| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87355l2hu9.fsf@metaspace.dk>
Date: Fri, 31 Mar 2023 15:03:13 +0200
From: Andreas Hindborg <nmi@...aspace.dk>
To: y86-dev@...tonmail.com
Cc: Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>,
Wedson Almeida Filho <wedsonaf@...il.com>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Alice Ryhl <alice@...l.io>, rust-for-linux@...r.kernel.org,
linux-kernel@...r.kernel.org, patches@...ts.linux.dev,
Andreas Hindborg <a.hindborg@...sung.com>
Subject: Re: [PATCH v3 12/13] rust: sync: reduce stack usage of
`UniqueArc::try_new_uninit`
y86-dev@...tonmail.com writes:
> From: Benno Lossin <y86-dev@...tonmail.com>
>
> `UniqueArc::try_new_uninit` calls `Arc::try_new(MaybeUninit::uninit())`.
> This results in the uninitialized memory being placed on the stack,
> which may be arbitrarily large due to the generic `T` and thus could
> cause a stack overflow for large types.
>
> Change the implementation to use the pin-init API which enables in-place
> initialization. In particular it avoids having to first construct and
> then move the uninitialized memory from the stack into the final location.
>
> Signed-off-by: Benno Lossin <y86-dev@...tonmail.com>
> ---
Reviewed-by Andreas Hindborg <a.hindborg@...sung.com>
> rust/kernel/lib.rs | 1 -
> rust/kernel/sync/arc.rs | 14 ++++++++++++--
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
> index 3e2777d26ff5..d9df77132fa2 100644
> --- a/rust/kernel/lib.rs
> +++ b/rust/kernel/lib.rs
> @@ -27,7 +27,6 @@
> #[cfg(not(CONFIG_RUST))]
> compile_error!("Missing kernel configuration for conditional compilation");
>
> -#[allow(unused_extern_crates)]
> // Allow proc-macros to refer to `::kernel` inside the `kernel` crate (this crate).
> extern crate self as kernel;
>
> diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs
> index 77a3833cc265..4ed6329a5e5f 100644
> --- a/rust/kernel/sync/arc.rs
> +++ b/rust/kernel/sync/arc.rs
> @@ -18,6 +18,7 @@
> use crate::{
> bindings,
> error::{Error, Result},
> + init,
> init::{InPlaceInit, Init, PinInit},
> types::{ForeignOwnable, Opaque},
> };
> @@ -29,6 +30,7 @@ use core::{
> pin::Pin,
> ptr::NonNull,
> };
> +use macros::pin_data;
>
> /// A reference-counted pointer to an instance of `T`.
> ///
> @@ -121,6 +123,7 @@ pub struct Arc<T: ?Sized> {
> _p: PhantomData<ArcInner<T>>,
> }
>
> +#[pin_data]
> #[repr(C)]
> struct ArcInner<T: ?Sized> {
> refcount: Opaque<bindings::refcount_t>,
> @@ -501,9 +504,16 @@ impl<T> UniqueArc<T> {
>
> /// Tries to allocate a new [`UniqueArc`] instance whose contents are not initialised yet.
> pub fn try_new_uninit() -> Result<UniqueArc<MaybeUninit<T>>> {
> - Ok(UniqueArc::<MaybeUninit<T>> {
> + // INVARIANT: The refcount is initialised to a non-zero value.
> + let inner = Box::init(init!(ArcInner {
> + // SAFETY: There are no safety requirements for this FFI call.
> + refcount: Opaque::new(unsafe { bindings::REFCOUNT_INIT(1) }),
> + data <- init::uninit(),
> + }))?;
> + Ok(UniqueArc {
> // INVARIANT: The newly-created object has a ref-count of 1.
> - inner: Arc::try_new(MaybeUninit::uninit())?,
> + // SAFETY: The pointer from the `Box` is valid.
> + inner: unsafe { Arc::from_inner(Box::leak(inner).into()) },
> })
> }
> }
Powered by blists - more mailing lists