, maintainability, ecosystem, and whether one wants to contribute).
  • Others see it as hype, tribalism, or a marketing gimmick that overshadows a project’s actual features.
  • Comparisons are drawn to earlier waves of “written in Ruby/Go/Python/Lisp/COBOL” style promotion.
  • A few argue that for systems like a VMM, Rust is a real feature: memory safety and safer abstractions are important in hypervisors.
  • Skeptics counter that security still depends on testing, careful use of unsafe, clear invariants, and possibly formal methods.

Rust Safety vs. unsafe and Developer Practices

  • It’s noted that Rust’s “trustworthiness” comes from guardrails that prevent many common C/C++ bugs.
  • OpenVMM reportedly has ~1750 unsafe blocks among ~400k+ lines of Rust, prompting discussion of how much unsafety is required.
  • Several comments stress that unsafe is only dangerous if misused; documenting and asserting invariants is key.
  • Tooling like clippy and cargo-geiger are mentioned for tracking/documenting unsafe usage.

OpenVMM / OpenHCL Characteristics

  • OpenVMM is a cross‑platform virtual machine monitor for Windows and Linux, used in Azure.
  • Docs include a disclaimer: poor “polish” for traditional host usage and no API or feature stability guarantees.
  • Recent work focuses on OpenHCL, a paravisor model built atop Hyper‑V’s Virtual Trust Levels.
  • OpenHCL’s concept: expose only modern paravirtual devices to the real host, then run a paravisor inside the guest that emulates legacy devices for older OSes, reducing attack surface.
  • Some consider OpenHCL more interesting than OpenVMM itself.

Dependencies, Size, and Documentation

  • Cargo.lock is very large; discussion notes many internal crates and broad dependency coverage for all platforms and features.
  • Tools like cargo tree are suggested for a clearer dependency view.
  • The codebase size (≈ half a million Rust lines) surprises some.
  • Some criticize incomplete user docs and missing acronym expansion (VMM) in early text.

Meta and Community Dynamics

  • Multiple comments note that Rust-in-title threads attract language flamewars and “rage-click bait,” sometimes overshadowing technical discussion.