Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2915020lqp; Mon, 25 Mar 2024 12:57:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXtk2JQmj1GEfchSfdqq/AGe7QLewks/0fQtJa2846FJju4X2ovWCod+C4iQb0ALkNe0V0jorVdlTZ0ndrEjy2j3L/PmN/zB+jXG8I+wg== X-Google-Smtp-Source: AGHT+IG6zVnW+Y9Om8sBuKkjdpDfeUIUQia88hvczEygO1raTNHQk3aSyij5Pp2t9rLN3f6M84pL X-Received: by 2002:a17:907:77ce:b0:a46:d049:6de2 with SMTP id kz14-20020a17090777ce00b00a46d0496de2mr4441216ejc.70.1711396661706; Mon, 25 Mar 2024 12:57:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711396661; cv=pass; d=google.com; s=arc-20160816; b=yv8I5/R3FbYFTD9TQkGsif1+xTgbPAZbagRxIvwo9QvvlZr8ArZ6rI1d5VluqmciTR JkyMDYFDpVm1G6ncGX0NKf4dv/YbHq5dWD0AOCzOrGnawZEdtYgu/sylRQb/D9kFQFn8 bxvk6aiAYMfhv/JQi6LxvWqZEEOSLld0iQ/una9jEaBGqhJiGunzf1SwrvJeFugtYzkg QBP+eCuk9xp+OerhhKFbtmLHwSnmI8qQSBAMsHX7yxJaeITDNBtsLhAv6l8B/A2txk4g eRFRM26wumycUMu/GuiLAUUJxdKtMcH/jngGJWz5ax6QgUzVfT7zUENZ3tnVaAPsFcE3 B+8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Xj2xWepv2M8X4xt2BulvEacjlpsCTBac7QzvQX5RaT8=; fh=muXUG2JKydGoXIyj0dyuFt/JLdnXz9QCBTzezDpIfe4=; b=PjnDXgVNWb1yJDtNfWE0kCvTrPe21QcECGwh5TYM0bBRlOuE5y+p9fg4Ik+CsuIP3b UASDFA+oUHwGoHav1u3CMOmuVT71o9JRun34688XfPq6rycCfxKVDnSn214o2Jk/3VmE d8I4zYPO75Lrb27Hj4PCeqI0/Affik6vzOHcgEGJFKi8UdRZhywU1VrNo2dDvoombtK1 7KYLNmrjk2HYweg9xtGYQRR7TqbH6VpcBc3yGzzHrKQshpeMre2P2FR/2lwCnt9mlXQ9 o0S92J0gxn/mGw/1xJcG6syvqMl0kxjzrcTB1ooFqHzJqLR21H5gsG+rJd476ut5X6Dn Gz3w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lrX0Ykgh; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-117869-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117869-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id f14-20020a17090631ce00b00a472f8c7436si2841105ejf.364.2024.03.25.12.57.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 12:57:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-117869-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lrX0Ykgh; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-117869-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117869-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 29C0B1FA1710 for ; Mon, 25 Mar 2024 19:57:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 92A6D59157; Mon, 25 Mar 2024 19:55:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lrX0Ykgh" Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A043758AA9; Mon, 25 Mar 2024 19:55:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711396530; cv=none; b=t5l7iya5Ssim9HuUQy/toggQ654LHo6x6z7B+TRZoTrxBdL/CDr6mzWyZyTXwGd7hMCifsrJBCMfxxCt+4m6nh+oyh0tB/UF8Po6PXHiYBaExDJKcYn5kz9hlcAgp9I018N1n3gw5TGutt1I1by/bMvV0iMYas5iPhL3zXvWaH4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711396530; c=relaxed/simple; bh=4IrKKSKtiozNgd98UpWJR5xewJfO+Hu/zi9nHVNZzlE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FBJmsXecO+HSXLndrjMt7mk9tJKSdIUDrjxrfsNTzYJWNURx/yk8sAlpgyDTCtQJgdB25HGSPEX3B3QG+UwGs9kYwu7NGCH0HE42Us9fexFOGIwjQGDIEGS/0OzIu48dberQ2o79oeUSonczfgeIXD0cc+pK+SlR9VxRDkWhJqk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lrX0Ykgh; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1e0ae065d24so14569645ad.1; Mon, 25 Mar 2024 12:55:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711396528; x=1712001328; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xj2xWepv2M8X4xt2BulvEacjlpsCTBac7QzvQX5RaT8=; b=lrX0Ykgh7t64RHdgsyVVyZYqqHrFUxMslP0j0GhQ0nWMQSSd8ugTA2Er4nOGgWBFrz gaRg1Z7GXwinf45kGOGRxhbIokchXRvfp7DoFrqPfu+X28ETlRHPGZ7bXNplkNS3D2YM Gyu0GLgm0VO7oGzKUPz0s3mY3QNe9BYfVuZH91tGDe8eNV+LTM1w6ae+IOInQrR7me4z dyoeQYJQ9T47JJJdD3NfjZT0QCtlc5nRlElmUhUWdqZ/Px7Wvn835Mi7M3ukZmAuGv43 ZhM95w4THoTZusojC4PCHbxgwvoyVItGI4EvDkJYBqRzCS2bpowxd6UurfZ8XxMfyWY9 3vvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711396528; x=1712001328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xj2xWepv2M8X4xt2BulvEacjlpsCTBac7QzvQX5RaT8=; b=NquSulVJQpGqIezaAjJoc9IqsMR4TCTnAgF2N3BX7P5db0GMoy2ha4Kcx5ImSikeYb qgbUh/r8MF3p1Fo7Zw2IiXEJrSW4GSSX7yYCqokyQPXgatbt+LJl+LOzXqpcOCpxZ083 XqQGNcZa4sQO+EWFdIKDfAfro7/munTSZPbr67VlBb1gAuXqnMyh71SSK8DvbPkkifmq xmUfjLciGCrnoWtKALDSQ7erHa165RqzjcvsrJLJxhf/fMrf3DBZy0WYZKg5C4pxgjBK 4jLIe3gM9+E0XGAswffqtvE0CyUEKf8degzrOY3t9M3Sij3lnqOTfrYmHv46UnmH2rjB VL3Q== X-Forwarded-Encrypted: i=1; AJvYcCWY87jPYaHzmaxQiyKGk8+jBN1qjUoT5Oau6uirHTU4rWv6xQUIAequ6u3+GeXJDKjKHr+SrSzHjkmZs4kUxt/OLJtAKShUwybsrDYO X-Gm-Message-State: AOJu0Yz97Qzzs/AyG82Pvsm80Df/Z3tThzMLHgDNXlNsEbjaejjXaIZi TLW1+KJVIZqokhmAV2fE/C8R/Bh/jKgOpZ4U5UupBy2JfFi0wMLlOoxn+dJC X-Received: by 2002:a17:902:d489:b0:1e0:c37d:cfb5 with SMTP id c9-20020a170902d48900b001e0c37dcfb5mr3207780plg.22.1711396527942; Mon, 25 Mar 2024 12:55:27 -0700 (PDT) Received: from wedsonaf-dev.home.lan ([189.124.190.154]) by smtp.googlemail.com with ESMTPSA id q1-20020a170902dac100b001e06c1eee22sm5099585plx.74.2024.03.25.12.55.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 12:55:27 -0700 (PDT) From: Wedson Almeida Filho To: rust-for-linux@vger.kernel.org Cc: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , linux-kernel@vger.kernel.org, Wedson Almeida Filho Subject: [PATCH 07/10] rust: alloc: update `VecExt` to take allocation flags Date: Mon, 25 Mar 2024 16:54:15 -0300 Message-Id: <20240325195418.166013-8-wedsonaf@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240325195418.166013-1-wedsonaf@gmail.com> References: <20240325195418.166013-1-wedsonaf@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Wedson Almeida Filho We also rename the methods by removing the `try_` prefix since the names are available due to our usage of the `no_global_oom_handling` config when building the `alloc` crate. Signed-off-by: Wedson Almeida Filho --- rust/kernel/alloc/vecext.rs | 106 ++++++++++++++++++++++++++++------- rust/kernel/lib.rs | 1 - rust/kernel/str.rs | 6 +- rust/kernel/types.rs | 4 +- samples/rust/rust_minimal.rs | 6 +- 5 files changed, 95 insertions(+), 28 deletions(-) diff --git a/rust/kernel/alloc/vecext.rs b/rust/kernel/alloc/vecext.rs index 59e92bab534e..1d4d51b45a49 100644 --- a/rust/kernel/alloc/vecext.rs +++ b/rust/kernel/alloc/vecext.rs @@ -2,51 +2,119 @@ //! Extensions to [`Vec`] for fallible allocations. -use alloc::{collections::TryReserveError, vec::Vec}; -use core::result::Result; +use super::Flags; +use alloc::{alloc::AllocError, vec::Vec}; +use core::{mem::ManuallyDrop, result::Result}; /// Extensions to [`Vec`]. pub trait VecExt: Sized { /// Creates a new [`Vec`] instance with at least the given capacity. - fn try_with_capacity(capacity: usize) -> Result; + fn with_capacity(capacity: usize, flags: Flags) -> Result; /// Appends an element to the back of the [`Vec`] instance. - fn try_push(&mut self, v: T) -> Result<(), TryReserveError>; + fn push(&mut self, v: T, flags: Flags) -> Result<(), AllocError>; /// Pushes clones of the elements of slice into the [`Vec`] instance. - fn try_extend_from_slice(&mut self, other: &[T]) -> Result<(), TryReserveError> + fn extend_from_slice(&mut self, other: &[T], flags: Flags) -> Result<(), AllocError> where T: Clone; + + /// Ensures that the capacity exceeds the length by at least `additional` elements. + fn reserve(&mut self, additional: usize, flags: Flags) -> Result<(), AllocError>; } impl VecExt for Vec { - fn try_with_capacity(capacity: usize) -> Result { + fn with_capacity(capacity: usize, flags: Flags) -> Result { let mut v = Vec::new(); - v.try_reserve(capacity)?; + >::reserve(&mut v, capacity, flags)?; Ok(v) } - fn try_push(&mut self, v: T) -> Result<(), TryReserveError> { - if let Err(retry) = self.push_within_capacity(v) { - self.try_reserve(1)?; - let _ = self.push_within_capacity(retry); - } + fn push(&mut self, v: T, flags: Flags) -> Result<(), AllocError> { + >::reserve(self, 1, flags)?; + let (ptr, len, cap) = destructure(self); + // SAFETY: ptr is valid for `cap` elements. And `cap` is greater (by at least 1) than + // `len` because of the call to `reserve` above. So the pointer after offsetting by `len` + // elements is valid for write. + unsafe { ptr.wrapping_add(len).write(v) }; + + // SAFETY: The only difference from the values returned by `destructure` is that `length` + // is incremented by 1, which is fine because we have just initialised the element at + // offset `length`. + unsafe { rebuild(self, ptr, len + 1, cap) }; Ok(()) } - fn try_extend_from_slice(&mut self, other: &[T]) -> Result<(), TryReserveError> + fn extend_from_slice(&mut self, other: &[T], flags: Flags) -> Result<(), AllocError> where T: Clone, { - let extra_cap = self.capacity() - self.len(); - if extra_cap > 0 { - self.try_reserve(extra_cap)?; - } - + >::reserve(self, other.len(), flags)?; for item in other { - self.try_push(item.clone())?; + >::push(self, item.clone(), flags)?; } + Ok(()) + } + #[cfg(any(test, testlib))] + fn reserve(&mut self, additional: usize, _flags: Flags) -> Result<(), AllocError> { + Vec::reserve(self, additional); Ok(()) } + + #[cfg(not(any(test, testlib)))] + fn reserve(&mut self, additional: usize, flags: Flags) -> Result<(), AllocError> { + let len = self.len(); + let cap = self.capacity(); + + if cap - len >= additional { + return Ok(()); + } + + if core::mem::size_of::() == 0 { + // The capacity is already `usize::MAX` for SZTs, we can't go higher. + return Err(AllocError); + } + + // We know cap is <= `isize::MAX` because `Layout::array` fails if the resulting byte size + // is greater than `isize::MAX`. So the multiplication by two won't overflow. + let new_cap = core::cmp::max(cap * 2, len.checked_add(additional).ok_or(AllocError)?); + let layout = core::alloc::Layout::array::(new_cap).map_err(|_| AllocError)?; + + let (ptr, len, cap) = destructure(self); + + // SAFETY: `ptr` is valid because it's either NULL or comes from a previous call to + // `krealloc_aligned`. We also verified that the type is not a ZST. + let new_ptr = unsafe { super::allocator::krealloc_aligned(ptr.cast(), layout, flags.0) }; + if new_ptr.is_null() { + // SAFETY: We are just rebuilding the existing `Vec` with no changes. + unsafe { rebuild(self, ptr, len, cap) }; + Err(AllocError) + } else { + // SAFETY: `ptr` has been reallocated with the layout for `new_cap` elements. New cap + // is greater than `cap`, so it continues to be >= `len`. + unsafe { rebuild(self, new_ptr.cast::(), len, new_cap) }; + Ok(()) + } + } +} + +fn destructure(v: &mut Vec) -> (*mut T, usize, usize) { + let mut tmp = Vec::new(); + core::mem::swap(&mut tmp, v); + let mut tmp = ManuallyDrop::new(tmp); + let len = tmp.len(); + let cap = tmp.capacity(); + (tmp.as_mut_ptr(), len, cap) +} + +/// Rebuilds a `Vec` from a pointer, length, and capacity. +/// +/// # Safety +/// +/// The same as [`Vec::from_raw_parts`]. +unsafe fn rebuild(v: &mut Vec, ptr: *mut T, len: usize, cap: usize) { + // SAFETY: The safety requirements from this function satisfy those of `from_raw_parts`. + let mut tmp = unsafe { Vec::from_raw_parts(ptr, len, cap) }; + core::mem::swap(&mut tmp, v); } diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 7f2841a18d05..51f30e55bd00 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -19,7 +19,6 @@ #![feature(offset_of)] #![feature(receiver_trait)] #![feature(unsize)] -#![feature(vec_push_within_capacity)] // Ensure conditional compilation based on the kernel configuration works; // otherwise we may silently break things like initcall handling. diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs index 183748328d43..34dbc85b5220 100644 --- a/rust/kernel/str.rs +++ b/rust/kernel/str.rs @@ -2,7 +2,7 @@ //! String representations. -use crate::alloc::vecext::VecExt; +use crate::alloc::{flags::*, vecext::VecExt}; use alloc::alloc::AllocError; use alloc::vec::Vec; use core::fmt::{self, Write}; @@ -730,7 +730,7 @@ pub fn try_from_fmt(args: fmt::Arguments<'_>) -> Result { let size = f.bytes_written(); // Allocate a vector with the required number of bytes, and write to it. - let mut buf = Vec::try_with_capacity(size)?; + let mut buf = as VecExt<_>>::with_capacity(size, GFP_KERNEL)?; // SAFETY: The buffer stored in `buf` is at least of size `size` and is valid for writes. let mut f = unsafe { Formatter::from_buffer(buf.as_mut_ptr(), size) }; f.write_fmt(args)?; @@ -771,7 +771,7 @@ impl<'a> TryFrom<&'a CStr> for CString { fn try_from(cstr: &'a CStr) -> Result { let mut buf = Vec::new(); - buf.try_extend_from_slice(cstr.as_bytes_with_nul()) + as VecExt<_>>::extend_from_slice(&mut buf, cstr.as_bytes_with_nul(), GFP_KERNEL) .map_err(|_| AllocError)?; // INVARIANT: The `CStr` and `CString` types have the same invariants for diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs index aa77bad9bce4..8fad61268465 100644 --- a/rust/kernel/types.rs +++ b/rust/kernel/types.rs @@ -157,11 +157,11 @@ unsafe fn from_foreign(_: *const core::ffi::c_void) -> Self {} /// let mut vec = /// ScopeGuard::new_with_data(Vec::new(), |v| pr_info!("vec had {} elements\n", v.len())); /// -/// vec.try_push(10u8)?; +/// vec.push(10u8, GFP_KERNEL)?; /// if arg { /// return Ok(()); /// } -/// vec.try_push(20u8)?; +/// vec.push(20u8, GFP_KERNEL)?; /// Ok(()) /// } /// diff --git a/samples/rust/rust_minimal.rs b/samples/rust/rust_minimal.rs index dc05f4bbe27e..2a9eaab62d1c 100644 --- a/samples/rust/rust_minimal.rs +++ b/samples/rust/rust_minimal.rs @@ -22,9 +22,9 @@ fn init(_module: &'static ThisModule) -> Result { pr_info!("Am I built-in? {}\n", !cfg!(MODULE)); let mut numbers = Vec::new(); - numbers.try_push(72)?; - numbers.try_push(108)?; - numbers.try_push(200)?; + numbers.push(72, GFP_KERNEL)?; + numbers.push(108, GFP_KERNEL)?; + numbers.push(200, GFP_KERNEL)?; Ok(RustMinimal { numbers }) } -- 2.34.1