fc6e66f469
Adds a new struct called `Page` that wraps a pointer to `struct page`. This struct is assumed to hold ownership over the page, so that Rust code can allocate and manage pages directly. The page type has various methods for reading and writing into the page. These methods will temporarily map the page to allow the operation. All of these methods use a helper that takes an offset and length, performs bounds checks, and returns a pointer to the given offset in the page. This patch only adds support for pages of order zero, as that is all Rust Binder needs. However, it is written to make it easy to add support for higher-order pages in the future. To do that, you would add a const generic parameter to `Page` that specifies the order. Most of the methods do not need to be adjusted, as the logic for dealing with mapping multiple pages at once can be isolated to just the `with_pointer_into_page` method. Rust Binder needs to manage pages directly as that is how transactions are delivered: Each process has an mmap'd region for incoming transactions. When an incoming transaction arrives, the Binder driver will choose a region in the mmap, allocate and map the relevant pages manually, and copy the incoming transaction directly into the page. This architecture allows the driver to copy transactions directly from the address space of one process to another, without an intermediate copy to a kernel buffer. This code is based on Wedson's page abstractions from the old rust branch, but it has been modified by Alice by removing the incomplete support for higher-order pages, by introducing the `with_*` helpers to consolidate the bounds checking logic into a single place, and various other changes. Co-developed-by: Wedson Almeida Filho <wedsonaf@gmail.com> Signed-off-by: Wedson Almeida Filho <wedsonaf@gmail.com> Reviewed-by: Andreas Hindborg <a.hindborg@samsung.com> Reviewed-by: Trevor Gross <tmgross@umich.edu> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Reviewed-by: Boqun Feng <boqun.feng@gmail.com> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Link: https://lore.kernel.org/r/20240528-alice-mm-v7-4-78222c31b8f4@google.com [ Fixed typos and added a few intra-doc links. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
89 lines
2.6 KiB
Rust
89 lines
2.6 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
//! Extensions to the [`alloc`] crate.
|
|
|
|
#[cfg(not(test))]
|
|
#[cfg(not(testlib))]
|
|
mod allocator;
|
|
pub mod box_ext;
|
|
pub mod vec_ext;
|
|
|
|
/// Indicates an allocation error.
|
|
#[derive(Copy, Clone, PartialEq, Eq, Debug)]
|
|
pub struct AllocError;
|
|
|
|
/// Flags to be used when allocating memory.
|
|
///
|
|
/// They can be combined with the operators `|`, `&`, and `!`.
|
|
///
|
|
/// Values can be used from the [`flags`] module.
|
|
#[derive(Clone, Copy)]
|
|
pub struct Flags(u32);
|
|
|
|
impl Flags {
|
|
/// Get the raw representation of this flag.
|
|
pub(crate) fn as_raw(self) -> u32 {
|
|
self.0
|
|
}
|
|
}
|
|
|
|
impl core::ops::BitOr for Flags {
|
|
type Output = Self;
|
|
fn bitor(self, rhs: Self) -> Self::Output {
|
|
Self(self.0 | rhs.0)
|
|
}
|
|
}
|
|
|
|
impl core::ops::BitAnd for Flags {
|
|
type Output = Self;
|
|
fn bitand(self, rhs: Self) -> Self::Output {
|
|
Self(self.0 & rhs.0)
|
|
}
|
|
}
|
|
|
|
impl core::ops::Not for Flags {
|
|
type Output = Self;
|
|
fn not(self) -> Self::Output {
|
|
Self(!self.0)
|
|
}
|
|
}
|
|
|
|
/// Allocation flags.
|
|
///
|
|
/// These are meant to be used in functions that can allocate memory.
|
|
pub mod flags {
|
|
use super::Flags;
|
|
|
|
/// Zeroes out the allocated memory.
|
|
///
|
|
/// This is normally or'd with other flags.
|
|
pub const __GFP_ZERO: Flags = Flags(bindings::__GFP_ZERO);
|
|
|
|
/// Allow the allocation to be in high memory.
|
|
///
|
|
/// Allocations in high memory may not be mapped into the kernel's address space, so this can't
|
|
/// be used with `kmalloc` and other similar methods.
|
|
///
|
|
/// This is normally or'd with other flags.
|
|
pub const __GFP_HIGHMEM: Flags = Flags(bindings::__GFP_HIGHMEM);
|
|
|
|
/// Users can not sleep and need the allocation to succeed.
|
|
///
|
|
/// A lower watermark is applied to allow access to "atomic reserves". The current
|
|
/// implementation doesn't support NMI and few other strict non-preemptive contexts (e.g.
|
|
/// raw_spin_lock). The same applies to [`GFP_NOWAIT`].
|
|
pub const GFP_ATOMIC: Flags = Flags(bindings::GFP_ATOMIC);
|
|
|
|
/// Typical for kernel-internal allocations. The caller requires ZONE_NORMAL or a lower zone
|
|
/// for direct access but can direct reclaim.
|
|
pub const GFP_KERNEL: Flags = Flags(bindings::GFP_KERNEL);
|
|
|
|
/// The same as [`GFP_KERNEL`], except the allocation is accounted to kmemcg.
|
|
pub const GFP_KERNEL_ACCOUNT: Flags = Flags(bindings::GFP_KERNEL_ACCOUNT);
|
|
|
|
/// For kernel allocations that should not stall for direct reclaim, start physical IO or
|
|
/// use any filesystem callback. It is very likely to fail to allocate memory, even for very
|
|
/// small allocations.
|
|
pub const GFP_NOWAIT: Flags = Flags(bindings::GFP_NOWAIT);
|
|
}
|