uefi: remove support for unstable allocator_api feature

The allocator_api feature [0] is old and not developed in years. Since
then, understanding of memory safety and best practises has evolved.
It is unlikely that in its current form the functionality will ever
be merged.

Therefore, we drop the complexity we have from this feature for now,
leading to simpler code.

[0] rust-lang/rust#32838

Author: phip1611

uefi/src/lib.rs

@@ -142,10 +142,8 @@
 //! - `log-debugcon`: Whether the logger set up by `logger` should also log
 //!   to the debugcon device (available in QEMU or Cloud Hypervisor on x86).
 //! - `panic_handler`: Add a default panic handler that logs to `stdout`.
-//! - `unstable`: Enable functionality that depends on [unstable
-//!   features] in the nightly compiler.
-//!   As example, in conjunction with the `alloc`-feature, this gate allows
-//!   the `allocator_api` on certain functions.
+//! - `unstable`: Enable functionality that depends on [unstable features] in
+//!   the Rust compiler (nightly version).
 //! - `qemu`: Enable some code paths to adapt their execution when executed
 //!   in QEMU, such as using the special `qemu-exit` device when the panic
 //!   handler is called.
@@ -229,7 +227,6 @@
 //! [uefi-std-tr-issue]: https://github.com/rust-lang/rust/issues/100499
 //! [unstable features]: https://doc.rust-lang.org/unstable-book/
 
-#![cfg_attr(all(feature = "unstable", feature = "alloc"), feature(allocator_api))]
 #![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![no_std]
 #![deny(

uefi/src/mem/util.rs

@@ -23,31 +23,14 @@ use {core::alloc::Allocator, core::ptr::NonNull};
 ///   buffer size is sufficient, and
 /// - return a mutable typed reference that points to the same memory as the input buffer on
 ///   success.
-///
-/// # Feature `unstable` / `allocator_api`
-/// By default, this function works with the allocator that is set as
-/// `#[global_allocator]`. This might be UEFI allocator but depends on your
-/// use case and how you set up the environment.
-///
-/// If you activate the `unstable`-feature, all allocations uses the provided
-/// allocator (via `allocator_api`) instead. In that case, the function takes an
-/// additional parameter describing the specific [`Allocator`]. You can use
-/// [`alloc::alloc::Global`] which defaults to the `#[global_allocator]`.
-///
-/// [`Allocator`]: https://doc.rust-lang.org/alloc/alloc/trait.Allocator.html
-/// [`alloc::alloc::Global`]: https://doc.rust-lang.org/alloc/alloc/struct.Global.html
 pub(crate) fn make_boxed<
     'a,
     // The UEFI data structure.
     Data: Align + ?Sized + Debug + 'a,
     F: FnMut(&'a mut [u8]) -> Result<&'a mut Data, Option<usize>>,
-    #[cfg(feature = "unstable")] A: Allocator,
 >(
     // A function to read the UEFI data structure into a provided buffer.
     mut fetch_data_fn: F,
-    #[cfg(feature = "unstable")]
-    // Allocator of the `allocator_api` feature. You can use `Global` as default.
-    allocator: A,
 ) -> Result<Box<Data>> {
     let required_size = match fetch_data_fn(&mut []).map_err(Error::split) {
         // This is the expected case: the empty buffer passed in is too
@@ -70,21 +53,13 @@ pub(crate) fn make_boxed<
 
     // Allocate the buffer on the heap.
     let heap_buf: *mut u8 = {
-        #[cfg(not(feature = "unstable"))]
         {
             let ptr = unsafe { alloc(layout) };
             if ptr.is_null() {
                 return Err(Status::OUT_OF_RESOURCES.into());
             }
             ptr
         }
-
-        #[cfg(feature = "unstable")]
-        allocator
-            .allocate(layout)
-            .map_err(|_| <Status as Into<Error>>::into(Status::OUT_OF_RESOURCES))?
-            .as_ptr()
-            .cast::<u8>()
     };
 
     // Read the data into the provided buffer.
@@ -97,20 +72,12 @@ pub(crate) fn make_boxed<
     let data: &mut Data = match data {
         Ok(data) => data,
         Err(err) => {
-            #[cfg(not(feature = "unstable"))]
-            unsafe {
-                dealloc(heap_buf, layout)
-            };
-            #[cfg(feature = "unstable")]
-            unsafe {
-                allocator.deallocate(NonNull::new(heap_buf).unwrap(), layout)
-            }
+            unsafe { dealloc(heap_buf, layout) };
             return Err(err);
         }
     };
 
     let data = unsafe { Box::from_raw(data) };
-
     Ok(data)
 }
 
@@ -212,27 +179,20 @@ mod tests {
         assert_eq!(&data.0.0, &[1, 2, 3, 4]);
     }
 
-    /// This unit tests checks the [`make_boxed`] utility. The test has different code and behavior
-    /// depending on whether the "unstable" feature is active or not.
+    /// This unit tests checks the [`make_boxed`] utility.
+    ///
+    /// This test is especially useful when run by miri.
     #[test]
     fn test_make_boxed_utility() {
         let fetch_data_fn = |buf| uefi_function_stub_read(buf);
 
-        #[cfg(not(feature = "unstable"))]
         let data: Box<SomeData> = make_boxed(fetch_data_fn).unwrap();
-
-        #[cfg(feature = "unstable")]
-        let data: Box<SomeData> = make_boxed(fetch_data_fn, Global).unwrap();
         assert_eq!(&data.0, &[1, 2, 3, 4]);
 
         let fetch_data_fn = |buf| uefi_function_stub_read(buf);
 
-        #[cfg(not(feature = "unstable"))]
         let data: Box<SomeDataAlign16> = make_boxed(fetch_data_fn).unwrap();
 
-        #[cfg(feature = "unstable")]
-        let data: Box<SomeDataAlign16> = make_boxed(fetch_data_fn, Global).unwrap();
-
         assert_eq!(&data.0.0, &[1, 2, 3, 4]);
     }
 }

uefi/src/proto/hii/database.rs

@@ -44,12 +44,8 @@ impl HiiDatabase {
             }
         }
 
-        #[cfg(not(feature = "unstable"))]
         let buf = make_boxed::<[u8], _>(|buf| fetch_data_fn(self, buf))?;
 
-        #[cfg(feature = "unstable")]
-        let buf = make_boxed::<[u8], _, _>(|buf| fetch_data_fn(self, buf), alloc::alloc::Global)?;
-
         Ok(buf)
     }
 }

uefi/src/proto/media/file/dir.rs

@@ -6,8 +6,6 @@ use crate::data_types::Align;
 use core::ffi::c_void;
 #[cfg(feature = "alloc")]
 use {crate::mem::make_boxed, alloc::boxed::Box};
-#[cfg(all(feature = "unstable", feature = "alloc"))]
-use {alloc::alloc::Global, core::alloc::Allocator};
 
 /// A `FileHandle` that is also a directory.
 ///
@@ -80,42 +78,7 @@ impl Directory {
                     maybe_info.expect("Should have more entries")
                 })
         };
-
-        #[cfg(not(feature = "unstable"))]
         let file_info = make_boxed::<FileInfo, _>(fetch_data_fn)?;
-
-        #[cfg(feature = "unstable")]
-        let file_info = make_boxed::<FileInfo, _, _>(fetch_data_fn, Global)?;
-
-        Ok(Some(file_info))
-    }
-
-    /// Wrapper around [`Self::read_entry`] that returns an owned copy of the data. It has the same
-    /// implications and requirements. On failure, the payload of `Err` is `()´.
-    ///
-    /// It allows to use a custom allocator via the `allocator_api` feature.
-    #[cfg(all(feature = "unstable", feature = "alloc"))]
-    pub fn read_entry_boxed_in<A: Allocator>(
-        &mut self,
-        allocator: A,
-    ) -> Result<Option<Box<FileInfo>>> {
-        let read_entry_res = self.read_entry(&mut []);
-
-        // If no more entries are available, return early.
-        if read_entry_res == Ok(None) {
-            return Ok(None);
-        }
-
-        let fetch_data_fn = |buf| {
-            self.read_entry(buf)
-                // this is safe, as above, we checked that there are more entries
-                .map(|maybe_info: Option<&mut FileInfo>| {
-                    maybe_info.expect("Should have more entries")
-                })
-        };
-
-        let file_info = make_boxed::<FileInfo, _, A>(fetch_data_fn, allocator)?;
-
         Ok(Some(file_info))
     }
 

uefi/src/proto/media/file/mod.rs

@@ -20,9 +20,6 @@ use core::fmt::Debug;
 use core::{mem, ptr};
 use uefi_raw::protocol::file_system::FileProtocolV1;
 
-#[cfg(all(feature = "unstable", feature = "alloc"))]
-use {alloc::alloc::Global, core::alloc::Allocator};
-
 #[cfg(feature = "alloc")]
 use {crate::mem::make_boxed, alloc::boxed::Box};
 
@@ -198,21 +195,7 @@ pub trait File: Sized {
     #[cfg(feature = "alloc")]
     fn get_boxed_info<Info: FileProtocolInfo + ?Sized + Debug>(&mut self) -> Result<Box<Info>> {
         let fetch_data_fn = |buf| self.get_info::<Info>(buf);
-        #[cfg(not(feature = "unstable"))]
         let file_info = make_boxed::<Info, _>(fetch_data_fn)?;
-        #[cfg(feature = "unstable")]
-        let file_info = make_boxed::<Info, _, _>(fetch_data_fn, Global)?;
-        Ok(file_info)
-    }
-
-    /// Read the dynamically allocated info for a file.
-    #[cfg(all(feature = "unstable", feature = "alloc"))]
-    fn get_boxed_info_in<Info: FileProtocolInfo + ?Sized + Debug, A: Allocator>(
-        &mut self,
-        allocator: A,
-    ) -> Result<Box<Info>> {
-        let fetch_data_fn = |buf| self.get_info::<Info>(buf);
-        let file_info = make_boxed::<Info, _, A>(fetch_data_fn, allocator)?;
         Ok(file_info)
     }
 

uefi/src/proto/media/load_file.rs

@@ -90,12 +90,7 @@ impl LoadFile {
             status.to_result_with_err(|_| Some(size)).map(|_| buf)
         };
 
-        #[cfg(not(feature = "unstable"))]
         let file: Box<[u8]> = make_boxed::<[u8], _>(fetch_data_fn)?;
-
-        #[cfg(feature = "unstable")]
-        let file = make_boxed::<[u8], _, _>(fetch_data_fn, Global)?;
-
         Ok(file)
     }
 }
@@ -158,12 +153,8 @@ impl LoadFile2 {
             status.to_result_with_err(|_| Some(size)).map(|_| buf)
         };
 
-        #[cfg(not(feature = "unstable"))]
         let file: Box<[u8]> = make_boxed::<[u8], _>(fetch_data_fn)?;
 
-        #[cfg(feature = "unstable")]
-        let file = make_boxed::<[u8], _, _>(fetch_data_fn, Global)?;
-
         Ok(file)
     }
 }

uefi/src/proto/tcg/v1.rs

@@ -157,17 +157,7 @@ impl PcrEvent {
         digest: Sha1Digest,
         event_data: &[u8],
     ) -> Result<Box<Self>> {
-        #[cfg(not(feature = "unstable"))]
-        {
-            make_boxed(|buf| Self::new_in_buffer(buf, pcr_index, event_type, digest, event_data))
-        }
-        #[cfg(feature = "unstable")]
-        {
-            make_boxed(
-                |buf| Self::new_in_buffer(buf, pcr_index, event_type, digest, event_data),
-                Global,
-            )
-        }
+        make_boxed(|buf| Self::new_in_buffer(buf, pcr_index, event_type, digest, event_data))
     }
 
     /// PCR index for the event.

uefi/src/proto/tcg/v2.rs

@@ -183,17 +183,7 @@ impl PcrEventInputs {
         event_type: EventType,
         event_data: &[u8],
     ) -> Result<Box<Self>> {
-        #[cfg(not(feature = "unstable"))]
-        {
-            make_boxed(|buf| Self::new_in_buffer(buf, pcr_index, event_type, event_data))
-        }
-        #[cfg(feature = "unstable")]
-        {
-            make_boxed(
-                |buf| Self::new_in_buffer(buf, pcr_index, event_type, event_data),
-                Global,
-            )
-        }
+        make_boxed(|buf| Self::new_in_buffer(buf, pcr_index, event_type, event_data))
     }
 }
 

uefi/src/runtime.rs

@@ -187,14 +187,7 @@ pub fn get_variable_boxed(
             val
         })
     };
-    #[cfg(not(feature = "unstable"))]
-    {
-        make_boxed(get_var).map(|val| (val, out_attr))
-    }
-    #[cfg(feature = "unstable")]
-    {
-        make_boxed(get_var, Global).map(|val| (val, out_attr))
-    }
+    make_boxed(get_var).map(|val| (val, out_attr))
 }
 
 /// Gets each variable key (name and vendor) one at a time.

xtask/src/main.rs

@@ -214,13 +214,10 @@ fn run_host_tests(test_opt: &TestOpt) -> Result<()> {
         packages.push(Package::UefiMacros);
     }
 
-    // Run uefi-rs and uefi-macros tests.
+    // Run uefi-rs and uefi-macros tests with `unstable` feature.
     let cargo = Cargo {
         action: CargoAction::Test,
-        // At least one unit test, for make_boxed() currently, has different behaviour dependent on
-        // the unstable feature. Because of this, we need to allow to test both variants. Runtime
-        // features is set to no as it is not possible as as soon a #[global_allocator] is
-        // registered, the Rust runtime executing the tests uses it as well.
+        // Some tests may behave differently depending on the unstable feature.
         features: Feature::more_code(*test_opt.unstable, false),
         packages,
         release: false,