mbox series

[v7,0/4] Memory management patches needed by Rust Binder

Message ID 20240528-alice-mm-v7-0-78222c31b8f4@google.com (mailing list archive)
Headers show
Series Memory management patches needed by Rust Binder | expand

Message

Alice Ryhl May 28, 2024, 2:58 p.m. UTC
This patchset contains some abstractions needed by the Rust
implementation of the Binder driver for passing data between userspace,
kernelspace, and directly into other processes.

These abstractions do not exactly match what was included in the Rust
Binder RFC - I have made various improvements and simplifications since
then. Nonetheless, please see the Rust Binder RFC [1] to get an
understanding for how this will be used:

Users of "rust: add userspace pointers"
     and "rust: add typed accessors for userspace pointers":
	rust_binder: add binderfs support to Rust binder
	rust_binder: add threading support
	rust_binder: add nodes and context managers
	rust_binder: add oneway transactions
	rust_binder: add death notifications
	rust_binder: send nodes in transactions
	rust_binder: add BINDER_TYPE_PTR support
	rust_binder: add BINDER_TYPE_FDA support
	rust_binder: add process freezing

Users of "rust: add abstraction for `struct page`":
	rust_binder: add oneway transactions
	rust_binder: add vma shrinker

Links: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-0-08ba9197f637@google.com/ [1]
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
---
Changes in v7:
- Fix call to `reserve` under `make rusttest`.
- Add comment on _inline_copy_from_user.
- Add Reviewed-by tags.
- Link to v6: https://lore.kernel.org/r/20240418-alice-mm-v6-0-cb8f3e5d688f@google.com

Changes in v6:
- Base on top of Wedson's Allocation APIs patchset.
  - Do not define my own gfp flags, instead use the ones that are now
    available in `kernel::alloc`.
  - Add gfp flags to `read_all` methods instead of always using
    GFP_KERNEL.
  - The __GFP_HIGHMEM flag is not provided by the Allocation APIs
    patchset, and I do not add it here. I will send a separate patchset
    for adding it.
- Use usize instead of void pointer for userspace address.
- Add _raw suffix to `fill_zero` and `copy_from_user_slice`.
- Do not allow interior mutability in AsBytes/FromBytes.
- Doc changes:
  - Mention that validity of user slices is checked at read/write time,
    not in the constructor of the user slice.
  - Mention that methods can also return EFAULT if a bounds check fails.
  - Mention that methods may have partially copied data even if they
    return EFAULT.
  - Add link from `read_raw` to `read_slice`.
  - Move comment about initialized memory on `read_raw` to
    `# Guarantees` section.
  - Add examples for `Page::alloc_page`.
  - A previous version renamed UserSlicePtr to UserSlice but forgot to
    update that in the commit message. Commit message fixed in this
    version.
- Add Reviewed-by tags submitted on v5.
- Link to v5: https://lore.kernel.org/rust-for-linux/20240415-alice-mm-v5-0-6f55e4d8ef51@google.com/

Changes in v5:
- Fix casts in declarations of PAGE_* constants.
- Fix formatting of PAGE_MASK.
- Reformat comments at 100 line length.
- Minor fixes to safety comments of `read_raw` and `write_slice`.
- Link to v4: https://lore.kernel.org/rust-for-linux/20240404-alice-mm-v4-0-49a84242cf02@google.com/

Changes in v4:
- Rephrase when we fail with EFAULT.
- Remove `pub` from examples.
- Use slices for raw uaccess methods.
- Fix PAGE_MASK constant.
- Rephrase most safety comments in Page abstraction.
- Make with_pointer_into_page and with_page_mapped private.
- Explain how raw pointers into pages are used correctly.
- Other minor doc improvements.
- Link to v3: https://lore.kernel.org/rust-for-linux/20240311-alice-mm-v3-0-cdf7b3a2049c@google.com/

Changes in v3:
- Fix bug in read_all.
- Add missing `#include <linux/nospec.h>`.
- Mention that the second patch passes CONFIG_TEST_USER_COPY.
- Add gfp flags for Page.
- Minor documentation adjustments.
- Link to v2: https://lore.kernel.org/rust-for-linux/20240208-alice-mm-v2-0-d821250204a6@google.com/

Changes in v2:
- Rename user_ptr module to uaccess.
- Use srctree-relative links.
- Improve documentation.
- Rename UserSlicePtr to UserSlice.
- Make read_to_end append to the buffer.
- Use named fields for uaccess types.
- Add examples.
- Use _copy_from/to_user to skip check_object_size.
- Rename traits and move to kernel::types.
- Remove PAGE_MASK constant.
- Rename page methods to say _raw.
- Link to v1: https://lore.kernel.org/rust-for-linux/20240124-alice-mm-v1-0-d1abcec83c44@google.com/

---
Alice Ryhl (2):
      rust: uaccess: add typed accessors for userspace pointers
      rust: add abstraction for `struct page`

Arnd Bergmann (1):
      uaccess: always export _copy_[from|to]_user with CONFIG_RUST

Wedson Almeida Filho (1):
      rust: uaccess: add userspace pointers

 include/linux/uaccess.h         |  46 +++--
 lib/usercopy.c                  |  30 +---
 rust/bindings/bindings_helper.h |   1 +
 rust/helpers.c                  |  34 ++++
 rust/kernel/alloc.rs            |   7 +
 rust/kernel/lib.rs              |   2 +
 rust/kernel/page.rs             | 250 ++++++++++++++++++++++++++
 rust/kernel/types.rs            |  64 +++++++
 rust/kernel/uaccess.rs          | 388 ++++++++++++++++++++++++++++++++++++++++
 9 files changed, 782 insertions(+), 40 deletions(-)
---
base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0
change-id: 20231128-alice-mm-bc533456cee8

Best regards,

Comments

Miguel Ojeda July 9, 2024, 8:02 a.m. UTC | #1
On Tue, May 28, 2024 at 4:58 PM Alice Ryhl <aliceryhl@google.com> wrote:
>
> This patchset contains some abstractions needed by the Rust
> implementation of the Binder driver for passing data between userspace,
> kernelspace, and directly into other processes.
>
> These abstractions do not exactly match what was included in the Rust
> Binder RFC - I have made various improvements and simplifications since
> then. Nonetheless, please see the Rust Binder RFC [1] to get an
> understanding for how this will be used:
>
> Users of "rust: add userspace pointers"
>      and "rust: add typed accessors for userspace pointers":
>         rust_binder: add binderfs support to Rust binder
>         rust_binder: add threading support
>         rust_binder: add nodes and context managers
>         rust_binder: add oneway transactions
>         rust_binder: add death notifications
>         rust_binder: send nodes in transactions
>         rust_binder: add BINDER_TYPE_PTR support
>         rust_binder: add BINDER_TYPE_FDA support
>         rust_binder: add process freezing
>
> Users of "rust: add abstraction for `struct page`":
>         rust_binder: add oneway transactions
>         rust_binder: add vma shrinker
>
> Links: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-0-08ba9197f637@google.com/ [1]
> Signed-off-by: Alice Ryhl <aliceryhl@google.com>

Applied to `rust-next` -- thanks everyone!

[ Wrapped docs to 100 and added a few intra-doc links. - Miguel ]
[ Fixed typos and added a few intra-doc links. - Miguel ]

Cheers,
Miguel
Alice Ryhl July 9, 2024, 9:46 a.m. UTC | #2
On Tue, Jul 9, 2024 at 10:02 AM Miguel Ojeda
<miguel.ojeda.sandonis@gmail.com> wrote:
>
> On Tue, May 28, 2024 at 4:58 PM Alice Ryhl <aliceryhl@google.com> wrote:
> >
> > This patchset contains some abstractions needed by the Rust
> > implementation of the Binder driver for passing data between userspace,
> > kernelspace, and directly into other processes.
> >
> > These abstractions do not exactly match what was included in the Rust
> > Binder RFC - I have made various improvements and simplifications since
> > then. Nonetheless, please see the Rust Binder RFC [1] to get an
> > understanding for how this will be used:
> >
> > Users of "rust: add userspace pointers"
> >      and "rust: add typed accessors for userspace pointers":
> >         rust_binder: add binderfs support to Rust binder
> >         rust_binder: add threading support
> >         rust_binder: add nodes and context managers
> >         rust_binder: add oneway transactions
> >         rust_binder: add death notifications
> >         rust_binder: send nodes in transactions
> >         rust_binder: add BINDER_TYPE_PTR support
> >         rust_binder: add BINDER_TYPE_FDA support
> >         rust_binder: add process freezing
> >
> > Users of "rust: add abstraction for `struct page`":
> >         rust_binder: add oneway transactions
> >         rust_binder: add vma shrinker
> >
> > Links: https://lore.kernel.org/rust-for-linux/20231101-rust-binder-v1-0-08ba9197f637@google.com/ [1]
> > Signed-off-by: Alice Ryhl <aliceryhl@google.com>
>
> Applied to `rust-next` -- thanks everyone!
>
> [ Wrapped docs to 100 and added a few intra-doc links. - Miguel ]
> [ Fixed typos and added a few intra-doc links. - Miguel ]

Thanks, LGTM.