| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251008181027.662616-3-markus.probst@posteo.de>
Date: Wed, 08 Oct 2025 18:10:45 +0000
From: Markus Probst <markus.probst@...teo.de>
To: Lee Jones <lee@...nel.org>,
Pavel Machek <pavel@...nel.org>,
Danilo Krummrich <dakr@...nel.org>,
Miguel Ojeda <ojeda@...nel.org>,
Alex Gaynor <alex.gaynor@...il.com>,
Igor Korotin <igor.korotin.linux@...il.com>
Cc: Markus Probst <markus.probst@...teo.de>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
Vlastimil Babka <vbabka@...e.cz>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Uladzislau Rezki <urezki@...il.com>,
Boqun Feng <boqun.feng@...il.com>,
Gary Guo <gary@...yguo.net>,
bjorn3_gh@...tonmail.com,
Benno Lossin <lossin@...nel.org>,
Andreas Hindborg <a.hindborg@...nel.org>,
Alice Ryhl <aliceryhl@...gle.com>,
Trevor Gross <tmgross@...ch.edu>,
Daniel Almeida <daniel.almeida@...labora.com>,
linux-leds@...r.kernel.org,
rust-for-linux@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 2/4] rust: add pinned wrapper of Vec
Implement a wrapper of Vec that guarantees that its content will never be
moved, unless the item implements Unpin, allowing PinInit to be
initialized on the Vec.
Signed-off-by: Markus Probst <markus.probst@...teo.de>
---
rust/kernel/alloc/kvec.rs | 86 +++++++++++++++++++++++++++++++++++++++
1 file changed, 86 insertions(+)
diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
index 3c72e0bdddb8..3576929b2e12 100644
--- a/rust/kernel/alloc/kvec.rs
+++ b/rust/kernel/alloc/kvec.rs
@@ -21,6 +21,7 @@
slice,
slice::SliceIndex,
};
+use pin_init::PinInit;
mod errors;
pub use self::errors::{InsertError, PushError, RemoveError};
@@ -109,6 +110,11 @@ pub struct Vec<T, A: Allocator> {
_p: PhantomData<A>,
}
+/// A pinned wrapper of the [`Vec`] type.
+///
+/// It is guaranteed that the contents will never be moved, unless T implements Unpin.
+pub struct PinnedVec<T, A: Allocator>(Vec<T, A>);
+
/// Type alias for [`Vec`] with a [`Kmalloc`] allocator.
///
/// # Examples
@@ -121,6 +127,8 @@ pub struct Vec<T, A: Allocator> {
/// # Ok::<(), Error>(())
/// ```
pub type KVec<T> = Vec<T, Kmalloc>;
+/// Type alias for [`PinnedVec`] with a [`Kmalloc`] allocator.
+pub type KPinnedVec<T> = PinnedVec<T, Kmalloc>;
/// Type alias for [`Vec`] with a [`Vmalloc`] allocator.
///
@@ -134,6 +142,8 @@ pub struct Vec<T, A: Allocator> {
/// # Ok::<(), Error>(())
/// ```
pub type VVec<T> = Vec<T, Vmalloc>;
+/// Type alias for [`PinnedVec`] with a [`Vmalloc`] allocator.
+pub type VPinnedVec<T> = PinnedVec<T, Vmalloc>;
/// Type alias for [`Vec`] with a [`KVmalloc`] allocator.
///
@@ -147,6 +157,8 @@ pub struct Vec<T, A: Allocator> {
/// # Ok::<(), Error>(())
/// ```
pub type KVVec<T> = Vec<T, KVmalloc>;
+/// Type alias for [`PinnedVec`] with a [`KVmalloc`] allocator.
+pub type KVPinnedVec<T> = PinnedVec<T, KVmalloc>;
// SAFETY: `Vec` is `Send` if `T` is `Send` because `Vec` owns its elements.
unsafe impl<T, A> Send for Vec<T, A>
@@ -1294,6 +1306,80 @@ fn drop(&mut self) {
}
}
+impl<T, A: Allocator> PinnedVec<T, A> {
+ /// Creates a new [`PinnedVec`] instance with at least the given capacity.
+ pub fn with_capacity(capacity: usize, flags: Flags) -> Result<Self, AllocError> {
+ Vec::with_capacity(capacity, flags).map(Self)
+ }
+
+ /// Shortens the vector, setting the length to `len` and drops the removed values.
+ /// If `len` is greater than or equal to the current length, this does nothing.
+ ///
+ /// This has no effect on the capacity and will not allocate.
+ pub fn truncate(&mut self, len: usize) {
+ self.0.truncate(len);
+ }
+
+ /// Pin-initializes P and appends it to the back of the [`Vec`] instance without reallocating.
+ pub fn push_pin_init<E, P: PinInit<T, E>>(&mut self, init: P) -> Result<(), E>
+ where
+ E: From<PushError<P>>,
+ {
+ if self.0.len() < self.0.capacity() {
+ let spare = self.0.spare_capacity_mut();
+ // SAFETY: the length is less than the capacity, so `spare` is non-empty.
+ unsafe { init.__pinned_init(spare.get_unchecked_mut(0).as_mut_ptr())? };
+ // SAFETY: We just initialised the first spare entry, so it is safe to
+ // increase the length by 1. We also know that the new length is <= capacity.
+ unsafe { self.0.inc_len(1) };
+ Ok(())
+ } else {
+ Err(E::from(PushError(init)))
+ }
+ }
+
+ /// Removes the last element from a vector and drops it returning true, or false if it is empty.
+ pub fn pop(&mut self) -> bool {
+ if self.is_empty() {
+ return false;
+ }
+
+ // SAFETY: We just checked that the length is at least one.
+ let ptr: *mut [T] = unsafe { self.0.dec_len(1) };
+
+ // SAFETY: the contract of `dec_len` guarantees that the elements in `ptr` are
+ // valid elements whose ownership has been transferred to the caller.
+ unsafe { ptr::drop_in_place(ptr) };
+ true
+ }
+}
+
+impl<T, A: Allocator> Deref for PinnedVec<T, A> {
+ type Target = Vec<T, A>;
+
+ fn deref(&self) -> &Self::Target {
+ &self.0
+ }
+}
+
+impl<T: Unpin, A: Allocator> DerefMut for PinnedVec<T, A> {
+ fn deref_mut(&mut self) -> &mut Self::Target {
+ &mut self.0
+ }
+}
+
+impl<T, A: Allocator> From<Vec<T, A>> for PinnedVec<T, A> {
+ fn from(value: Vec<T, A>) -> Self {
+ Self(value)
+ }
+}
+
+impl<T: Unpin, A: Allocator> From<PinnedVec<T, A>> for Vec<T, A> {
+ fn from(value: PinnedVec<T, A>) -> Self {
+ value.0
+ }
+}
+
#[macros::kunit_tests(rust_kvec_kunit)]
mod tests {
use super::*;
--
2.49.1
Powered by blists - more mailing lists