| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DD2UB5P01XW7.1GW33112S22Y@kernel.org> Date: Fri, 26 Sep 2025 17:33:57 +0200 From: "Danilo Krummrich" <dakr@...nel.org> To: "Vlastimil Babka" <vbabka@...e.cz> Cc: "Elijah Wright" <git@...jahs.space>, "Miguel Ojeda" <ojeda@...nel.org>, "Alex Gaynor" <alex.gaynor@...il.com>, "Boqun Feng" <boqun.feng@...il.com>, "Gary Guo" <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, "Benno Lossin" <lossin@...nel.org>, "Andreas Hindborg" <a.hindborg@...nel.org>, "Alice Ryhl" <aliceryhl@...gle.com>, "Trevor Gross" <tmgross@...ch.edu>, <rust-for-linux@...r.kernel.org>, <linux-kernel@...r.kernel.org>, "Lorenzo Stoakes" <lorenzo.stoakes@...cle.com>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, "Uladzislau Rezki" <urezki@...il.com>, <linux-mm@...ck.org> Subject: Re: [PATCH] rust: slab: add basic slab module On Fri Sep 26, 2025 at 5:00 PM CEST, Vlastimil Babka wrote: > On 9/25/25 11:54, Danilo Krummrich wrote: >> (+Cc: Lorenzo, Vlastimil, Liam, Uladzislau, MM) >> >> On Wed Sep 24, 2025 at 9:36 PM CEST, Elijah Wright wrote: >>> this patch adds a basic slab module for kmem_cache, primarily wrapping >>> kmem_cache_create, kmem_cache_alloc, kmem_cache_free, and kmem_cache_destroy. >> >> What's the motivation? >> >> I mean, we will need kmem_cache soon. But the users will all be drivers, e.g. >> the GPU drivers that people work on currently. >> >> Drivers shouldn't use "raw" allocators (such as Kmalloc [1] or Vmalloc [2]), but >> the corresponding "managed" allocation primitives, such as KBox [3], VBox [4], >> KVec, etc. >> >> Therefore, the code below shouldn't be used by drivers directly, hence the >> question for motivation. >> >> In any case, kmem_cache is a special allocator (special as in it can have a >> non-static lifetime in contrast to other kernel allocators) and should be >> integrated with the existing infrastructure in rust/kernel/alloc/. >> >> I think there are multiple options for that; (1) isn't really an option, but I >> think it's good to mention anyways: >> >> (1) Allow for non-zero sized implementations of the Allocator trait [3], such >> that we can store a reference count to the KmemCache. This is necessary to >> ensure that a Box<T, KmemCache> can't out-live the KmemCache itself. >> >> The reason why I said it's not really an option is because it discards the >> option for dynamic dispatch of the generic Box type. >> >> (2) Same as (1), but with a custom Box type. This keeps dynamic dispatch for >> the generic Box type (i.e. KBox, VBox, KVBox), but duplicates quite some >> code and still doesn't allow for dynamic dispatch for the KmemCacheBox. >> >> (3) Implement a macro to generate a custom KmemCache Allocator trait >> implementation for every KmemCache instance with a static lifetime. >> >> This makes KmemCache technically equivalent to the other allocators, such >> as Kmalloc, etc. but obviously has the downside that the KmemCache might >> live much longer than required. > > I don't know enough of Rust to follow why is that. What does mean "much longer"? Nothing Rust specific, I just point out that if the kmemcache does not need to be tied to the module lifetime (but a more narrow scope for whatever reason), it would still need to live as long as the module lives with (3). Which for built-in means forever, which would likely be "much longer". :) >> Technically, most KmemCache instances live for the whole module lifetime, >> so it might be fine though. > > I think so, yeah. > >> (This is what I think Alice proposed.) >> >> (4) Solve the problem on the C side and let kmem_cache_alloc() take care of >> acquiring a reference count to the backing kmem_cache. The main question >> here would be where to store the pointer for decreasing the reference >> count on kmem_cache_free(). > > Pointer to what, the ref counter? If it's part of struct kmem_cache, then we > have pointer to that in kmem_cache_free(). Even when kfree() is used, it can > be (or rather already is) obtained. So that's not the issue (unless I > misunderstand). Yes, the reference count. > But we wouldn't want to pay the cost of the atomic updates of the refcount > for all caches. If done only for Rust-created caches, the implementation > also would better not to add branches to all allocation/free fastpaths. Indeed, that's why I was wondering if you see other options to deal with this in the MM layer, and reading the below, it seems like you even already do. > But also why is this refcounting needed? What would happen on the Rust side > if someone destroyed the cache too early? Well, that's the question. I thought that if the cache is destroyed potential remaining allocations become invalid. If that's the case we have to ensure that all allocations are freed before the cache is destroyed. > In the underlying C implementation > we notice it (reliably AFAICT), warn and abort the destroy (leaving it as a > kind of zombie) so I'd say it's safe. So if Rust needs to know if the > destroy was successful or premature, we could probably just return the > result instead of the current void. The only thing we need on the Rust side is that existing allocations remain valid even if the cache is destroyed. Or the other way around the cache is silently kept alive internally. >> Theoretically, it could be stored within the allocation itself, but it's a >> bit of a yikes. >> >> However, it would resolve all the mentioned problems above. >> >> I'd like to see (3) or (4), also depending on what the MM folks think. >> >> - Danilo >> >> [1] https://rust.docs.kernel.org/kernel/alloc/allocator/struct.Kmalloc.html >> [2] https://rust.docs.kernel.org/kernel/alloc/allocator/struct.Vmalloc.html >> [3] https://rust.docs.kernel.org/kernel/alloc/kbox/type.KBox.html >> [4] https://rust.docs.kernel.org/kernel/alloc/kbox/type.VBox.html >> [5] https://rust.docs.kernel.org/kernel/alloc/trait.Allocator.html
Powered by blists - more mailing lists