implement the equivalent of the rust std's Vec::resize
on the kernel's Vec type.
Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
---
rust/kernel/alloc/kvec.rs | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
index 18bcc59f0b38..eb6d40a1bf8b 100644
--- a/rust/kernel/alloc/kvec.rs
+++ b/rust/kernel/alloc/kvec.rs
@@ -554,6 +554,32 @@ pub fn from_elem(value: T, n: usize, flags: Flags) -> Result<Self, AllocError> {
Ok(v)
}
+
+ /// Resizes the [`Vec`] so that `len` is equal to `new_len`.
+ ///
+ /// If `new_len` is smaller than `len`, the `Vec` is [`Vec::truncate`]d.
+ /// If `new_len` is larger, each new slot is filled with clones of `value`.
+ ///
+ /// # Examples
+ ///
+ /// ```
+ /// let mut v = kernel::kvec![1, 2, 3]?;
+ /// v.resize(1, 42, GFP_KERNEL)?;
+ /// assert_eq!(&v, &[1]);
+ ///
+ /// v.resize(3, 42, GFP_KERNEL)?;
+ /// assert_eq!(&v, &[1, 42, 42]);
+ ///
+ /// # Ok::<(), Error>(())
+ /// ```
+ pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
+ if new_len > self.len() {
+ self.extend_with(new_len - self.len(), value, flags)
+ } else {
+ self.truncate(new_len);
+ Ok(())
+ }
+ }
}
impl<T, A> Drop for Vec<T, A>
--
2.48.1On Sun, Mar 16, 2025 at 7:17 AM Andrew Ballance
<andrewjballance@gmail.com> wrote:
>
> implement the equivalent of the rust std's Vec::resize
> on the kernel's Vec type.
>
> Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
> ---
> rust/kernel/alloc/kvec.rs | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs
> index 18bcc59f0b38..eb6d40a1bf8b 100644
> --- a/rust/kernel/alloc/kvec.rs
> +++ b/rust/kernel/alloc/kvec.rs
> @@ -554,6 +554,32 @@ pub fn from_elem(value: T, n: usize, flags: Flags) -> Result<Self, AllocError> {
>
> Ok(v)
> }
> +
> + /// Resizes the [`Vec`] so that `len` is equal to `new_len`.
> + ///
> + /// If `new_len` is smaller than `len`, the `Vec` is [`Vec::truncate`]d.
> + /// If `new_len` is larger, each new slot is filled with clones of `value`.
> + ///
> + /// # Examples
> + ///
> + /// ```
> + /// let mut v = kernel::kvec![1, 2, 3]?;
> + /// v.resize(1, 42, GFP_KERNEL)?;
> + /// assert_eq!(&v, &[1]);
> + ///
> + /// v.resize(3, 42, GFP_KERNEL)?;
> + /// assert_eq!(&v, &[1, 42, 42]);
> + ///
> + /// # Ok::<(), Error>(())
> + /// ```
> + pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
> + if new_len > self.len() {
> + self.extend_with(new_len - self.len(), value, flags)
> + } else {
> + self.truncate(new_len);
> + Ok(())
> + }
> + }
You can avoid underflow checking in debug builds by using `checked_sub`:
match new_len.checked_sub(self.len()) {
Some(n) => self.extend_with(n, value, flags),
None => {
self.truncate(new_len);
Ok(())
}
}
> }
>
> impl<T, A> Drop for Vec<T, A>
> --
> 2.48.1
>
>
Either way:
Reviewed-by: Tamir Duberstein <tamird@gmail.com>
On Tue Mar 18, 2025 at 9:12 PM CET, Tamir Duberstein wrote:
> On Sun, Mar 16, 2025 at 7:17 AM Andrew Ballance
> <andrewjballance@gmail.com> wrote:
>> + pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
>> + if new_len > self.len() {
>> + self.extend_with(new_len - self.len(), value, flags)
>> + } else {
>> + self.truncate(new_len);
>> + Ok(())
>> + }
>> + }
>
> You can avoid underflow checking in debug builds by using `checked_sub`:
`checked_sub` doesn't only avoid underflow in debug builds, but rather
in all builds. But the code below is a good suggestion.
---
Cheers,
Benno
> match new_len.checked_sub(self.len()) {
> Some(n) => self.extend_with(n, value, flags),
> None => {
> self.truncate(new_len);
> Ok(())
> }
> }
>
>> }
>>
>> impl<T, A> Drop for Vec<T, A>
>> --
>> 2.48.1
>>
>>
>
> Either way:
>
> Reviewed-by: Tamir Duberstein <tamird@gmail.com>
On Tue, Mar 18, 2025 at 8:50 PM Benno Lossin <benno.lossin@proton.me> wrote:
>
> On Tue Mar 18, 2025 at 9:12 PM CET, Tamir Duberstein wrote:
> > On Sun, Mar 16, 2025 at 7:17 AM Andrew Ballance
> > <andrewjballance@gmail.com> wrote:
> >> + pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
> >> + if new_len > self.len() {
> >> + self.extend_with(new_len - self.len(), value, flags)
> >> + } else {
> >> + self.truncate(new_len);
> >> + Ok(())
> >> + }
> >> + }
> >
> > You can avoid underflow checking in debug builds by using `checked_sub`:
>
> `checked_sub` doesn't only avoid underflow in debug builds, but rather
> in all builds. But the code below is a good suggestion.
Yes, I know :)
I included that language because the underflow check is likely
optimized away in release builds.
Tamir
On Wed Mar 19, 2025 at 2:42 PM CET, Tamir Duberstein wrote:
> On Tue, Mar 18, 2025 at 8:50 PM Benno Lossin <benno.lossin@proton.me> wrote:
>>
>> On Tue Mar 18, 2025 at 9:12 PM CET, Tamir Duberstein wrote:
>> > On Sun, Mar 16, 2025 at 7:17 AM Andrew Ballance
>> > <andrewjballance@gmail.com> wrote:
>> >> + pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
>> >> + if new_len > self.len() {
>> >> + self.extend_with(new_len - self.len(), value, flags)
>> >> + } else {
>> >> + self.truncate(new_len);
>> >> + Ok(())
>> >> + }
>> >> + }
>> >
>> > You can avoid underflow checking in debug builds by using `checked_sub`:
>>
>> `checked_sub` doesn't only avoid underflow in debug builds, but rather
>> in all builds. But the code below is a good suggestion.
>
> Yes, I know :)
>
> I included that language because the underflow check is likely
> optimized away in release builds.
If the function is inlined and the compiler can argue that `new_len >
self.len()`, then yes, but otherwise I'm pretty sure it won't be
optimized away.
Also if it is optimized away, then the check was still "executed", so I
find it a bit misleading to say "in debug builds" (making it sound like
it wouldn't do it in non-debug builds).
---
Cheers,
Benno
On Wed, Mar 19, 2025 at 10:34 AM Benno Lossin <benno.lossin@proton.me> wrote:
>
> On Wed Mar 19, 2025 at 2:42 PM CET, Tamir Duberstein wrote:
> > On Tue, Mar 18, 2025 at 8:50 PM Benno Lossin <benno.lossin@proton.me> wrote:
> >>
> >> On Tue Mar 18, 2025 at 9:12 PM CET, Tamir Duberstein wrote:
> >> > On Sun, Mar 16, 2025 at 7:17 AM Andrew Ballance
> >> > <andrewjballance@gmail.com> wrote:
> >> >> + pub fn resize(&mut self, new_len: usize, value: T, flags: Flags) -> Result<(), AllocError> {
> >> >> + if new_len > self.len() {
> >> >> + self.extend_with(new_len - self.len(), value, flags)
> >> >> + } else {
> >> >> + self.truncate(new_len);
> >> >> + Ok(())
> >> >> + }
> >> >> + }
> >> >
> >> > You can avoid underflow checking in debug builds by using `checked_sub`:
> >>
> >> `checked_sub` doesn't only avoid underflow in debug builds, but rather
> >> in all builds. But the code below is a good suggestion.
> >
> > Yes, I know :)
> >
> > I included that language because the underflow check is likely
> > optimized away in release builds.
>
> If the function is inlined and the compiler can argue that `new_len >
> self.len()`, then yes, but otherwise I'm pretty sure it won't be
> optimized away.
>
> Also if it is optimized away, then the check was still "executed", so I
> find it a bit misleading to say "in debug builds" (making it sound like
> it wouldn't do it in non-debug builds).
If we're talking about the same thing then I think we're both wrong
and the correct phrasing would have been: "you can avoid underflow
checking when CONFIG_RUST_OVERFLOW_CHECKS=y by using `checked_sub`". I
was referring to the underflow check implicit in `new_len -
self.len()`.
On Wed, Mar 19, 2025 at 4:59 PM Tamir Duberstein <tamird@gmail.com> wrote: > > If we're talking about the same thing then I think we're both wrong > and the correct phrasing would have been: "you can avoid underflow > checking when CONFIG_RUST_OVERFLOW_CHECKS=y by using `checked_sub`". I > was referring to the underflow check implicit in `new_len - > self.len()`. `checked_sub` always checks (if not optimized away). The config option is about the implicit one. Do you mean avoiding panics? Cheers, Miguel
On Wed, Mar 19, 2025 at 12:06 PM Miguel Ojeda
<miguel.ojeda.sandonis@gmail.com> wrote:
>
> On Wed, Mar 19, 2025 at 4:59 PM Tamir Duberstein <tamird@gmail.com> wrote:
> >
> > If we're talking about the same thing then I think we're both wrong
> > and the correct phrasing would have been: "you can avoid underflow
> > checking when CONFIG_RUST_OVERFLOW_CHECKS=y by using `checked_sub`". I
> > was referring to the underflow check implicit in `new_len -
> > self.len()`.
>
> `checked_sub` always checks (if not optimized away). The config option
> is about the implicit one.
>
> Do you mean avoiding panics?
No, I meant avoiding the check. The existing code already explicitly
checks `new_len > self.len()` before evaluating `new_len -
self.len()`. This means the check occurs twice. `checked_sub` reduces
the number of checks by 1. Perhaps my wording could have been clearer
("avoid *an* underflow check").
Tamir
On Wed, Mar 19, 2025 at 5:13 PM Tamir Duberstein <tamird@gmail.com> wrote:
>
> No, I meant avoiding the check. The existing code already explicitly
> checks `new_len > self.len()` before evaluating `new_len -
> self.len()`. This means the check occurs twice. `checked_sub` reduces
> the number of checks by 1. Perhaps my wording could have been clearer
> ("avoid *an* underflow check").
Ah, you mean in the function you suggested, I see.
I think it they all may compile down to the same thing, whether
overflows checks are enabled or not, and whether the version in the
patch or `checked_sub` is used or not. At least in a quick Compiler
Explorer test it seems so, but I didn't check in an actual kernel
build.
The implicit check is gated behind the other one, so that one can be
removed, even if values are unknown -- we always have optimizations
enabled, even under "debug" builds (assuming "debug" means overflow
checking enabled).
Cheers,
Miguel
On Wed, Mar 19, 2025 at 12:43 PM Miguel Ojeda
<miguel.ojeda.sandonis@gmail.com> wrote:
>
> On Wed, Mar 19, 2025 at 5:13 PM Tamir Duberstein <tamird@gmail.com> wrote:
> >
> > No, I meant avoiding the check. The existing code already explicitly
> > checks `new_len > self.len()` before evaluating `new_len -
> > self.len()`. This means the check occurs twice. `checked_sub` reduces
> > the number of checks by 1. Perhaps my wording could have been clearer
> > ("avoid *an* underflow check").
>
> Ah, you mean in the function you suggested, I see.
>
> I think it they all may compile down to the same thing, whether
> overflows checks are enabled or not, and whether the version in the
> patch or `checked_sub` is used or not. At least in a quick Compiler
> Explorer test it seems so, but I didn't check in an actual kernel
> build.
>
> The implicit check is gated behind the other one, so that one can be
> removed, even if values are unknown -- we always have optimizations
> enabled, even under "debug" builds (assuming "debug" means overflow
> checking enabled).
Yeah, this elision is what I was trying to allude to in the original
wording. I still think the suggested code is simpler, but gave my RB
either way.
On Sun Mar 16, 2025 at 12:16 PM CET, Andrew Ballance wrote: > implement the equivalent of the rust std's Vec::resize > on the kernel's Vec type. > > Signed-off-by: Andrew Ballance <andrewjballance@gmail.com> Reviewed-by: Benno Lossin <benno.lossin@proton.me> --- Cheers, Benno > --- > rust/kernel/alloc/kvec.rs | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+)
© 2016 - 2025 Red Hat, Inc.