| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zocv0RFghfk56NHE@boqun-archlinux>
Date: Thu, 4 Jul 2024 16:27:13 -0700
From: Boqun Feng <boqun.feng@...il.com>
To: Danilo Krummrich <dakr@...hat.com>
Cc: ojeda@...nel.org, alex.gaynor@...il.com, wedsonaf@...il.com,
gary@...yguo.net, bjorn3_gh@...tonmail.com, benno.lossin@...ton.me,
a.hindborg@...sung.com, aliceryhl@...gle.com,
daniel.almeida@...labora.com, faith.ekstrand@...labora.com,
boris.brezillon@...labora.com, lina@...hilina.net,
mcanal@...lia.com, zhiw@...dia.com, acurrid@...dia.com,
cjia@...dia.com, jhubbard@...dia.com, airlied@...hat.com,
ajanulgu@...hat.com, lyude@...hat.com, linux-kernel@...r.kernel.org,
rust-for-linux@...r.kernel.org
Subject: Re: [PATCH 15/20] rust: alloc: implement `collect` for `IntoIter`
On Thu, Jul 04, 2024 at 07:06:43PM +0200, Danilo Krummrich wrote:
[...]
> @@ -658,6 +658,87 @@ impl<T, A> IntoIter<T, A>
> fn as_raw_mut_slice(&mut self) -> *mut [T] {
> ptr::slice_from_raw_parts_mut(self.ptr, self.len)
> }
> +
> + fn allocator(&self) -> &A {
> + &self.alloc
> + }
> +
> + fn into_raw_parts(self) -> (*mut T, NonNull<T>, usize, usize, A) {
> + let me = ManuallyDrop::new(self);
> + let ptr = me.ptr;
> + let buf = me.buf;
> + let len = me.len;
> + let cap = me.cap;
> + let alloc = unsafe { ptr::read(me.allocator()) };
> + (ptr, buf, len, cap, alloc)
> + }
> +
[...]
> + pub fn collect(self) -> Result<KVec<T, A>, AllocError> {
> + let (mut ptr, buf, len, mut cap, alloc) = self.into_raw_parts();
We have leaked the `IntoIter` here,
> + let has_advanced = ptr != buf.as_ptr();
> +
> + if has_advanced {
> + // SAFETY: Copy the contents we have advanced to at the beginning of the buffer.
> + // `ptr` is guaranteed to be between `buf` and `buf.add(cap)` and `ptr.add(len)` is
> + // guaranteed to be smaller than `buf.add(cap)`.
> + unsafe { ptr::copy(ptr, buf.as_ptr(), len) };
> + ptr = buf.as_ptr();
> + }
> +
> + // Do not allow for too much spare capacity.
> + if len < cap / 2 {
> + let layout = core::alloc::Layout::array::<T>(len).map_err(|_| AllocError)?;
> + // SAFETY: `ptr` points to the start of the backing buffer, `cap` is the capacity of
> + // the original `KVec` and `len` is guaranteed to be smaller than `cap`. Depending on
> + // `alloc` this operation may shrink the buffer or leaves it as it is.
> + ptr = unsafe {
> + alloc.realloc(ptr.cast(), KVec::<T>::buffer_size(cap)?, layout, GFP_KERNEL)
> + }?
and if `realloc` fails, we end up leaking memory, right? A simple fix
would be continuing if `realloc` fails. Maybe you could even make this
function returns `KVec<T,A>` instead of a `Result`.
Regards,
Boqun
> + .as_ptr()
> + .cast();
> + cap = len;
> + }
> +
> + // SAFETY: If the iterator has been advanced, the advanced elements have been copied to
> + // the beginning of the buffer and `len` has been adjusted accordingly. `ptr` is guaranteed
> + // to point to the start of the backing buffer. `cap` is either the original capacity or,
> + // after shrinking the buffer, equal to `len`. `alloc` is guaranteed to be unchanged since
> + // `into_iter` has been called on the original `KVec`.
> + Ok(unsafe { KVec::from_raw_parts_alloc(ptr, len, cap, alloc) })
> + }
> }
>
> impl<T, A> Iterator for IntoIter<T, A>
> --
> 2.45.2
>
Powered by blists - more mailing lists