Cleanup of deprecated functions + Behavioral Clarifications #307
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
roypat
requested review from
alexandruag,
bonzini and
jiangliu
as code owners
roypat
force-pushed
the
deprecation-cleanup
branch
from
1155812 to
514b5b2
Compare
|
With this change, the next release should be |
roypat
force-pushed
the
deprecation-cleanup
branch
2 times, most recently
from
559c3c6 to
becfd0e
Compare
Yup! |
roypat
force-pushed
the
deprecation-cleanup
branch
2 times, most recently
from
7be0764 to
8fd12ef
Compare
roypat
force-pushed
the
deprecation-cleanup
branch
from
8fd12ef to
e4f291d
Compare
4 tasks
bonzini
reviewed
Jan 28, 2025
There was a problem hiding this comment.
I'm too out of the loop to approve anything, but it looks good.
The only comments I have are:
- you could add methods to read/write a ByteValued from an
impl Read/impl Write truncateneeds to be renamed, and I'd personally make it returnResultbut I'm not going to insiste
So the next release would be 1.0? :)
Thanks for having a look anyway!
see inline comments :)
slowly but surely working towards it at least, I hope :D |
roypat
force-pushed
the
deprecation-cleanup
branch
from
37b015b to
32324d0
Compare
This fixes a cargo warning printed in recent toolchains. Since we do not support toolchains older than 1.38, there is no need to symlink to the new file to the old one. Signed-off-by: Patrick Roy <[email protected]>
The call to `.subslice()` ensures that the range `[0, total]` is a valid
subslice of the `buf: VolatileSlice` passed in. But `total =
min(buf.len(), self.len()) <= buf.len()`, and thus `[0, total]` is
definitely a valid subslice of `buf`.
The `copy_{from,to}_volatile_slice` functions do not actually care about
the length of the `VolatileSlice` passed in - it relies on the safety
invariant to ensure that the passed slice has length at least `total`.
Thus it doesn't matter if we pass a slice of length `total`, or of a
length greater than `total`. It will simply access the first `total`
bytes in the slice.
Also clarify the safety comment, as some slightly mistakes seemingly
snuck in when copying them.
Signed-off-by: Patrick Roy <[email protected]>
Fix the doc comment, and add a unit test for this functions. Particularly the "allow length 0 accesses at the end of the slice" behavior was undocumented before. Signed-off-by: Patrick Roy <[email protected]>
The comment on the assertion was wrong, as we are not even doing anything unsafe in the first place. Additionally, the `offset` variable is unused by these functions, so the assertion is at best a sanity check that the `try_access` implementation is correct, although I don't particularly see the value of that. Remove the assertion to prevent confusion. Signed-off-by: Patrick Roy <[email protected]>
The two functions contain exactly the same body, so just have one call the other. No functional change intended. Signed-off-by: Patrick Roy <[email protected]>
Add a macro that automatically retries a given I/O operation if EINTR is returned. This is a fairly common pattern in vm-memory. Signed-off-by: Patrick Roy <[email protected]>
The old `Read`/`Write` based APIs for operating on guest memory have been deprecated for a fairly long time now, and are superseceded by their `ReadVolatile`/`WriteVolatile` equivalents. The `fold` and friends functions have been deprecated for way longer. Various `.as_ptr` APIs in volatile_memory.rs are deprecated in favor of pointer guards. Let's clean up the crate and remove all of these. Signed-off-by: Patrick Roy <[email protected]>
roypat
force-pushed
the
deprecation-cleanup
branch
from
32324d0 to
496dfa3
Compare
The `read_[exact_]_volatile_from` and `write_[all_]volatile_to` functions were intended to be replacements for their `Read` and `Write` based counterparts. However, those used to live in the `Bytes` trait, not the `GuestMemory` trait. Fix up this goof on my part by moving them to the `Bytes` trait. Signed-off-by: Patrick Roy <[email protected]>
Capture the actual behavior of various edge cases around empty buffers and containers in the doc comment. Signed-off-by: Patrick Roy <[email protected]>
Signed-off-by: Patrick Roy <[email protected]>
It's the same cast that happens, but like this we can use the `From<&mut [u8]>` impl for VolatileSlice and avoid an unsafe block. Signed-off-by: Patrick Roy <[email protected]>
Without this, the impl of `ByteValued` was technically undefined, although we had some const asserts that ensured rustc didn't muck us over by adding padding or anything. Signed-off-by: Patrick Roy <[email protected]>
roypat
force-pushed
the
deprecation-cleanup
branch
from
496dfa3 to
d59e1f6
Compare
andreeaflorescu
previously approved these changes
Feb 7, 2025
bonzini
requested changes
Feb 7, 2025
roypat
force-pushed
the
deprecation-cleanup
branch
from
d59e1f6 to
41b9edd
Compare
Suggested-by: Paolo Bonzini <[email protected]> Signed-off-by: Patrick Roy <[email protected]>
We had the same unsafe code for constructing an all-zeroes `ByteValued` in two locations. Unify these into a single `ByteValued::zeroed()` function. Suggested-by: Paolo Bonzini <[email protected]> Signed-off-by: Patrick Roy <[email protected]>
roypat
force-pushed
the
deprecation-cleanup
branch
from
41b9edd to
1ab6cd6
Compare
|
Thanks and sorry for the late feedback. |
bonzini
approved these changes
Feb 7, 2025
andreeaflorescu
approved these changes
Feb 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of the PR
This PR aim to clean up the API surface of the vm-memory crate in a way that is as unintrusive as possible. It does this in two ways
Additionally, it fixes up a goof I made when I introduced the
ReadVolatileandWriteVolatiletraits in #247, where I put theread_volatile_fromand friends funcions into the wrong trait. When it comes to how to implement these traits forGuestMemoryMmapandVolatileSlice, I've deferred to how the oldReadandWritebased functions were implemented for them.I've compiled the vm-virtio workspace and linux-loader against this. All tests pass in both, only linux-loader needs a tiny change to import the
Bytestrait now.If one squints at the code a bit, one might ask whether all the
read/read_slicefunctions in theBytestrait could be default functions, implemented in terms of the volatile functions (since&mut [u8]implements the volatile access traits). I played around with this, but there are subtle functional and performance changes involved in that (although it would be a great simplification), which is why I'm holding off on doing anything there until a later PR.Requirements
Before submitting your PR, please make sure you addressed the following
requirements:
git commit -s), and the commit message has max 60 characters for thesummary and max 75 characters for each description line.
test.
Release" section of CHANGELOG.md (if no such section exists, please create one).
unsafecode is properly documented.