On Tue, 13 Jun 2023 09:42:58 -0700 Boqun Feng <boqun.feng@xxxxxxxxx> wrote: > Currently the KernelAllocator simply passes the size of the type Layout > to krealloc(), and in theory the alignment requirement from the type > Layout may be larger than the guarantee provided by SLAB, which means > the allocated object is mis-aligned. > > Fixes this by adjusting the allocation size to the nearest power of two, > which SLAB always guarantees a size-aligned allocation. And because Rust > guarantees that original size must be a multiple of alignment and the > alignment must be a power of two, then the alignment requirement is > satisfied. > > Suggested-by: Vlastimil Babka <vbabka@xxxxxxx> > Co-developed-by: Andreas Hindborg (Samsung) <nmi@xxxxxxxxxxxx> > Signed-off-by: Andreas Hindborg (Samsung) <nmi@xxxxxxxxxxxx> > Signed-off-by: Boqun Feng <boqun.feng@xxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx # v6.1+ Reviewed-by: Gary Guo <gary@xxxxxxxxxxx> > --- > Some more explanation: > > * Layout is a data structure describing a particular memory layout, > conceptionally it has two fields: align and size. > > * align is guaranteed to be a power of two. > * size can be smaller than align (only when the Layout is created via > Layout::from_align_size()) > * After pad_to_align(), the size is guaranteed to be a multiple of > align > > For more information, please see: > > https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html > > rust/bindings/bindings_helper.h | 1 + > rust/kernel/allocator.rs | 17 ++++++++++++++++- > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h > index 3e601ce2548d..6619ce95dd37 100644 > --- a/rust/bindings/bindings_helper.h > +++ b/rust/bindings/bindings_helper.h > @@ -15,3 +15,4 @@ > /* `bindgen` gets confused at certain things. */ > const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL; > const gfp_t BINDINGS___GFP_ZERO = __GFP_ZERO; > +const size_t BINDINGS_ARCH_SLAB_MINALIGN = ARCH_SLAB_MINALIGN; > diff --git a/rust/kernel/allocator.rs b/rust/kernel/allocator.rs > index 397a3dd57a9b..66575cf87ce2 100644 > --- a/rust/kernel/allocator.rs > +++ b/rust/kernel/allocator.rs > @@ -11,9 +11,24 @@ > > unsafe impl GlobalAlloc for KernelAllocator { > unsafe fn alloc(&self, layout: Layout) -> *mut u8 { > + // Customized layouts from `Layout::from_size_align()` can have size < align, so pads first. > + let layout = layout.pad_to_align(); > + > + let mut size = layout.size(); > + > + if layout.align() > bindings::BINDINGS_ARCH_SLAB_MINALIGN { > + // The alignment requirement exceeds the slab guarantee, then tries to enlarges the size > + // to use the "power-of-two" size/alignment guarantee (see comments in kmalloc() for > + // more information). > + // > + // Note that `layout.size()` (after padding) is guaranteed to be muliples of > + // `layout.align()`, so `next_power_of_two` gives enough alignment guarantee. > + size = size.next_power_of_two(); > + } > + > // `krealloc()` is used instead of `kmalloc()` because the latter is > // an inline function and cannot be bound to as a result. > - unsafe { bindings::krealloc(ptr::null(), layout.size(), bindings::GFP_KERNEL) as *mut u8 } > + unsafe { bindings::krealloc(ptr::null(), size, bindings::GFP_KERNEL) as *mut u8 } > } > > unsafe fn dealloc(&self, ptr: *mut u8, _layout: Layout) {
