rust: update rust, dependencies; fix errors

The ability to take a reference to a `static mut` is going to
become a hard error in Rust 2024.  This change attempts to get
out in front of that by modifying places where we do that to
make them safer.

The biggest change was in the bump allocator; the implementation
now is much closer to the one in the documentation for the
GlobalAlloc trait, in that it takes ownership of an (aligned)
array now, as opposed to wrapping a `static mut`.

Signed-off-by: Dan Cross <[email protected]>

Author: Dan Cross

Cargo.lock

@@ -5,36 +5,104 @@
 // license that can be found in the LICENSE file or at
 // https://opensource.org/licenses/MIT.
 
-use alloc::alloc::{GlobalAlloc, Layout};
-use core::cell::Cell;
+use core::cell::UnsafeCell;
+use core::sync::atomic::{AtomicUsize, Ordering};
 
-static mut HEAP: [u8; 4 * 1024 * 1024] = [0_u8; 4 * 1024 * 1024];
+/// The allocator works in terms of an owned region
+/// of memory.  We call this a Heap.
+pub(crate) trait Heap {
+    fn as_mut_ptr(&mut self) -> *mut u8;
+    fn len(&self) -> usize;
+}
 
-pub(crate) struct BumpAlloc<'a> {
-    heap: Cell<&'a mut [u8]>,
+/// A SliceHeap is a heap created by destructuring
+/// the elements of a mutable slice.
+pub(crate) struct SliceHeap {
+    heap: *mut u8,
+    len: usize,
 }
 
-impl<'a> BumpAlloc<'a> {
-    pub fn new(arena: &'a mut [u8]) -> BumpAlloc<'a> {
-        BumpAlloc { heap: Cell::new(arena) }
+impl SliceHeap {
+    pub fn new(arena: &mut [u8]) -> SliceHeap {
+        SliceHeap { heap: arena.as_mut_ptr(), len: arena.len() }
+    }
+}
+impl Heap for SliceHeap {
+    fn as_mut_ptr(&mut self) -> *mut u8 {
+        self.heap
+    }
+    fn len(&self) -> usize {
+        self.len
     }
 }
 
-unsafe impl GlobalAlloc for BumpAlloc<'_> {
-    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
-        let heap = self.heap.take();
-        let ptr = heap.as_mut_ptr();
-        let offset = ptr.align_offset(layout.align());
-        if offset > heap.len() || offset + layout.size() > heap.len() {
-            return core::ptr::null_mut();
-        }
-        let ptr = ptr.wrapping_add(offset);
-        let heap = &mut heap[offset + layout.size()..];
-        self.heap.replace(heap);
-        ptr
+/// A Bump Allocator takes ownership of an object of
+/// some type that implements Heap, and maintains a
+/// cursor into that object.  The cursor denotes the
+/// point between allocated and unallocated memory in
+/// the underlying Heap.
+pub(crate) struct BumpAlloc<T: Heap> {
+    arena: UnsafeCell<T>,
+    cursor: AtomicUsize,
+}
+
+impl<T: Heap> BumpAlloc<T> {
+    pub(crate) const fn new(arena: T) -> BumpAlloc<T> {
+        BumpAlloc { arena: UnsafeCell::new(arena), cursor: AtomicUsize::new(0) }
+    }
+
+    /// Allocates the given number of bytes with the given
+    /// alignment.  Returns `None` if the allocation cannot
+    /// be satisfied, otherwise returns `Some` of a mutable
+    /// slice referring to the allocated memory.
+    pub(crate) fn alloc_bytes(&self, align: usize, size: usize) -> Option<&mut [u8]> {
+        let heap = unsafe { &mut *self.arena.get() };
+        let base = heap.as_mut_ptr();
+        let mut offset = 0;
+        self.cursor
+            .fetch_update(Ordering::Relaxed, Ordering::Relaxed, |current| {
+                let ptr = base.wrapping_add(current);
+                let adjust = ptr.align_offset(align);
+                offset = current.checked_add(adjust).expect("alignment overflow");
+                let next = offset.checked_add(size).expect("size overflow");
+                (next <= heap.len()).then_some(next)
+            })
+            .ok()?;
+        let ptr = base.wrapping_add(offset);
+        Some(unsafe { core::slice::from_raw_parts_mut(ptr, size) })
     }
-    unsafe fn dealloc(&self, _ptr: *mut u8, _layout: Layout) {}
 }
 
-#[global_allocator]
-static mut BUMP_ALLOCATOR: BumpAlloc<'static> = BumpAlloc { heap: Cell::new(unsafe { &mut HEAP }) };
+mod global {
+    use super::{BumpAlloc, Heap};
+    use alloc::alloc::{GlobalAlloc, Layout};
+    use core::ptr;
+
+    const GLOBAL_HEAP_SIZE: usize = 4 * 1024 * 1024;
+
+    /// A GlobalHeap is an aligned wrapper around an
+    /// owned buffer that implements the Heap trait.
+    #[repr(C, align(4096))]
+    struct GlobalHeap([u8; GLOBAL_HEAP_SIZE]);
+
+    impl Heap for GlobalHeap {
+        fn as_mut_ptr(&mut self) -> *mut u8 {
+            self.0.as_mut_ptr()
+        }
+        fn len(&self) -> usize {
+            GLOBAL_HEAP_SIZE
+        }
+    }
+
+    unsafe impl<T: Heap> GlobalAlloc for BumpAlloc<T> {
+        unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
+            self.alloc_bytes(layout.align(), layout.size())
+                .map_or(ptr::null_mut(), |p| p.as_mut_ptr())
+        }
+        unsafe fn dealloc(&self, _ptr: *mut u8, _layout: Layout) {}
+    }
+
+    #[global_allocator]
+    static mut BUMP_ALLOCATOR: BumpAlloc<GlobalHeap> =
+        BumpAlloc::new(GlobalHeap([0u8; GLOBAL_HEAP_SIZE]));
+}

theon/src/allocator.rs

@@ -245,6 +245,7 @@ fn load(name: &str, typ: BinaryType, bytes: &[u8], region: Range<HPA>) -> Result
     let base = theon::vaddr(region.start).cast_mut();
     let len = unsafe { theon::vaddr(region.end).sub_ptr(theon::vaddr(region.start)) };
     let heap = unsafe { core::slice::from_raw_parts_mut(base, len) };
+    let heap = allocator::SliceHeap::new(heap);
     let bump = allocator::BumpAlloc::new(heap);
     let allocate = || {
         use alloc::alloc::GlobalAlloc;

theon/src/main.rs

@@ -6,18 +6,24 @@
 // https://opensource.org/licenses/MIT.
 
 use crate::x86_64::pc::multiboot1;
-
-static mut IDT: arch::idt::IDT = arch::idt::IDT::empty();
-static mut GDT: arch::gdt::GDT = arch::gdt::GDT::empty();
-static mut TSS: arch::tss::TSS = arch::tss::TSS::empty();
+use core::ptr;
+use core::sync::atomic::{AtomicBool, Ordering};
 
 pub(crate) fn start(mbinfo_phys: u64) -> multiboot1::Multiboot1 {
+    static INITED: AtomicBool = AtomicBool::new(false);
+    if INITED.swap(false, Ordering::SeqCst) {
+        panic!("double init");
+    }
+    static mut IDT: arch::idt::IDT = arch::idt::IDT::empty();
+    static mut GDT: arch::gdt::GDT = arch::gdt::GDT::empty();
+    static mut TSS: arch::tss::TSS = arch::tss::TSS::empty();
+
     uart::panic_println!("\nBooting Hypatia...");
     unsafe {
         IDT.init(arch::trap::stubs());
-        arch::idt::load(&mut IDT);
-        GDT.init(&TSS);
-        arch::gdt::load(&mut GDT);
+        arch::idt::load(&mut *ptr::addr_of_mut!(IDT));
+        GDT.init(&*ptr::addr_of!(TSS));
+        arch::gdt::load(&mut *ptr::addr_of_mut!(GDT));
     }
     multiboot1::init(mbinfo_phys)
 }

theon/src/x86_64/pc/init.rs

@@ -8,6 +8,7 @@
 use crate::theon;
 use crate::x86_64::memory;
 use alloc::vec::Vec;
+use core::ptr;
 use multiboot::information::{MemoryManagement, MemoryType, Multiboot, PAddr};
 
 unsafe fn phys_to_slice(phys_addr: PAddr, len: usize) -> Option<&'static [u8]> {
@@ -35,8 +36,6 @@ impl MemoryManagement for MM {
     }
 }
 
-static mut MULTIBOOT_MM: MM = MM {};
-
 fn theon_region() -> memory::Region {
     let start = 0x0000_0000_0010_0000_u64;
     let phys_end = unsafe { theon::end_addr().sub_ptr(theon::VZERO) } as u64;
@@ -97,8 +96,11 @@ pub(crate) struct Multiboot1 {
 
 impl Multiboot1 {
     pub(crate) fn new(mbinfo_phys: u64) -> Multiboot1 {
-        let multiboot =
-            unsafe { Multiboot::from_ptr(mbinfo_phys as PAddr, &mut MULTIBOOT_MM).unwrap() };
+        let multiboot = unsafe {
+            static mut MULTIBOOT_MM: MM = MM {};
+            let ptr = ptr::addr_of_mut!(MULTIBOOT_MM);
+            Multiboot::from_ptr(mbinfo_phys as PAddr, &mut *ptr).unwrap()
+        };
         Multiboot1 { multiboot }
     }