Hi,
Thanks for the feedback.
On 19/11/2024 19:07, Jann Horn wrote:
+ pub fn page_slice_to_page<'a>(page: &PageSlice) -> Result<&'a Self>
Sorry, can you explain to me what the semantics of this are? Does this
create a Page reference that is not lifetime-bound to the PageSlice?
This creates a Page reference that is tied to the lifetime of the `C
struct page` behind the PageSlice buffer. Basically, it's just a cast
from the struct page pointer and does not own that resource.
+fn to_vec_with_allocator<A: Allocator>(val: &[u8]) -> Result<Vec<PageSlice, A>, AllocError> {
Do I understand correctly that this can be used to create a kmalloc
allocation whose pages can then basically be passed to
page_slice_to_page()?
FYI, the page refcount does not protect against UAF of slab
allocations through new slab allocations of the same size. In other
words: The slab allocator can internally recycle memory without going
through the page allocator, and the slab allocator itself does not
care about page refcounts.
If the Page returned from calling page_slice_to_page() on the slab
memory pages returned from to_vec_with_allocator() is purely usable as
a borrow and there is no way to later grab a refcounted reference to
it or pass it into a C function that assumes it can grab a reference
to the page, I guess that works.
Yes, I think that is the intent. I appreciate your help in pointing out
the issues with using refcounts in slab memory pages. As you can see,
page_slice_to_page() only returns a Page reference (not a refcounted
Page). Hopefully that addresses your concern?
Regards,
Abdiel
