From: Danilo Krummrich <dakr@kernel.org>
To: Alice Ryhl <aliceryhl@google.com>
Cc: ojeda@kernel.org, alex.gaynor@gmail.com, wedsonaf@gmail.com,
boqun.feng@gmail.com, gary@garyguo.net, bjorn3_gh@protonmail.com,
benno.lossin@proton.me, a.hindborg@samsung.com,
akpm@linux-foundation.org, daniel.almeida@collabora.com,
faith.ekstrand@collabora.com, boris.brezillon@collabora.com,
lina@asahilina.net, mcanal@igalia.com, zhiw@nvidia.com,
acurrid@nvidia.com, cjia@nvidia.com, jhubbard@nvidia.com,
airlied@redhat.com, ajanulgu@redhat.com, lyude@redhat.com,
linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
linux-mm@kvack.org
Subject: Re: [PATCH v3 04/25] rust: alloc: implement `Allocator` for `Kmalloc`
Date: Thu, 1 Aug 2024 14:30:01 +0200 [thread overview]
Message-ID: <Zqt_yeGPTIYjgCK8@pollux> (raw)
In-Reply-To: <CAH5fLggM5X7M9fTJE7C2afSHehK8b72XGKAgsEcn3Xm632s_Gg@mail.gmail.com>
On Thu, Aug 01, 2024 at 10:28:09AM +0200, Alice Ryhl wrote:
> On Thu, Aug 1, 2024 at 2:07 AM Danilo Krummrich <dakr@kernel.org> wrote:
> > +/// Returns a proper size to alloc a new object aligned to `new_layout`'s alignment.
> > fn aligned_size(new_layout: Layout) -> usize {
>
> This comment could potentially be moved to the previous patch that
> defined the function.
>
> > +struct ReallocFunc(
> > + // INVARIANT: One of the following `krealloc`, `vrealloc`, `kvrealloc`.
> > + unsafe extern "C" fn(*const core::ffi::c_void, usize, u32) -> *mut core::ffi::c_void,
> > +);
>
> In this case, the comment would usually be formatted with markdown.
>
> /// # Invariants
> ///
> /// Must contain one of the following: `krealloc`, `vrealloc`, `kvrealloc`.
>
> The // INVARIANT: syntax is used when constructing an instance to
> argue why the documentented invariants are satisfied.
>
> > +impl ReallocFunc {
> > + fn krealloc() -> Self {
> > + Self(bindings::krealloc)
> > + }
>
> Technically this should have an // INVARIANT: explaining why the
> invariants are satisfied by this new value.
>
> > +
> > + // SAFETY: `call` has the exact same safety requirements as `Allocator::realloc`.
> > + unsafe fn call(
>
> Similarly to the above, the // SAFETY: syntax is used when arguing why
> the preconditions are satisfied, but when explaining what the
> preconditions are, we usually use this syntax instead:
>
> /// # Safety
> ///
> /// This method has the same safety requirements as `Allocator::realloc`.
Agreed, I will change this one and the above.
>
> > + &self,
> > + ptr: Option<NonNull<u8>>,
> > + layout: Layout,
> > + flags: Flags,
> > + ) -> Result<NonNull<[u8]>, AllocError> {
> > + let size = aligned_size(layout);
> > + let ptr = match ptr {
> > + Some(ptr) => ptr.as_ptr(),
> > + None => ptr::null(),
> > + };
> > +
> > + // SAFETY: `ptr` is valid by the safety requirements of this function.
> > + let raw_ptr = unsafe {
> > + // If `size == 0` and `ptr != NULL` the memory behind the pointer is freed.
> > + self.0(ptr.cast(), size, flags.0).cast()
> > + };
> > +
> > + let ptr = if size == 0 {
> > + NonNull::dangling()
> > + } else {
> > + NonNull::new(raw_ptr).ok_or(AllocError)?
> > + };
> > +
> > + Ok(NonNull::slice_from_raw_parts(ptr, size))
> > + }
> > +}
> > +
> > +unsafe impl Allocator for Kmalloc {
> > + unsafe fn realloc(
> > + ptr: Option<NonNull<u8>>,
> > + layout: Layout,
> > + flags: Flags,
> > + ) -> Result<NonNull<[u8]>, AllocError> {
> > + let realloc = ReallocFunc::krealloc();
> > +
> > + // SAFETY: If not `None`, `ptr` is guaranteed to point to valid memory, which was previously
> > + // allocated with this `Allocator`.
> > + unsafe { realloc.call(ptr, layout, flags) }
> > + }
> > +}
> > +
> > unsafe impl GlobalAlloc for Kmalloc {
> > unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
> > // SAFETY: `ptr::null_mut()` is null and `layout` has a non-zero size by the function safety
> > --
> > 2.45.2
> >
>
next prev parent reply other threads:[~2024-08-01 12:30 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 0:01 [PATCH v3 00/25] Generic `Allocator` support for Rust Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 01/25] rust: alloc: add `Allocator` trait Danilo Krummrich
2024-08-01 8:19 ` Alice Ryhl
2024-08-01 12:26 ` Danilo Krummrich
2024-08-01 14:25 ` Alice Ryhl
2024-08-01 15:09 ` Danilo Krummrich
2024-08-04 6:21 ` Boqun Feng
2024-08-04 12:29 ` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 02/25] rust: alloc: separate `aligned_size` from `krealloc_aligned` Danilo Krummrich
2024-08-01 8:21 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 03/25] rust: alloc: rename `KernelAllocator` to `Kmalloc` Danilo Krummrich
2024-08-01 8:21 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 04/25] rust: alloc: implement `Allocator` for `Kmalloc` Danilo Krummrich
2024-08-01 8:28 ` Alice Ryhl
2024-08-01 12:30 ` Danilo Krummrich [this message]
2024-08-01 0:02 ` [PATCH v3 05/25] rust: alloc: add module `allocator_test` Danilo Krummrich
2024-08-01 8:41 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 06/25] rust: alloc: implement `Vmalloc` allocator Danilo Krummrich
2024-08-01 8:43 ` Alice Ryhl
2024-08-04 6:44 ` Boqun Feng
2024-08-04 12:41 ` Danilo Krummrich
2024-08-04 15:16 ` Danilo Krummrich
2024-08-04 17:39 ` Danilo Krummrich
2024-08-04 23:57 ` Boqun Feng
2024-08-05 0:54 ` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 07/25] rust: alloc: implement `KVmalloc` allocator Danilo Krummrich
2024-08-01 8:43 ` Alice Ryhl
2024-08-01 12:31 ` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 08/25] rust: types: implement `Unique<T>` Danilo Krummrich
2024-08-01 8:45 ` Alice Ryhl
2024-08-04 6:54 ` Boqun Feng
2024-08-01 0:02 ` [PATCH v3 09/25] rust: alloc: implement kernel `Box` Danilo Krummrich
2024-08-01 8:55 ` Alice Ryhl
2024-08-01 12:45 ` Danilo Krummrich
2024-08-01 12:48 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 10/25] rust: treewide: switch to our kernel `Box` type Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 11/25] rust: alloc: remove `BoxExt` extension Danilo Krummrich
2024-08-01 14:53 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 12/25] rust: alloc: add `Box` to prelude Danilo Krummrich
2024-08-01 14:54 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 13/25] rust: alloc: import kernel `Box` type in types.rs Danilo Krummrich
2024-08-01 14:54 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 14/25] rust: alloc: import kernel `Box` type in init.rs Danilo Krummrich
2024-08-01 14:55 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 15/25] rust: alloc: implement kernel `Vec` type Danilo Krummrich
2024-08-01 15:05 ` Alice Ryhl
2024-08-01 15:27 ` Danilo Krummrich
2024-08-01 15:31 ` Alice Ryhl
2024-08-01 15:46 ` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 16/25] rust: alloc: implement `IntoIterator` for `Vec` Danilo Krummrich
2024-08-01 15:07 ` Alice Ryhl
2024-08-01 15:30 ` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 17/25] rust: alloc: implement `collect` for `IntoIter` Danilo Krummrich
2024-08-01 15:10 ` Alice Ryhl
2024-08-01 15:37 ` Danilo Krummrich
2024-08-02 7:08 ` Alice Ryhl
2024-08-02 12:02 ` Danilo Krummrich
2024-08-02 12:08 ` Alice Ryhl
2024-08-01 0:02 ` [PATCH v3 18/25] rust: treewide: switch to the kernel `Vec` type Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 19/25] rust: alloc: remove `VecExt` extension Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 20/25] rust: alloc: add `Vec` to prelude Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 21/25] rust: alloc: remove `GlobalAlloc` and `krealloc_aligned` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 22/25] rust: error: use `core::alloc::LayoutError` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 23/25] rust: str: test: replace `alloc::format` Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 24/25] rust: alloc: update module comment of alloc.rs Danilo Krummrich
2024-08-01 0:02 ` [PATCH v3 25/25] kbuild: rust: remove the `alloc` crate Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zqt_yeGPTIYjgCK8@pollux \
--to=dakr@kernel.org \
--cc=a.hindborg@samsung.com \
--cc=acurrid@nvidia.com \
--cc=airlied@redhat.com \
--cc=ajanulgu@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=boris.brezillon@collabora.com \
--cc=cjia@nvidia.com \
--cc=daniel.almeida@collabora.com \
--cc=faith.ekstrand@collabora.com \
--cc=gary@garyguo.net \
--cc=jhubbard@nvidia.com \
--cc=lina@asahilina.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lyude@redhat.com \
--cc=mcanal@igalia.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=wedsonaf@gmail.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.