lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6a684f4d-6f95-4c52-b515-73c832f050a8@proton.me>
Date: Sat, 30 Mar 2024 13:35:04 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Wedson Almeida Filho <wedsonaf@...il.com>, rust-for-linux@...r.kernel.org
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, linux-kernel@...r.kernel.org, Wedson Almeida Filho <walmeida@...rosoft.com>
Subject: Re: [PATCH v3 06/10] rust: alloc: introduce the `BoxExt` trait

On 28.03.24 02:35, Wedson Almeida Filho wrote:
> From: Wedson Almeida Filho <walmeida@...rosoft.com>
> 
> Make fallible versions of `new` and `new_uninit` methods available in
> `Box` even though it doesn't implement them because we build `alloc`
> with the `no_global_oom_handling` config.
> 
> They also have an extra `flags` parameter that allows callers to pass
> flags to the allocator.
> 
> Signed-off-by: Wedson Almeida Filho <walmeida@...rosoft.com>
> ---
>   rust/kernel/alloc.rs           |  1 +
>   rust/kernel/alloc/allocator.rs |  2 +-
>   rust/kernel/alloc/box_ext.rs   | 60 ++++++++++++++++++++++++++++++++++
>   rust/kernel/init.rs            | 13 ++++----
>   rust/kernel/prelude.rs         |  2 +-
>   rust/kernel/sync/arc.rs        |  3 +-
>   6 files changed, 72 insertions(+), 9 deletions(-)
>   create mode 100644 rust/kernel/alloc/box_ext.rs

With Boqun's suggestion (feel free to take your variant):

Reviewed-by: Benno Lossin <benno.lossin@...ton.me>

[...]

> +impl<T> BoxExt<T> for Box<T> {
> +    fn new(x: T, flags: Flags) -> Result<Self, AllocError> {
> +        let mut b = <Self as BoxExt<_>>::new_uninit(flags)?;
> +        b.write(x);
> +        // SAFETY: The contents were just initialised in the line above.
> +        Ok(unsafe { b.assume_init() })
> +    }
> +
> +    #[cfg(any(test, testlib))]
> +    fn new_uninit(_flags: Flags) -> Result<Box<MaybeUninit<T>>, AllocError> {
> +        Ok(Box::new_uninit())
> +    }
> +
> +    #[cfg(not(any(test, testlib)))]
> +    fn new_uninit(flags: Flags) -> Result<Box<MaybeUninit<T>>, AllocError> {
> +        let ptr = if core::mem::size_of::<MaybeUninit<T>>() == 0 {
> +            core::ptr::NonNull::<_>::dangling().as_ptr()
> +        } else {
> +            let layout = core::alloc::Layout::new::<MaybeUninit<T>>();
> +
> +            // SAFETY: Memory is being allocated (first arg is null). The only other source of
> +            // safety issues is sleeping on atomic context, which is addressed by klint. Lastly,
> +            // the type is not a SZT (checked above).
> +            let ptr =
> +                unsafe { super::allocator::krealloc_aligned(core::ptr::null_mut(), layout, flags) };

Personally, I would rather import `krealloc_aligned` and not have this
weird formatting here.

-- 
Cheers,
Benno

> +            if ptr.is_null() {
> +                return Err(AllocError);
> +            }
> +
> +            ptr.cast::<MaybeUninit<T>>()
> +        };
> +
> +        // SAFETY: For non-zero-sized types, we allocate above using the global allocator. For
> +        // zero-sized types, we use `NonNull::dangling`.
> +        Ok(unsafe { Box::from_raw(ptr) })
> +    }
> +}

[...]


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ