lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241001193136.7db65bb4.gary@garyguo.net>
Date: Tue, 1 Oct 2024 19:31:36 +0100
From: Gary Guo <gary@...yguo.net>
To: Danilo Krummrich <dakr@...nel.org>
Cc: ojeda@...nel.org, alex.gaynor@...il.com, wedsonaf@...il.com,
 boqun.feng@...il.com, bjorn3_gh@...tonmail.com, benno.lossin@...ton.me,
 a.hindborg@...sung.com, aliceryhl@...gle.com, akpm@...ux-foundation.org,
 daniel.almeida@...labora.com, faith.ekstrand@...labora.com,
 boris.brezillon@...labora.com, lina@...hilina.net, mcanal@...lia.com,
 zhiw@...dia.com, cjia@...dia.com, jhubbard@...dia.com, airlied@...hat.com,
 ajanulgu@...hat.com, lyude@...hat.com, linux-kernel@...r.kernel.org,
 rust-for-linux@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH v8 15/29] rust: alloc: introduce `ArrayLayout`

On Tue,  1 Oct 2024 16:59:50 +0200
Danilo Krummrich <dakr@...nel.org> wrote:

> From: Benno Lossin <benno.lossin@...ton.me>
> 
> When allocating memory for arrays using allocators, the `Layout::array`
> function is typically used. It returns a result, since the given size
> might be too big. However, `Vec` and its iterators store their allocated
> capacity and thus they already did check that the size is not too big.
> 
> The `ArrayLayout` type provides this exact behavior, as it can be
> infallibly converted into a `Layout`. Instead of a `usize` capacity,
> `Vec` and other similar array-storing types can use `ArrayLayout`
> instead.
> 
> Signed-off-by: Benno Lossin <benno.lossin@...ton.me>
> Signed-off-by: Danilo Krummrich <dakr@...nel.org>

Reviewed-by: Gary Guo <gary@...yguo.net>

> ---
>  rust/kernel/alloc.rs        |  1 +
>  rust/kernel/alloc/layout.rs | 91 +++++++++++++++++++++++++++++++++++++
>  2 files changed, 92 insertions(+)
>  create mode 100644 rust/kernel/alloc/layout.rs
> 
> diff --git a/rust/kernel/alloc.rs b/rust/kernel/alloc.rs
> index ebe58247504f..bf143a71d53d 100644
> --- a/rust/kernel/alloc.rs
> +++ b/rust/kernel/alloc.rs
> @@ -5,6 +5,7 @@
>  #[cfg(not(any(test, testlib)))]
>  pub mod allocator;
>  pub mod kbox;
> +pub mod layout;
>  pub mod vec_ext;
>  
>  #[cfg(any(test, testlib))]
> diff --git a/rust/kernel/alloc/layout.rs b/rust/kernel/alloc/layout.rs
> new file mode 100644
> index 000000000000..a9c987aad8fb
> --- /dev/null
> +++ b/rust/kernel/alloc/layout.rs
> @@ -0,0 +1,91 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +//! Memory layout.
> +//!
> +//! Custom layout types extending or improving [`Layout`].
> +
> +use core::{alloc::Layout, marker::PhantomData};
> +
> +/// Error when constructing an [`ArrayLayout`].
> +pub struct LayoutError;
> +
> +/// A layout for an array `[T; n]`.
> +///
> +/// # Invariants
> +///
> +/// - `len * size_of::<T>() <= isize::MAX`
> +pub struct ArrayLayout<T> {
> +    len: usize,
> +    _phantom: PhantomData<fn() -> T>,
> +}
> +
> +impl<T> Clone for ArrayLayout<T> {
> +    fn clone(&self) -> Self {
> +        *self
> +    }
> +}
> +impl<T> Copy for ArrayLayout<T> {}
> +
> +const ISIZE_MAX: usize = isize::MAX as usize;
> +
> +impl<T> ArrayLayout<T> {
> +    /// Creates a new layout for `[T; 0]`.
> +    pub const fn empty() -> Self {
> +        // INVARIANT: `0 * size_of::<T>() <= isize::MAX`
> +        Self {
> +            len: 0,
> +            _phantom: PhantomData,
> +        }
> +    }
> +
> +    /// Creates a new layout for `[T; len]`.
> +    ///
> +    /// # Errors
> +    ///
> +    /// When `len * size_of::<T>()` overflows or when `len * size_of::<T>() > isize::MAX`.
> +    pub const fn new(len: usize) -> Result<Self, LayoutError> {
> +        match len.checked_mul(size_of::<T>()) {
> +            Some(len) if len <= ISIZE_MAX => {
> +                // INVARIANT: we checked above that `len * size_of::<T>() <= isize::MAX`
> +                Ok(Self {
> +                    len,
> +                    _phantom: PhantomData,
> +                })
> +            }
> +            _ => Err(LayoutError),
> +        }
> +    }
> +
> +    /// Creates a new layout for `[T; len]`.
> +    ///
> +    /// # Safety
> +    ///
> +    /// `len` must be a value, for which `len * size_of::<T>() <= isize::MAX` is true.
> +    pub unsafe fn new_unchecked(len: usize) -> Self {

nit: this can also be const, although this can be added when need arise
(or one may use `new(...).unwrap()` in const context, since it doesn't
actually generate a call to `BUG`).

> +        // INVARIANT: By the safety requirements of this function
> +        // `len * size_of::<T>() <= isize::MAX`.
> +        Self {
> +            len,
> +            _phantom: PhantomData,
> +        }
> +    }
> +
> +    /// Returns the number of array elements represented by this layout.
> +    pub const fn len(&self) -> usize {
> +        self.len
> +    }
> +
> +    /// Returns `true` when no array elements are represented by this layout.
> +    pub const fn is_empty(&self) -> bool {
> +        self.len == 0
> +    }
> +}
> +
> +impl<T> From<ArrayLayout<T>> for Layout {
> +    fn from(value: ArrayLayout<T>) -> Self {
> +        let res = Layout::array::<T>(value.len);
> +        // SAFETY: by the type invariant of `ArrayLayout` we have
> +        // `len * size_of::<T>() <= isize::MAX` and thus the result must be `Ok`.
> +        unsafe { res.unwrap_unchecked() }
> +    }
> +}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ