memory map: improvements to fight pitfalls (MemoryMap now owns the memory) #1175
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
phip1611
force-pushed
the
mmap
branch
2 times, most recently
from
a97a62b
to
d973341
Compare
phip1611
changed the title
|
This took me a while - it was much more complicated than anticipated. It is hard to come up with a nice and rusty solution due to the many conditions and limitations mentioned above (and in the commit messages). I think this is a clear improvement as we could get rid of the lifetime/slice in Memory Type. |
phip1611
commented
May 25, 2024
phip1611
commented
May 25, 2024
phip1611
force-pushed
the
mmap
branch
2 times, most recently
from
8cccd2d
to
42b1bef
Compare
uefi/src/table/boot.rs
Outdated
| Ok(Self::from_raw(ptr, len)) | ||
| } | ||
|
|
||
| fn from_raw(ptr: *mut u8, len: usize) -> Self { |
There was a problem hiding this comment.
This should be unsafe, but I'm not sure if it's needed at all; can we just fold it into new?
There was a problem hiding this comment.
It is needed. It is the common constructor for the unit test constructor and the runtime constructor.
There was a problem hiding this comment.
Marked as as unsafe.
|
I agree, changing |
This was referenced Jun 8, 2024
phip1611
changed the title
phip1611
force-pushed
the
mmap
branch
2 times, most recently
from
32d8dc8
to
3f33fbb
Compare
|
Ready for the next review round. I know this is complex and hard to review, but I think it is definetely a step forward and an improvement. Let me know what you think @nicholasbishop - I hope I could address all open questions. I recommend to review this commit by commit. |
phip1611
force-pushed
the
mmap
branch
2 times, most recently
from
13cef07
to
7045074
Compare
This helps to prevent confusions. MemoryDescriptors and their reported size are already a pitfall. So at least we should refrain from using non-standard names for them.
This prepares the following changes.
This is an attempt to simplify the overall complex handling of obtaining the UEFI memory map. We have the following pre-requisites and use-cases all to keep in mind when designing the functions and associated helper types: - the memory map itself needs memory; typically on the UEFI heap - acquiring that memory and storing the memory map inside it are two distinct steps - the memory map is not just a slice of [MemoryDescriptor] (desc_size is bigger than size_of) - the required map size can be obtained by a call to a boot service function - the needed memory might change due to hidden or asynchronous allocations between the allocation of a buffer and storing the memory map inside it - when boot services are excited, best practise has shown (looking at linux code) that one should use the same buffer (with some extra capacity) and call exit_boot_services with that buffer at most two times in a loop This makes it hard to come up with an ergonomic solution such as using a Box or any other high-level Rust type. The main simplification of my design is that the MemoryMap type now doesn't has a reference to memory anymore but actually owns it. This also models the real world use case where one typically obtains the memory map once when boot services are exited. A &'static [u8] on the MemoryMap just creates more confusion that it brings any benefit. The MemoryMap now knows whether boot services are still active and frees that memory, or it doesn't if the boot services are exited. This means less fiddling with life-times and less cognitive overhead when - reading the code - calling BootService::memory_map independently of exit_boot_services
This prepares the next commit.
This is now a benefit compared to the old API. This wasn't possible.
nicholasbishop
approved these changes
Jun 23, 2024
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow-up of #1174 that improves the MemoryMap abstraction.
entry_size->desc_sizeThis is an attempt to simplify the overall complex handling of obtaining the UEFI memory
map. We have the following pre-requisites and use-cases all to keep in mind when
designing the functions and associated helper types:
size_of)
between the allocation of a buffer and storing the memory map inside it
that one should use the same buffer (with some extra capacity) and call
exit_boot_services with that buffer at most two times in a loop
This makes it hard to come up with an ergonomic solution such as using a Box
or any other high-level Rust type.
The main simplification of my design is that the MemoryMap type now doesn't
has a reference to memory anymore but actually owns it. This also models the
real world use case where one typically obtains the memory map once when
boot services are exited. A &'static [u8] on the MemoryMap just creates more
confusion that it brings any benefit.
The MemoryMap now knows whether boot services are still active and frees
that memory, or it doesn't if the boot services are exited. This means
less fiddling with life-times and less cognitive overhead when
Checklist