From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AC0AEE49BD for ; Wed, 11 Sep 2024 14:38:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3687894004D; Wed, 11 Sep 2024 10:38:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 31B1A940021; Wed, 11 Sep 2024 10:38:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2088094004D; Wed, 11 Sep 2024 10:38:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 0335C940021 for ; Wed, 11 Sep 2024 10:38:06 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B1ED41A16AC for ; Wed, 11 Sep 2024 14:38:06 +0000 (UTC) X-FDA: 82552712172.18.3513FBD Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf04.hostedemail.com (Postfix) with ESMTP id 254B440015 for ; Wed, 11 Sep 2024 14:38:03 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LPV3lDJ0; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of dakr@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=dakr@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726065479; a=rsa-sha256; cv=none; b=UFF/yDWefTV9y2miSklJwcQU5mkq17dDFG8EgQSpEOcmaAoCzuMsB0kdoNRwxr6dmP5fCB hp0bofbRPM+mmb+GsE8O3xz1g3OXh4qVjAiSU4blVGZpUuxa68r1Jpf8nkNoZ5V+CUTbOn mhped/52gyHKjhV54ZzeRlaRyiRtI4w= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LPV3lDJ0; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of dakr@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=dakr@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726065479; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zpKifLi3gW9TyUcgcp/7TgrYhUHN3eVL04ORBP0w5Vo=; b=edurVGWH4EPPZ3+B8tuB0Pvn3SiYRC9btNGXhBkWIiHafmyiFrhC8VrYPdMeNQOnS1dI+e tOY40mM7EqZbk+4YIpLCAqxRGfQKxeoNuJ6MsyX/GrQCkTws5b4ZbCV7w0Ey5Dnsp64ikM YWPTPJ1qKt7RRz2bPznFnE5nwLKkkA4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id B293BA44F30; Wed, 11 Sep 2024 14:37:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 244C7C4CEC0; Wed, 11 Sep 2024 14:37:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726065483; bh=mqHDA66/2LWiEoFN7msYbfNAJjJbyoJbwWfKXNsRYrc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=LPV3lDJ0LW0wWEKaDYHpJ11yP5N2P7CWmzRvEbQBBTjjMqjqYDynZP0lUyYMEkfKs XUHUC/GkZY8lMJY5M3LC8J1XNQcL53qXwd9xgzwEy1qwTay6K2aNde/kxYbXNVE8Ov 8Xh8Sw+LpQJj1GK63obyZVdTlXfVIZt2wkf3TVZSd1VhCcMUYRejpOx1NuG5BboKOO 4N4IsUWhsSL0XYApgDgw/qY2Ql59mjZseA6a/E2UdcpTFOhGVh1zWhz6E5LBCSg9XI PXrHtNZ77su4ucdVQRU89k3TWj4G0vrgLoF2ReGeOsK10fGwJGmA0oahiOsFfw3qN9 AfGeY3QZuaXuw== Date: Wed, 11 Sep 2024 16:37:53 +0200 From: Danilo Krummrich To: Benno Lossin Cc: ojeda@kernel.org, alex.gaynor@gmail.com, wedsonaf@gmail.com, boqun.feng@gmail.com, gary@garyguo.net, bjorn3_gh@protonmail.com, a.hindborg@samsung.com, aliceryhl@google.com, akpm@linux-foundation.org, daniel.almeida@collabora.com, faith.ekstrand@collabora.com, boris.brezillon@collabora.com, lina@asahilina.net, mcanal@igalia.com, zhiw@nvidia.com, cjia@nvidia.com, jhubbard@nvidia.com, airlied@redhat.com, ajanulgu@redhat.com, lyude@redhat.com, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH v6 22/26] rust: alloc: implement `Cmalloc` in module allocator_test Message-ID: References: <20240816001216.26575-1-dakr@kernel.org> <20240816001216.26575-23-dakr@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Stat-Signature: pgo99oqn6grf5wd5k1791rt8g8gcmzzh X-Rspamd-Queue-Id: 254B440015 X-Rspamd-Server: rspam02 X-HE-Tag: 1726065483-960012 X-HE-Meta: U2FsdGVkX19Z/gPcyZEX9/ZMH8iScJJ6KPGdnPp0aagJcHvjlu5w0lcJ6J8dXSVr0rFOpoCrWLSq8Bpm+c3HytcEuVAaRK6JIZguVMBQYSpNSyc3AwCEapSwJ4qDa+D6mYZTWBx2IqoRuaz5t3pNHLg8t5z5QNZ9UW/C3r0zBl5nN7VW9qagyY68QSGj1/cpeb2RtlzGdtkgaSQE7B4KzvrWTGY28dVb33liCcrvu01Fk9fYeNmTFycSxRkdKzSjA0qpwKLMrMF2W29+kcIEyx99TnlPsK21zauawv7neSP80H9XPNNtV+yn1b7v6dIzoKb5+FUt4QG2t77+XxzDzxxXBTBPlMjd33ak5KlGuDI0eBjilJYxSJCVPscFyGhjBqjxvy1NW0KjGap5UnO6DyTxgheMp25mNCwmqs/CqsFgf10YKDmEHYrnOIRN+a2u4SGzmL/ezLTxYb9uZDCDFw1Ap6PF8ygb4tYFsvHumqb8zyPVdjAsVtL1QcdPUdLfvm2dfloJ4DkuS+9/27/10/jLr4Gudj54tXT/jknhODMm+EfPPblnXPh4/KZC03NWOJOSh6K6E7xnctkOa4WrSAfcOjWmAk33IK1oD2EoG8Sy6JWI5924FUVY9Q6fG7mo6V6Ti679qEqxsLmEEoYFQoul31IwQmzXXsbvptoAVNtLEC43/edaxDBsgDc+Wh/KP3jGgiTGEcTgPTn6zBBiOII7RxHejaCg+JPubJiqdCnTIAb8bo9SV4EYzR71OwN30XE/FWaIDrRi/jedurqwcg1bS2BM8MTvyPqZfH7A4GYI3TuMi9YvZhJC/6cNuSOWExdA2es22965oOJOlIemWNG8p1/14ExwlNyHieN8dzUABmw0m6JzQGIfSN/YZG9vAcI/jqlmzdrSMgdKyvc4O8SzqvXyY+lyMQYzEJn/SwkOFCnPScRDdLdEp0eBF237p3+EFE1P5xdKIJ5IV18 /KqXX3q/ fhiVQfvwIQYedW6Jex4mU9rKSeQu/mmfqUlVvu8ZcmGS/JzFsgx7jdhMSbjQxqkfwT5WRtyvhe0GjeZIh6EKHrbivFySKcTBy9LtueNoX36MnFjf2gqHokaayDbkOiv3+2C8wpHUH8F7iUVNslzYTT/mGnJjYtYEKcQtO44F/sNknbu5dx5Gd/swHXE7w3KtGUk8fOflnQGYnWl5xhcF9lWa2zoxuM7X/p1Qi8z8LaExUjvWa0JUUo23kTB9lj1JSNzvzLG6FmsCXO5XtuURNPRR7a4zUBcQV8l0q7RA6BqdHDqWeLFo/1PDh2d0W7QrglJKzbxO58Y+dOvNfFvPeu2RXNiLUc4rH0fXgojtNasWrxnDrCUm+yd/CXg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Sep 11, 2024 at 01:32:31PM +0000, Benno Lossin wrote: > On 11.09.24 14:31, Danilo Krummrich wrote: > > On Fri, Aug 30, 2024 at 12:25:27AM +0200, Danilo Krummrich wrote: > >> On Thu, Aug 29, 2024 at 07:14:18PM +0000, Benno Lossin wrote: > >>> On 16.08.24 02:11, Danilo Krummrich wrote: > >>>> + > >>>> + if layout.size() == 0 { > >>>> + // SAFETY: `src` has been created by `Self::alloc_store_data`. > >>> > >>> This is not true, consider: > >>> > >>> let ptr = alloc(size = 0); > >>> free(ptr) > >>> > >>> Alloc will return a dangling pointer due to the first if statement and > >>> then this function will pass it to `free_read_data`, even though it > >>> wasn't created by `alloc_store_data`. > >>> This isn't forbidden by the `Allocator` trait function's safety > >>> requirements. > >>> > >>>> + unsafe { Self::free_read_data(src) }; > >>>> + > >>>> + return Ok(NonNull::slice_from_raw_parts(NonNull::dangling(), 0)); > >>>> + } > >>>> + > >>>> + let dst = Self::alloc(layout, flags)?; > >>>> + > >>>> + // SAFETY: `src` has been created by `Self::alloc_store_data`. > >>>> + let data = unsafe { Self::data(src) }; > >>> > >>> Same issue here, if the allocation passed in is zero size. I think you > >>> have no other choice than to allocate even for zero size requests... > >>> Otherwise how would you know that they are zero-sized. > >> > >> Good catch - gonna fix it. > > > > Almost got me. :) I think the code is fine, callers are not allowed to pass > > pointers to `realloc` and `free`, which haven't been allocated with the same > > corresponding allocator or are dangling. > > But what about the example above (ie the `alloc(size = 0)` and then > `free`)? This never has been valid for the `Allocator` trait. Look at `Kmalloc`, `Vmalloc` and `KVmalloc`, they don't allow this either. We've discussed this already in previous versions of this series, where for this purpose, you asked for `old_layout` for `free`. Such that `free` can check if the `size` was zero and therefore return without doing anything. > I guess this all depends on how one interprets the term > "existing, valid memory allocation". To me that describes anything an > `Allocator` returns via `alloc` and `realloc`, including zero-sized > allocations. I argue that the dangling pointer returned for `size == 0` does not point to any allocation in the sense of those allocators. It's just a dangling `[u8]` pointer. > But if you argue that those are not valid allocations from that > allocator, then that is not properly documented in the safety > requirements of `Allocator`. The safety requirements of `Allocator` where proposed by you and I thought they consider this aspect? `realloc` has: "If `ptr == Some(p)`, then `p` must point to an existing and valid memory allocation created by this allocator." `free` has: "`ptr` must point to an existing and valid memory allocation created by this `Allocator` and must not be a dangling pointer." We can add the part about the dangling pointer to `realloc` if you want. > > --- > Cheers, > Benno >