| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH5fLgj_BW22yopAdOLpSQaK97eeUAQb4jfn=KgOqNgCJ4CsqQ@mail.gmail.com>
Date: Tue, 19 Nov 2024 12:45:51 +0100
From: Alice Ryhl <aliceryhl@...gle.com>
To: Abdiel Janulgue <abdiel.janulgue@...il.com>
Cc: rust-for-linux@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>,
Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>,
Wedson Almeida Filho <wedsonaf@...il.com>, Valentin Obst <kernel@...entinobst.de>,
open list <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>,
"open list:MEMORY MANAGEMENT" <linux-mm@...ck.org>, airlied@...hat.com
Subject: Re: [PATCH v3 1/2] rust: page: use the page's reference count to
decide when to free the allocation
On Tue, Nov 19, 2024 at 12:24 PM Abdiel Janulgue
<abdiel.janulgue@...il.com> wrote:
>
> Ensure pages returned by the constructor are always reference counted.
> This requires that we replace the page pointer wrapper with Opaque instead
> of NonNull to make it possible to cast to a Page pointer from a raw struct
> page pointer which is needed to create an ARef instance.
>
> Signed-off-by: Abdiel Janulgue <abdiel.janulgue@...il.com>
> -/// A pointer to a page that owns the page allocation.
> +/// A pointer to a reference-counted page.
> ///
> /// # Invariants
> ///
> -/// The pointer is valid, and has ownership over the page.
> +/// The pointer is valid.
> +#[repr(transparent)]
> pub struct Page {
> - page: NonNull<bindings::page>,
> + page: Opaque<bindings::page>,
With this change, Page is no longer a pointer, nor does it contain a
pointer. The documentation should be updated to reflect this.
> // SAFETY: Pages have no logic that relies on them staying on a given thread, so moving them across
> @@ -71,19 +73,23 @@ impl Page {
> /// let page = Page::alloc_page(GFP_KERNEL | __GFP_ZERO)?;
> /// # Ok(()) }
> /// ```
> - pub fn alloc_page(flags: Flags) -> Result<Self, AllocError> {
> + pub fn alloc_page(flags: Flags) -> Result<ARef<Self>, AllocError> {
> // SAFETY: Depending on the value of `gfp_flags`, this call may sleep. Other than that, it
> // is always safe to call this method.
> let page = unsafe { bindings::alloc_pages(flags.as_raw(), 0) };
> - let page = NonNull::new(page).ok_or(AllocError)?;
> - // INVARIANT: We just successfully allocated a page, so we now have ownership of the newly
> - // allocated page. We transfer that ownership to the new `Page` object.
> - Ok(Self { page })
> + if page.is_null() {
> + return Err(AllocError);
> + }
> + // CAST: Self` is a `repr(transparent)` wrapper around `bindings::page`.
> + let ptr = page.cast::<Self>();
> + // INVARIANT: We just successfully allocated a page, ptr points to the new `Page` object.
> + // SAFETY: According to invariant above ptr is valid.
> + Ok(unsafe { ARef::from_raw(NonNull::new_unchecked(ptr)) })
Why did you change the null check? You should be able to avoid
changing anything but the last line.
Alice
Powered by blists - more mailing lists