Received: by 2002:ab2:6991:0:b0:1f2:fff1:ace7 with SMTP id v17csp188734lqo; Wed, 27 Mar 2024 10:10:30 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX/khm7t7aacPuLLDdyAga/aao4Y09H47G7Dpdbu99Zh6BjCqV9XYcQuntd3+tRQWgkPpjPMupF1z+9H8t4rMhCeHUrsid3tvXvRuFPXw== X-Google-Smtp-Source: AGHT+IFJtrgE5OpV7AoRW7asGaM6jwppY19CyevkvSlFoSGTMh8gG8qsRDHYZTis3lIEwRu8S1c5 X-Received: by 2002:a17:907:7d89:b0:a47:5265:9aac with SMTP id oz9-20020a1709077d8900b00a4752659aacmr72332ejc.55.1711559430597; Wed, 27 Mar 2024 10:10:30 -0700 (PDT) Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id o15-20020a170906774f00b00a46bdfcf233si4681322ejn.862.2024.03.27.10.10.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Mar 2024 10:10:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-121673-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@proton.me header.s=protonmail header.b=LvHP7RI+; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-121673-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-121673-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=proton.me Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 56C761F2D92B for ; Wed, 27 Mar 2024 17:10:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DA26714D709; Wed, 27 Mar 2024 17:10:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=proton.me header.i=@proton.me header.b="LvHP7RI+" Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1C2014BFB8; Wed, 27 Mar 2024 17:09:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.70.40.134 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711559401; cv=none; b=lrcJ0ZJWDHc4z6rrHyHhLEkrSpuB3H9hD2ax7fSIz9R2qVjB5SzzgjycUdRgGmMBk+mHzvkgxCeMh7SI7/qgVuhG/Y+hUUVblFsI3rBPDC522soXZelqUfrwljx9PzdC5UbGJHqXqqJ1YR/rsv89BVQTDTXEiQTTvXCrcSSrXx0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711559401; c=relaxed/simple; bh=TAvSXLo+JzG7CRTnjWxNem3ojDqI3tGDePRfdvulLwc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m69+gWuaXHS5epCbhF/UEHXl6UdYwxbvXEmWTX8F7qzu4xqV2uwyiqS/dRxkjof1M/fbC65NSCb1Tp9k/FnKQ7mdcXgOyvtNAnmMGpmlth4LqbmWePWpG7DQ4k//q4TCQExQHxx++1cNFUtSjrUqj7rRcbTbjqILu7TaNG44QGI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=proton.me; spf=pass smtp.mailfrom=proton.me; dkim=pass (2048-bit key) header.d=proton.me header.i=@proton.me header.b=LvHP7RI+; arc=none smtp.client-ip=185.70.40.134 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=proton.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=proton.me DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1711559396; x=1711818596; bh=SVnx5sMr84jeYv0M36GmI9eVZD6iTYoLtNnbb889Szc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=LvHP7RI+De/izrP3K1Qau5J8o2NC/3tmNcYBtiCSDw0Uk/5u0+vOuzxCSTQ8Q0o/I JlbzqFsP518OTIIHrmqNjIMNig8aNWW2YCddQqoaLOmyl5H2FKtqGOEf9n/LNMRfVI 1I2znQlERhrUBJ789w0tzvhD72YgWJn/joVhpQ2bWouQ0KfOkvcdsV8/DYUbFqqft0 pSVccuaHLCZa1znAZU3xb98PpiRX95is1oG7HA9zWEVxdlrQAfO5rMCwmF02nhqq3N t9yzT+vQu3q7sMK8bq5HdRe/PrL3ONtVDCpIB1gm5S9/vDLygvwAkYW3M8JMx8pA7c eDob1jWAkN21A== Date: Wed, 27 Mar 2024 17:09:47 +0000 To: Wedson Almeida Filho , rust-for-linux@vger.kernel.org From: Benno Lossin Cc: Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?Q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , linux-kernel@vger.kernel.org, Wedson Almeida Filho Subject: Re: [PATCH v2 06/10] rust: alloc: introduce the `BoxExt` trait Message-ID: In-Reply-To: <20240327023531.187880-7-wedsonaf@gmail.com> References: <20240327023531.187880-1-wedsonaf@gmail.com> <20240327023531.187880-7-wedsonaf@gmail.com> Feedback-ID: 71780778:user:proton Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 27.03.24 03:35, Wedson Almeida Filho wrote: > diff --git a/rust/kernel/alloc/allocator.rs b/rust/kernel/alloc/allocator= rs > index 01ad139e19bc..fc0439455faa 100644 > --- a/rust/kernel/alloc/allocator.rs > +++ b/rust/kernel/alloc/allocator.rs > @@ -15,7 +15,11 @@ > /// > /// - `ptr` can be either null or a pointer which has been allocated by = this allocator. > /// - `new_layout` must have a non-zero size. > -unsafe fn krealloc_aligned(ptr: *mut u8, new_layout: Layout, flags: bind= ings::gfp_t) -> *mut u8 { > +pub(crate) unsafe fn krealloc_aligned( > + ptr: *mut u8, > + new_layout: Layout, > + flags: bindings::gfp_t, I think it is a good idea to use `Flags` here as well. > +) -> *mut u8 { > // Customized layouts from `Layout::from_size_align()` can have size= < align, so pad first. > let layout =3D new_layout.pad_to_align(); >=20 > diff --git a/rust/kernel/alloc/box_ext.rs b/rust/kernel/alloc/box_ext.rs > new file mode 100644 > index 000000000000..aaa6a20d12b6 > --- /dev/null > +++ b/rust/kernel/alloc/box_ext.rs > @@ -0,0 +1,62 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +//! Extensions to [`Box`] for fallible allocations. > + > +use super::Flags; > +use alloc::boxed::Box; > +use core::alloc::AllocError; > +use core::mem::MaybeUninit; > +use core::result::Result; > + > +/// Extensions to [`Box`]. > +pub trait BoxExt: Sized { > + /// Allocates a new box. > + /// > + /// The allocation may fail, in which case an error is returned. > + fn new(x: T, flags: Flags) -> Result; > + > + /// Allocates a new uninitialised box. > + /// > + /// The allocation may fail, in which case an error is returned. > + fn new_uninit(flags: Flags) -> Result>, AllocErro= r>; > +} > + > +impl BoxExt for Box { > + #[cfg(any(test, testlib))] > + fn new(x: T, _flags: Flags) -> Result { > + Ok(Box::new(x)) > + } > + > + #[cfg(not(any(test, testlib)))] > + fn new(x: T, flags: Flags) -> Result { > + let ptr =3D if core::mem::size_of::() =3D=3D 0 { > + core::ptr::NonNull::::dangling().as_ptr() > + } else { > + let layout =3D core::alloc::Layout::new::(); > + > + // SAFETY: Memory is being allocated (first arg is null). Th= e only other source of > + // safety issues is sleeping on atomic context, which is add= ressed by klint. Lastly, > + // the type is not a SZT (checked above). > + let ptr =3D unsafe { > + super::allocator::krealloc_aligned(core::ptr::null_mut()= , layout, flags.0) > + }; > + if ptr.is_null() { > + return Err(AllocError); > + } > + > + let ptr =3D ptr.cast::(); > + > + // SAFETY: We just allocated the memory above, it is valid f= or write. > + unsafe { ptr.write(x) }; > + ptr > + }; > + > + // SAFETY: For non-zero-sized types, we allocate above using the= global allocator. For > + // zero-sized types, we use `NonNull::dangling`. > + Ok(unsafe { Box::from_raw(ptr) }) > + } > + > + fn new_uninit(flags: Flags) -> Result>, AllocErro= r> { > + as BoxExt<_>>::new(MaybeUninit::::uninit(), flags) Note that the expression `MaybeUninit::::uninit()` introduces a temporary which will be allocated on the stack. If the type `T` is very big, then this function will cause immediate stack overflows. I would recommend to implement `new` in terms of `new_uninit`. The `new_uninit` implementation can be almost the same as the current implementation of `new`, just remove the `ptr.write(x)` statement. --=20 Cheers, Benno > + } > +}