From: Alice Ryhl <aliceryhl@google.com>
To: Danilo Krummrich <dakr@kernel.org>
Cc: Matthew Maurer <mmaurer@google.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
Alice Ryhl <aliceryhl@google.com>
Subject: [PATCH v5 6/7] rust: alloc: add Vec::remove
Date: Fri, 02 May 2025 13:19:34 +0000 [thread overview]
Message-ID: <20250502-vec-methods-v5-6-06d20ad9366f@google.com> (raw)
In-Reply-To: <20250502-vec-methods-v5-0-06d20ad9366f@google.com>
This is needed by Rust Binder in the range allocator, and by upcoming
GPU drivers during firmware initialization.
Panics in the kernel are best avoided when possible, so an error is
returned if the index is out of bounds. An error type is used rather
than just returning Option<T> to let callers handle errors with ?.
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
rust/kernel/alloc/kvec.rs | 42 +++++++++++++++++++++++++++++++++++++++-
rust/kernel/alloc/kvec/errors.rs | 15 ++++++++++++++
2 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
index 3298b3b0f32c70f3fe517fcb7af6b9922fea926b..8845e7694334b672476ff935580f3a9eb94d23fe 100644
--- a/rust/kernel/alloc/kvec.rs
+++ b/rust/kernel/alloc/kvec.rs
@@ -22,7 +22,7 @@
};
mod errors;
-pub use self::errors::PushError;
+pub use self::errors::{PushError, RemoveError};
/// Create a [`KVec`] containing the arguments.
///
@@ -389,6 +389,46 @@ pub fn pop(&mut self) -> Option<T> {
Some(unsafe { removed.read() })
}
+ /// Removes the element at the given index.
+ ///
+ /// # Panics
+ ///
+ /// Panics if the index is out of bounds.
+ ///
+ /// # Examples
+ ///
+ /// ```
+ /// let mut v = kernel::kvec![1, 2, 3]?;
+ /// assert_eq!(v.remove(1)?, 2);
+ /// assert_eq!(v, [1, 3]);
+ /// # Ok::<(), Error>(())
+ /// ```
+ pub fn remove(&mut self, i: usize) -> Result<T, RemoveError> {
+ let value = {
+ let value_ref = self.get(i).ok_or(RemoveError)?;
+ // INVARIANT: This breaks the invariants by invalidating the value at index `i`, but we
+ // restore the invariants below.
+ // SAFETY: The value at index `i` is valid, because otherwise we would have already
+ // failed with `RemoveError`.
+ unsafe { ptr::read(value_ref) }
+ };
+
+ // SAFETY: We checked that `i` is in-bounds.
+ let p = unsafe { self.as_mut_ptr().add(i) };
+
+ // INVARIANT: After this call, the invalid value is at the last slot, so the Vec invariants
+ // are restored after the below call to `dec_len(1)`.
+ // SAFETY: `p.add(1).add(self.len - i - 1)` is `i+1+len-i-1 == len` elements after the
+ // beginning of the vector, so this is in-bounds of the vector's allocation.
+ unsafe { ptr::copy(p.add(1), p, self.len - i - 1) };
+
+ // SAFETY: Since the check at the beginning of this call did not fail with `RemoveError`,
+ // the length is at least one.
+ unsafe { self.dec_len(1) };
+
+ Ok(value)
+ }
+
/// Creates a new [`Vec`] instance with at least the given capacity.
///
/// # Examples
diff --git a/rust/kernel/alloc/kvec/errors.rs b/rust/kernel/alloc/kvec/errors.rs
index 84c96ec5007ddc676283cbce07f4d670c3873c1e..06fe696e8bc6612a5e6aa2f6c28b685033acfa2f 100644
--- a/rust/kernel/alloc/kvec/errors.rs
+++ b/rust/kernel/alloc/kvec/errors.rs
@@ -21,3 +21,18 @@ fn from(_: PushError<T>) -> Error {
EINVAL
}
}
+
+/// Error type for [`Vec::remove`].
+pub struct RemoveError;
+
+impl Debug for RemoveError {
+ fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+ write!(f, "Index out of bounds")
+ }
+}
+
+impl From<RemoveError> for Error {
+ fn from(_: RemoveError) -> Error {
+ EINVAL
+ }
+}
--
2.49.0.967.g6a0df3ecc3-goog
next prev parent reply other threads:[~2025-05-02 13:19 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 13:19 [PATCH v5 0/7] Additional methods for Vec Alice Ryhl
2025-05-02 13:19 ` [PATCH v5 1/7] rust: alloc: add Vec::clear Alice Ryhl
2025-05-02 13:19 ` [PATCH v5 2/7] rust: alloc: add Vec::pop Alice Ryhl
2025-05-07 11:32 ` Benno Lossin
2025-05-02 13:19 ` [PATCH v5 3/7] rust: alloc: add Vec::push_within_capacity Alice Ryhl
2025-05-02 14:07 ` Greg KH
2025-05-02 14:25 ` Alice Ryhl
2025-05-03 11:50 ` Danilo Krummrich
2025-05-07 11:35 ` Benno Lossin
2025-05-02 13:19 ` [PATCH v5 4/7] rust: alloc: add Vec::drain_all Alice Ryhl
2025-05-07 11:37 ` Benno Lossin
2025-05-02 13:19 ` [PATCH v5 5/7] rust: alloc: add Vec::retain Alice Ryhl
2025-05-07 11:40 ` Benno Lossin
2025-05-02 13:19 ` Alice Ryhl [this message]
2025-05-03 11:44 ` [PATCH v5 6/7] rust: alloc: add Vec::remove Danilo Krummrich
2025-05-07 5:30 ` Alexandre Courbot
2025-05-07 5:32 ` Alexandre Courbot
2025-05-07 6:32 ` [PATCH v5 6/7] rust: alloc: add Vec::remove' Alice Ryhl
2025-05-07 11:44 ` [PATCH v5 6/7] rust: alloc: add Vec::remove Benno Lossin
2025-05-08 9:50 ` Alice Ryhl
2025-05-02 13:19 ` [PATCH v5 7/7] rust: alloc: add Vec::insert_within_capacity Alice Ryhl
2025-05-07 11:46 ` Benno Lossin
2025-05-02 14:08 ` [PATCH v5 0/7] Additional methods for Vec Greg KH
2025-05-07 16:46 ` Danilo Krummrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250502-vec-methods-v5-6-06d20ad9366f@google.com \
--to=aliceryhl@google.com \
--cc=dakr@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mmaurer@google.com \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).