lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zocv0RFghfk56NHE@boqun-archlinux>
Date: Thu, 4 Jul 2024 16:27:13 -0700
From: Boqun Feng <boqun.feng@...il.com>
To: Danilo Krummrich <dakr@...hat.com>
Cc: ojeda@...nel.org, alex.gaynor@...il.com, wedsonaf@...il.com,
	gary@...yguo.net, bjorn3_gh@...tonmail.com, benno.lossin@...ton.me,
	a.hindborg@...sung.com, aliceryhl@...gle.com,
	daniel.almeida@...labora.com, faith.ekstrand@...labora.com,
	boris.brezillon@...labora.com, lina@...hilina.net,
	mcanal@...lia.com, zhiw@...dia.com, acurrid@...dia.com,
	cjia@...dia.com, jhubbard@...dia.com, airlied@...hat.com,
	ajanulgu@...hat.com, lyude@...hat.com, linux-kernel@...r.kernel.org,
	rust-for-linux@...r.kernel.org
Subject: Re: [PATCH 15/20] rust: alloc: implement `collect` for `IntoIter`

On Thu, Jul 04, 2024 at 07:06:43PM +0200, Danilo Krummrich wrote:
[...]
> @@ -658,6 +658,87 @@ impl<T, A> IntoIter<T, A>
>      fn as_raw_mut_slice(&mut self) -> *mut [T] {
>          ptr::slice_from_raw_parts_mut(self.ptr, self.len)
>      }
> +
> +    fn allocator(&self) -> &A {
> +        &self.alloc
> +    }
> +
> +    fn into_raw_parts(self) -> (*mut T, NonNull<T>, usize, usize, A) {
> +        let me = ManuallyDrop::new(self);
> +        let ptr = me.ptr;
> +        let buf = me.buf;
> +        let len = me.len;
> +        let cap = me.cap;
> +        let alloc = unsafe { ptr::read(me.allocator()) };
> +        (ptr, buf, len, cap, alloc)
> +    }
> +
[...]
> +    pub fn collect(self) -> Result<KVec<T, A>, AllocError> {
> +        let (mut ptr, buf, len, mut cap, alloc) = self.into_raw_parts();

We have leaked the `IntoIter` here,

> +        let has_advanced = ptr != buf.as_ptr();
> +
> +        if has_advanced {
> +            // SAFETY: Copy the contents we have advanced to at the beginning of the buffer.
> +            // `ptr` is guaranteed to be between `buf` and `buf.add(cap)` and `ptr.add(len)` is
> +            // guaranteed to be smaller than `buf.add(cap)`.
> +            unsafe { ptr::copy(ptr, buf.as_ptr(), len) };
> +            ptr = buf.as_ptr();
> +        }
> +
> +        // Do not allow for too much spare capacity.
> +        if len < cap / 2 {
> +            let layout = core::alloc::Layout::array::<T>(len).map_err(|_| AllocError)?;
> +            // SAFETY: `ptr` points to the start of the backing buffer, `cap` is the capacity of
> +            // the original `KVec` and `len` is guaranteed to be smaller than `cap`. Depending on
> +            // `alloc` this operation may shrink the buffer or leaves it as it is.
> +            ptr = unsafe {
> +                alloc.realloc(ptr.cast(), KVec::<T>::buffer_size(cap)?, layout, GFP_KERNEL)
> +            }?

and if `realloc` fails, we end up leaking memory, right? A simple fix
would be continuing if `realloc` fails. Maybe you could even make this
function returns `KVec<T,A>` instead of a `Result`.

Regards,
Boqun

> +            .as_ptr()
> +            .cast();
> +            cap = len;
> +        }
> +
> +        // SAFETY: If the iterator has been advanced, the advanced elements have been copied to
> +        // the beginning of the buffer and `len` has been adjusted accordingly. `ptr` is guaranteed
> +        // to point to the start of the backing buffer. `cap` is either the original capacity or,
> +        // after shrinking the buffer, equal to `len`. `alloc` is guaranteed to be unchanged since
> +        // `into_iter` has been called on the original `KVec`.
> +        Ok(unsafe { KVec::from_raw_parts_alloc(ptr, len, cap, alloc) })
> +    }
>  }
>  
>  impl<T, A> Iterator for IntoIter<T, A>
> -- 
> 2.45.2
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ