lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <D8GRAC8YQIVC.2LS1EIIIRZU3I@proton.me>
Date: Sat, 15 Mar 2025 10:09:26 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Andrew Ballance <andrewjballance@...il.com>, dakr@...nel.org, airlied@...il.com, simona@...ll.ch, maarten.lankhorst@...ux.intel.com, mripard@...nel.org, tzimmermann@...e.de, corbet@....net, ojeda@...nel.org, alex.gaynor@...il.com, boqun.feng@...il.com, gary@...yguo.net, bjorn3_gh@...tonmail.com, a.hindborg@...nel.org, aliceryhl@...gle.com, tmgross@...ch.edu, acourbot@...dia.com, nouveau@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org
Subject: Re: [PATCH 1/3] rust: alloc: add Vec::truncate method

On Sat Mar 15, 2025 at 3:42 AM CET, Andrew Ballance wrote:
> implements the equivalent to the std's Vec::truncate
> on the kernel's Vec type.
>
> Signed-off-by: Andrew Ballance <andrewjballance@...il.com>
> ---
>  rust/kernel/alloc/kvec.rs | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
>
> diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
> index ae9d072741ce..75e9feebb81f 100644
> --- a/rust/kernel/alloc/kvec.rs
> +++ b/rust/kernel/alloc/kvec.rs
> @@ -452,6 +452,42 @@ pub fn reserve(&mut self, additional: usize, flags: Flags) -> Result<(), AllocEr
>  
>          Ok(())
>      }
> +
> +    /// Shortens the vector, setting the length to `len` and drops the removed values.
> +    /// If `len` is greater than or equal to the current length, this does nothing.
> +    ///
> +    /// This has no effect on the capacity and will not allocate.
> +    /// # Examples
> +    /// ```
> +    /// let mut v = kernel::kvec![1, 2, 3]?;
> +    /// v.truncate(1);
> +    /// assert_eq!(v.len(), 1);
> +    /// assert_eq!(&v, &[1]);
> +    ///
> +    /// # Ok::<(), Error>(())
> +    /// ```
> +    pub fn truncate(&mut self, len: usize) {
> +        if len >= self.len() {
> +            return;
> +        }
> +
> +        // [new_len, len) is guaranteed to be valid because [0, len) is guaranteed to be valid
> +        let drop_range = len..self.len();
> +
> +        // SAFETY:
> +        // we can safely ignore the bounds check because we already did our own check
> +        let ptr: *mut [T] = unsafe { self.get_unchecked_mut(drop_range) };

What's this `get_unchecked_mut` method, I don't see it in `rust-next` or
`alloc-next`.

> +
> +        // SAFETY:
> +        // it is safe to shrink the length because the new length is
> +        // guaranteed to be less than the old length

Please take a look at the documentation of `set_len`, in the safety
section you'll find what you need to justify here.

> +        unsafe { self.set_len(len) };
> +
> +        // SAFETY:

A couple points missing:
- why is the pointer valid?

> +        // - the dropped values are valid `T`s
> +        // - we are allowed to invalidate [new_len, old_len) because we just changed the len

This should justify why the value will never be accessed again.

---
Cheers,
Benno

> +        unsafe { ptr::drop_in_place(ptr) };
> +    }
>  }
>  
>  impl<T: Clone, A: Allocator> Vec<T, A> {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ