[svsm-devel] Fallible allocations and smart pointers

[Carlos López]

Hi,

Happy holidays everyone. Just writing a short update on the topic of
smart pointers and fallible allocations, since the next SVSM call is
a couple of weeks away.

On 30/11/23 13:20, Carlos López wrote:
> I have looked into several options which I list below with their
> respective downsides. I have not tested any of them yet.
> 
> ...
> 4. Linux kernel model (copy a subset of the upstream alloc files):
>     requires maintenance to keep up with upstream, and likely means
>     only supporting a specific version of the toolchain (see [5]).

I finally went with something similar to this option. Unfortunately,
we cannot do the same thing as the kernel does, as they rely on
nightly features, and also build everything directly with rustc
(as opposed to using cargo). I simply copied a subset of the upstream
alloc crate and adapted it to have the parts of the API we need
(namely explicit allocator selection and manual error handling) and
not rely on nightly features. I think this is the simplest solution,
although it will require some maintenance on my part.

I have opened a draft PR [0] with an initial implementation of
SvsmBox, a fork of the upstream Box. It only has a subset of the
whole upstream Box API, avoiding implicit panics and the like. I
based the new code off of upstream version 1.73.

Feel free to review it if you have time. For review, I suggest taking
a look at the public API of the new alloc module via `make doc`, and
also diffing against upstream alloc (library/alloc/ path in the Rust
repository).

Best,
Carlos

[0] https://github.com/coconut-svsm/svsm/pull/196

-- 
Carlos López
Security Engineer
SUSE Software Solutions