rust: alloc: fix dangling pointer in VecExt<T>::reserve()

dakr · ojeda · commit 97ab3e8eec0c · 2024-05-08T00:43:30.000+02:00
Currently, a Vec<T>'s ptr value, after calling Vec<T>::new(), is initialized to Unique::dangling(). Hence, in VecExt<T>::reserve(), we're passing a dangling pointer (instead of NULL) to krealloc() whenever a new Vec<T>'s backing storage is allocated through VecExt<T> extension functions. This only works as long as align_of::<T>(), used by Unique::dangling() to derive the dangling pointer, resolves to a value between 0x0 and ZERO_SIZE_PTR (0x10) and krealloc() hence treats it the same as a NULL pointer however. This isn't a case we should rely on, since there may be types whose alignment may exceed the range still covered by krealloc(), plus other kernel allocators are not as tolerant either. Instead, pass a real NULL pointer to krealloc_aligned() if Vec<T>'s capacity is zero. Fixes: 5ab560c ("rust: alloc: update `VecExt` to take allocation flags") Reviewed-by: Alice Ryhl <aliceryhl@google.com> Reviewed-by: Boqun Feng <boqun.feng@gmail.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> Signed-off-by: Danilo Krummrich <dakr@redhat.com> Reviewed-by: Wedson Almeida Filho <walmeida@microsoft.com> Link: https://lore.kernel.org/r/20240501134834.22323-1-dakr@redhat.com [ Solved `use` conflict and applied the `if`-instead-of-`match` change discussed in the list. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
diff --git a/rust/kernel/alloc/vec_ext.rs b/rust/kernel/alloc/vec_ext.rs
@@ -4,6 +4,7 @@
 
 use super::{AllocError, Flags};
 use alloc::vec::Vec;
+use core::ptr;
 
 /// Extensions to [`Vec`].
 pub trait VecExt<T>: Sized {
@@ -134,14 +135,20 @@ impl<T> VecExt<T> for Vec<T> {
         let new_cap = core::cmp::max(cap * 2, len.checked_add(additional).ok_or(AllocError)?);
         let layout = core::alloc::Layout::array::<T>(new_cap).map_err(|_| AllocError)?;
 
-        let (ptr, len, cap) = destructure(self);
+        let (old_ptr, len, cap) = destructure(self);
+
+        // We need to make sure that `ptr` is either NULL or comes from a previous call to
+        // `krealloc_aligned`. A `Vec<T>`'s `ptr` value is not guaranteed to be NULL and might be
+        // dangling after being created with `Vec::new`. Instead, we can rely on `Vec<T>`'s capacity
+        // to be zero if no memory has been allocated yet.
+        let ptr = if cap == 0 { ptr::null_mut() } else { old_ptr };
 
         // SAFETY: `ptr` is valid because it's either NULL or comes from a previous call to
         // `krealloc_aligned`. We also verified that the type is not a ZST.
         let new_ptr = unsafe { super::allocator::krealloc_aligned(ptr.cast(), layout, flags) };
         if new_ptr.is_null() {
             // SAFETY: We are just rebuilding the existing `Vec` with no changes.
-            unsafe { rebuild(self, ptr, len, cap) };
+            unsafe { rebuild(self, old_ptr, len, cap) };
             Err(AllocError)
         } else {
             // SAFETY: `ptr` has been reallocated with the layout for `new_cap` elements. New cap
