Re: [PATCH v8 06/29] rust: alloc: implement `Allocator` for `Kmalloc`

From: Gary Guo
Date: Tue Oct 01 2024 - 14:26:31 EST


On Tue, 1 Oct 2024 16:59:41 +0200
Danilo Krummrich <dakr@xxxxxxxxxx> wrote:

> Implement `Allocator` for `Kmalloc`, the kernel's default allocator,
> typically used for objects smaller than page size.
>
> All memory allocations made with `Kmalloc` end up in `krealloc()`.
>
> It serves as allocator for the subsequently introduced types `KBox` and
> `KVec`.
>
> Signed-off-by: Danilo Krummrich <dakr@xxxxxxxxxx>

Reviewed-by: Gary Guo <gary@xxxxxxxxxxx>

> ---
> rust/kernel/alloc/allocator.rs | 31 ++++++++++++++++++++++++++++---
> 1 file changed, 28 insertions(+), 3 deletions(-)
>
> diff --git a/rust/kernel/alloc/allocator.rs b/rust/kernel/alloc/allocator.rs
> index 1f28b004b447..4f3c3ab7c7a2 100644
> --- a/rust/kernel/alloc/allocator.rs
> +++ b/rust/kernel/alloc/allocator.rs
> @@ -13,10 +13,16 @@
> use core::ptr;
> use core::ptr::NonNull;
>
> -use crate::alloc::AllocError;
> +use crate::alloc::{AllocError, Allocator};
> use crate::bindings;
>
> -struct Kmalloc;
> +/// The contiguous kernel allocator.
> +///
> +/// `Kmalloc` is typically used for physically contiguous allocations up to page size, but also
> +/// supports larger allocations up to `bindings::KMALLOC_MAX_SIZE`, which is hardware specific.
> +///
> +/// For more details see [self].
> +pub struct Kmalloc;
>
> /// Returns a proper size to alloc a new object aligned to `new_layout`'s alignment.
> fn aligned_size(new_layout: Layout) -> usize {
> @@ -53,8 +59,10 @@ struct ReallocFunc(
> unsafe extern "C" fn(*const core::ffi::c_void, usize, u32) -> *mut core::ffi::c_void,
> );
>
> -#[expect(dead_code)]
> impl ReallocFunc {
> + // INVARIANT: `krealloc` satisfies the type invariants.
> + const KREALLOC: Self = Self(bindings::krealloc);
> +
> /// # Safety
> ///
> /// This method has the same safety requirements as [`Allocator::realloc`].
> @@ -106,6 +114,23 @@ unsafe fn call(
> }
> }
>
> +// SAFETY: `realloc` delegates to `ReallocFunc::call`, which guarantees that
> +// - memory remains valid until it is explicitly freed,
> +// - passing a pointer to a valid memory allocation is OK,
> +// - `realloc` satisfies the guarantees, since `ReallocFunc::call` has the same.
> +unsafe impl Allocator for Kmalloc {
> + #[inline]
> + unsafe fn realloc(
> + ptr: Option<NonNull<u8>>,
> + layout: Layout,
> + old_layout: Layout,
> + flags: Flags,
> + ) -> Result<NonNull<[u8]>, AllocError> {
> + // SAFETY: `ReallocFunc::call` has the same safety requirements as `Allocator::realloc`.
> + unsafe { ReallocFunc::KREALLOC.call(ptr, layout, old_layout, flags) }
> + }
> +}
> +
> unsafe impl GlobalAlloc for Kmalloc {
> unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
> // SAFETY: `ptr::null_mut()` is null and `layout` has a non-zero size by the function safety