| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Mar 2024 13:35:04 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Wedson Almeida Filho <wedsonaf@...il.com>, rust-for-linux@...r.kernel.org
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, linux-kernel@...r.kernel.org, Wedson Almeida Filho <walmeida@...rosoft.com>
Subject: Re: [PATCH v3 06/10] rust: alloc: introduce the `BoxExt` trait
On 28.03.24 02:35, Wedson Almeida Filho wrote:
> From: Wedson Almeida Filho <walmeida@...rosoft.com>
>
> Make fallible versions of `new` and `new_uninit` methods available in
> `Box` even though it doesn't implement them because we build `alloc`
> with the `no_global_oom_handling` config.
>
> They also have an extra `flags` parameter that allows callers to pass
> flags to the allocator.
>
> Signed-off-by: Wedson Almeida Filho <walmeida@...rosoft.com>
> ---
> rust/kernel/alloc.rs | 1 +
> rust/kernel/alloc/allocator.rs | 2 +-
> rust/kernel/alloc/box_ext.rs | 60 ++++++++++++++++++++++++++++++++++
> rust/kernel/init.rs | 13 ++++----
> rust/kernel/prelude.rs | 2 +-
> rust/kernel/sync/arc.rs | 3 +-
> 6 files changed, 72 insertions(+), 9 deletions(-)
> create mode 100644 rust/kernel/alloc/box_ext.rs
With Boqun's suggestion (feel free to take your variant):
Reviewed-by: Benno Lossin <benno.lossin@...ton.me>
[...]
> +impl<T> BoxExt<T> for Box<T> {
> + fn new(x: T, flags: Flags) -> Result<Self, AllocError> {
> + let mut b = <Self as BoxExt<_>>::new_uninit(flags)?;
> + b.write(x);
> + // SAFETY: The contents were just initialised in the line above.
> + Ok(unsafe { b.assume_init() })
> + }
> +
> + #[cfg(any(test, testlib))]
> + fn new_uninit(_flags: Flags) -> Result<Box<MaybeUninit<T>>, AllocError> {
> + Ok(Box::new_uninit())
> + }
> +
> + #[cfg(not(any(test, testlib)))]
> + fn new_uninit(flags: Flags) -> Result<Box<MaybeUninit<T>>, AllocError> {
> + let ptr = if core::mem::size_of::<MaybeUninit<T>>() == 0 {
> + core::ptr::NonNull::<_>::dangling().as_ptr()
> + } else {
> + let layout = core::alloc::Layout::new::<MaybeUninit<T>>();
> +
> + // SAFETY: Memory is being allocated (first arg is null). The only other source of
> + // safety issues is sleeping on atomic context, which is addressed by klint. Lastly,
> + // the type is not a SZT (checked above).
> + let ptr =
> + unsafe { super::allocator::krealloc_aligned(core::ptr::null_mut(), layout, flags) };
Personally, I would rather import `krealloc_aligned` and not have this
weird formatting here.
--
Cheers,
Benno
> + if ptr.is_null() {
> + return Err(AllocError);
> + }
> +
> + ptr.cast::<MaybeUninit<T>>()
> + };
> +
> + // SAFETY: For non-zero-sized types, we allocate above using the global allocator. For
> + // zero-sized types, we use `NonNull::dangling`.
> + Ok(unsafe { Box::from_raw(ptr) })
> + }
> +}
[...]
Powered by blists - more mailing lists