From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 510D9CF9C7F for ; Thu, 26 Sep 2024 13:01:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B6ECD6B008C; Thu, 26 Sep 2024 09:01:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B1F526B0095; Thu, 26 Sep 2024 09:01:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A0E7E6B0096; Thu, 26 Sep 2024 09:01:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 817E46B008C for ; Thu, 26 Sep 2024 09:01:54 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2B8181616AB for ; Thu, 26 Sep 2024 13:01:54 +0000 (UTC) X-FDA: 82606901748.05.7F0E5C9 Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) by imf06.hostedemail.com (Postfix) with ESMTP id 370AC18002F for ; Thu, 26 Sep 2024 13:01:50 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=proton.me header.s=protonmail header.b=MdcN3bxi; spf=pass (imf06.hostedemail.com: domain of benno.lossin@proton.me designates 185.70.43.16 as permitted sender) smtp.mailfrom=benno.lossin@proton.me; dmarc=pass (policy=quarantine) header.from=proton.me ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727355651; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ni2tbyqOCaidLloef4UUNDZ9jQLw7Tbtr+Fe40Nyt9k=; b=Bw1w9aHkFE2D5UI+OokDKuDtB162ZdaLZa3xT3DsOsvZzx/cOuQcruYnM6mnOg2uZlK+h0 GYlgWiLupeCiePPIhwcn5SdZTsbp8trJVPeDbXLHDeSjXKQ826wfMzDkJmu5LF1QuGpVNh hT4A08yjGzwoREXoJJkJoEzBwtfkeOU= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=proton.me header.s=protonmail header.b=MdcN3bxi; spf=pass (imf06.hostedemail.com: domain of benno.lossin@proton.me designates 185.70.43.16 as permitted sender) smtp.mailfrom=benno.lossin@proton.me; dmarc=pass (policy=quarantine) header.from=proton.me ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727355651; a=rsa-sha256; cv=none; b=TbsegNMYnuVrLzlyxg7E9YPZOEFZQaC0UJhv+H4eHhmARP5t7nXe7D6mi2fqoMRE7ugESY r24JrSWMDNUd458yR6qcY0Q4Yy2xCRb69ekyguIku1u8B0wt0sqPTXBtjyjBzoydgIiUMj F4ObZ2VkRZq/XjveM3xUcmqKz3n2el8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail; t=1727355708; x=1727614908; bh=Ni2tbyqOCaidLloef4UUNDZ9jQLw7Tbtr+Fe40Nyt9k=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=MdcN3bxiKQV7IztkVwYihHWencm5ejs4fWLMev+sd7mX7LfYTwhlD78H11Is5Afhz CeKOrzVJvjWw2zpqvI5W6iVP86OEs3G/6lLY0WBA08cIkz6TrbF+vvntC37QUmP4GM eKy15/vDU3dWjSPKS97LCXlK3IsYyQaiah/Xpe3qDpdZUSf43cFB8Umdw4VIXXX181 erMvU5pjZj60BbM1mT4WmUWUZfBr6iuO89TJ3YJcDg9dUaRnAccVbFWjdpTXqiZB8G XDWyPXmnciV1GKk9nW9MNxr2LDkStAx+140qg0o5BsPtdtJjdAVycy/WHQ/ncTSqCR ZWY5cdcLl/g2w== Date: Thu, 26 Sep 2024 13:00:58 +0000 To: Danilo Krummrich , ojeda@kernel.org, alex.gaynor@gmail.com, wedsonaf@gmail.com, boqun.feng@gmail.com, gary@garyguo.net, bjorn3_gh@protonmail.com, a.hindborg@samsung.com, aliceryhl@google.com, akpm@linux-foundation.org From: Benno Lossin Cc: daniel.almeida@collabora.com, faith.ekstrand@collabora.com, boris.brezillon@collabora.com, lina@asahilina.net, mcanal@igalia.com, zhiw@nvidia.com, cjia@nvidia.com, jhubbard@nvidia.com, airlied@redhat.com, ajanulgu@redhat.com, lyude@redhat.com, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH v7 04/26] rust: alloc: implement `Allocator` for `Kmalloc` Message-ID: <15f42ddd-b011-4136-b2e4-bc266fab25b6@proton.me> In-Reply-To: <20240911225449.152928-5-dakr@kernel.org> References: <20240911225449.152928-1-dakr@kernel.org> <20240911225449.152928-5-dakr@kernel.org> Feedback-ID: 71780778:user:proton X-Pm-Message-ID: f5651060dc2251b4113e5c3c4cb39c1e915fcbd3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 370AC18002F X-Stat-Signature: u5ccdwry458sn647o8dbhcjoy3pnucap X-HE-Tag: 1727355710-187994 X-HE-Meta: U2FsdGVkX19MjBluFIWznISiE+fcUcxzkMYPIaSy0HiFYxbm0ZOMsuCwoYLwVCMCKaOtSZrB16QIs59I7ic3yHDU3G686ezQRz6dSx/T2rvS1pKnl1NtBMKNH9AeZvkYN71Vxw93V/+pDbBJtpe6hSt7mUDLbKk1+S2E/soEHJ2aMXkgnXg8S9QM+IO9fuRlU0w7hahMPP/aLTYMgCp14H9RYaVzk9M0LyLmmiuhBVrbVqOKVrTZ0SX3ZnYaj3U/6OIZamezv6yy/eKQ73bDVCh205fgkI3siWE1neGiSzKE1cwjkeqvmb28UcXuZZXbgxnCBxHJG6P5XrRNkDYEpcgEE252ghYOGXFSgazYiL9s+2v0fGxcckYuNfrs4rfVuXgv9oPMv5CbuEr0cb2rafDtIR8bSofen9tYv9QvSzMilfVOHY/4IEJZk9KlyGJse/l4JBqzVyTNhI4ntt57cmJuU13WChoaA4EJlBfirHl1n3ODx4rjtqfsY4g2jU8A4uRv3zaCbyu1uzcy5d8SnPIMBpOEmSEa/UvzPr0ZYt0fu1RSnGMfalwo4eJFr0nRJu2DxNlwQDYv42VbIijmZliPo3UHIxxqlahwztc8DmCV7EzY5udk/jrToqZ5E/1dyo0HDaxX4H9KmjUU5lvw4MzvSCnCd2DxcCNpHGsL7tYP8U5vsCJ8B+TAVyuu0BQ3Uil/HKYr3cD28iEl8LhfZ98r/9vswTVHVPDdkzPcwJ1e/JFV+AsBLJ80hy1l9o4dHDCuqhxsVYUATEC8ZVYosg5x0OnoO2+oAlwDjecclK1VGYv2ijLCgOdB+jCMUheoIqFp3PMvQFETvMzQVQQYAkreIGkaKKVmzxXD6Dy1VdIkWZ4wegkgQyRly9yMb91gyOJwxpXyn1JUHx1MxU6+kHCZ798ltqpEL8ZphGyydEj/YD1M1vjw8ozVKXISiMucjXyDOxgTWDKnNqm4I+Z +CBTMNUy 0F3efAsXNtcbYxDG1ykWK7OTjlSf7zd4X/Wg3VIMkFFFjuzN+2I2vQPi9aTthl3nZpOtQcdSj1hkYPqoAa2OEP/MQmuXymqrz3AUDJkBtj+7EjTi1LcF2Keh2l6RiGqxBRv7qq5iIiHZVqLY832Joo43vvFMKB3MisSkEnui4As541aeSXYr3FQWwMY9YTEUqBaroHwcQC7bsPJ3Ct29+xAQbalm0XVetXijgk3F4xUapF1AaHvqJrbAPISF5Jvvi4G5NJD6H9VXEIykJ4uPUKdzsWoaq67n2hSDTnl+rtariVaH9998NDF8Bwp/j5q756vwja1jpVtPp59HTRPFyc3zEXHa1jLAxKbR++oyaOtzHlVCkc070NJiaAxogbhZuB57B X-Bogosity: Ham, tests=bogofilter, spamicity=0.002049, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 12.09.24 00:52, Danilo Krummrich wrote: > +/// # Invariants > +/// > +/// One of the following `krealloc`, `vrealloc`, `kvrealloc`. > +struct ReallocFunc( > + unsafe extern "C" fn(*const core::ffi::c_void, usize, u32) -> *mut c= ore::ffi::c_void, > +); > + > +impl ReallocFunc { > + // INVARIANT: `krealloc` satisfies the type invariants. > + const KREALLOC: Self =3D Self(bindings::krealloc); > + > + /// # Safety > + /// > + /// This method has the same safety requirements as [`Allocator::rea= lloc`]. > + /// > + /// # Guarantees > + /// > + /// This method has the same guarantees as `Allocator::realloc`. Add= itionally > + /// - it accepts any pointer to a valid memory allocation allocated = by this function. > + /// - memory allocated by this function remains valid until it is pa= ssed to this function. > + unsafe fn call( > + &self, > + ptr: Option>, > + layout: Layout, > + flags: Flags, > + ) -> Result, AllocError> { > + let size =3D aligned_size(layout); > + let ptr =3D match ptr { > + Some(ptr) =3D> ptr.as_ptr(), > + None =3D> ptr::null(), > + }; > + > + // SAFETY: > + // - `self.0` is one of `krealloc`, `vrealloc`, `kvrealloc` and = thus only requires that > + // `ptr` is NULL or valid. > + // - `ptr` is either NULL or valid by the safety requirements of= this function. > + // > + // GUARANTEE: > + // - `self.0` is one of `krealloc`, `vrealloc`, `kvrealloc`. > + // - Those functions provide the guarantees of this function. > + let raw_ptr =3D unsafe { > + // If `size =3D=3D 0` and `ptr !=3D NULL` the memory behind = the pointer is freed. > + self.0(ptr.cast(), size, flags.0).cast() > + }; > + > + let ptr =3D if size =3D=3D 0 { > + NonNull::dangling() > + } else { > + NonNull::new(raw_ptr).ok_or(AllocError)? > + }; > + > + Ok(NonNull::slice_from_raw_parts(ptr, size)) > + } > +} I remember asking you to split this into a different commit. I think you argued that it would be better to keep it in the same commit when bisecting. I don't think that applies in this case, are there any other disadvantages? --- Cheers, Benno > + > +// SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees = that > +// - memory remains valid until it is explicitly freed, > +// - passing a pointer to a valid memory allocation is OK, > +// - `realloc` satisfies the guarantees, since `ReallocFunc::call` has t= he same. > +unsafe impl Allocator for Kmalloc { > + #[inline] > + unsafe fn realloc( > + ptr: Option>, > + layout: Layout, > + flags: Flags, > + ) -> Result, AllocError> { > + // SAFETY: `ReallocFunc::call` has the same safety requirements = as `Allocator::realloc`. > + unsafe { ReallocFunc::KREALLOC.call(ptr, layout, flags) } > + } > +} > + > unsafe impl GlobalAlloc for Kmalloc { > unsafe fn alloc(&self, layout: Layout) -> *mut u8 { > // SAFETY: `ptr::null_mut()` is null and `layout` has a non-zero= size by the function safety > -- > 2.46.0 >=20