From: Kari Argillander <kari.argillander@gmail.com>
To: "Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Alexandre Courbot" <acourbot@nvidia.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-modules@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Aaron Tomlin <atomlin@atomlin.com>,
Kari Argillander <kari.argillander@gmail.com>
Subject: [PATCH RFC v3 05/15] rust: drm: fix missing owner in file_operations
Date: Sat, 10 Jan 2026 17:08:03 +0200 [thread overview]
Message-ID: <20260110-this_module_fix-v3-5-97a3d9c14e8b@gmail.com> (raw)
In-Reply-To: <20260110-this_module_fix-v3-0-97a3d9c14e8b@gmail.com>
Fix missing .owner field in file_operations. This has been previosly
left out because Rust feature `const_refs_to_static` has not been
enabled. Now that it is we can make define owner even in const context.
This should probably fix use-after-free problems in situations where
file is opened and module driver is unloaded during that.
Signed-off-by: Kari Argillander <kari.argillander@gmail.com>
---
drivers/gpu/drm/nova/driver.rs | 2 ++
drivers/gpu/drm/tyr/driver.rs | 2 ++
rust/kernel/drm/device.rs | 2 +-
rust/kernel/drm/driver.rs | 4 ++++
rust/kernel/drm/gem/mod.rs | 5 +++--
5 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/nova/driver.rs b/drivers/gpu/drm/nova/driver.rs
index b1af0a099551..7ce505802716 100644
--- a/drivers/gpu/drm/nova/driver.rs
+++ b/drivers/gpu/drm/nova/driver.rs
@@ -14,6 +14,7 @@
use crate::file::File;
use crate::gem::NovaObject;
+use crate::THIS_MODULE;
pub(crate) struct NovaDriver {
#[expect(unused)]
@@ -65,6 +66,7 @@ fn probe(adev: &auxiliary::Device<Core>, _info: &Self::IdInfo) -> impl PinInit<S
#[vtable]
impl drm::Driver for NovaDriver {
+ type ThisModule = THIS_MODULE;
type Data = NovaData;
type File = File;
type Object = gem::Object<NovaObject>;
diff --git a/drivers/gpu/drm/tyr/driver.rs b/drivers/gpu/drm/tyr/driver.rs
index f0da58932702..11932d3f03ff 100644
--- a/drivers/gpu/drm/tyr/driver.rs
+++ b/drivers/gpu/drm/tyr/driver.rs
@@ -25,6 +25,7 @@
use crate::gpu;
use crate::gpu::GpuInfo;
use crate::regs;
+use crate::THIS_MODULE;
pub(crate) type IoMem = kernel::io::mem::IoMem<SZ_2M>;
@@ -179,6 +180,7 @@ fn drop(self: Pin<&mut Self>) {
#[vtable]
impl drm::Driver for TyrDriver {
+ type ThisModule = THIS_MODULE;
type Data = TyrData;
type File = File;
type Object = drm::gem::Object<TyrObject>;
diff --git a/rust/kernel/drm/device.rs b/rust/kernel/drm/device.rs
index 3ce8f62a0056..a740c87933d0 100644
--- a/rust/kernel/drm/device.rs
+++ b/rust/kernel/drm/device.rs
@@ -92,7 +92,7 @@ impl<T: drm::Driver> Device<T> {
fops: &Self::GEM_FOPS,
};
- const GEM_FOPS: bindings::file_operations = drm::gem::create_fops();
+ const GEM_FOPS: bindings::file_operations = drm::gem::create_fops::<T::ThisModule>();
/// Create a new `drm::Device` for a `drm::Driver`.
pub fn new(dev: &device::Device, data: impl PinInit<T::Data, Error>) -> Result<ARef<Self>> {
diff --git a/rust/kernel/drm/driver.rs b/rust/kernel/drm/driver.rs
index f30ee4c6245c..a157db2ea02b 100644
--- a/rust/kernel/drm/driver.rs
+++ b/rust/kernel/drm/driver.rs
@@ -9,6 +9,7 @@
error::{to_result, Result},
prelude::*,
sync::aref::ARef,
+ this_module::ThisModule,
};
use macros::vtable;
@@ -99,6 +100,9 @@ pub trait AllocImpl: super::private::Sealed + drm::gem::IntoGEMObject {
/// drm_driver` to be registered in the DRM subsystem.
#[vtable]
pub trait Driver {
+ /// Module ownership for this device, provided via `THIS_MODULE`.
+ type ThisModule: ThisModule;
+
/// Context data associated with the DRM driver
type Data: Sync + Send;
diff --git a/rust/kernel/drm/gem/mod.rs b/rust/kernel/drm/gem/mod.rs
index d49a9ba02635..705afea65ff6 100644
--- a/rust/kernel/drm/gem/mod.rs
+++ b/rust/kernel/drm/gem/mod.rs
@@ -11,6 +11,7 @@
error::{to_result, Result},
prelude::*,
sync::aref::{ARef, AlwaysRefCounted},
+ this_module::ThisModule,
types::Opaque,
};
use core::{ops::Deref, ptr::NonNull};
@@ -292,10 +293,10 @@ impl<T: DriverObject> AllocImpl for Object<T> {
};
}
-pub(super) const fn create_fops() -> bindings::file_operations {
+pub(super) const fn create_fops<TM: ThisModule>() -> bindings::file_operations {
let mut fops: bindings::file_operations = pin_init::zeroed();
- fops.owner = core::ptr::null_mut();
+ fops.owner = TM::OWNER.as_ptr();
fops.open = Some(bindings::drm_open);
fops.release = Some(bindings::drm_release);
fops.unlocked_ioctl = Some(bindings::drm_ioctl);
--
2.43.0
next prev parent reply other threads:[~2026-01-10 15:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-10 15:07 [PATCH RFC v3 00/15] rust: Reimplement ThisModule to fix ownership problems Kari Argillander
2026-01-10 15:07 ` [PATCH RFC v3 01/15] rust: enable const_refs_to_static feature Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 02/15] rust: add new ThisModule trait and THIS_MODULE impl Kari Argillander
2026-01-14 14:26 ` Petr Pavlu
2026-01-10 15:08 ` [PATCH RFC v3 03/15] rust: miscdevice: fix use after free because missing .owner Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 04/15] rust: block: fix missing owner field in block_device_operations Kari Argillander
2026-01-10 15:08 ` Kari Argillander [this message]
2026-01-10 15:08 ` [PATCH RFC v3 06/15] rust: configfs: use new THIS_MODULE Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 07/15] rust: binder: " Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 08/15] rust: firmware: use THIS_MODULE over LocalModule for name Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 09/15] gpu: nova-core: " Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 10/15] samples: rust: auxiliary: " Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 11/15] rust: driver: make RegistrationOps::register() to use new ThisModule Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 12/15] rust: phy: make Registration::register() " Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 13/15] rust: remove module argument from InPlaceModule::init() Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 14/15] rust: remove kernel::ModuleMetadata Kari Argillander
2026-01-10 15:08 ` [PATCH RFC v3 15/15] rust: remove old version of ThisModule Kari Argillander
2026-01-12 17:56 ` [PATCH RFC v3 00/15] rust: Reimplement ThisModule to fix ownership problems Christophe Leroy (CS GROUP)
2026-01-13 10:33 ` Miguel Ojeda
2026-01-14 14:37 ` Miguel Ojeda
2026-01-27 14:53 ` Gary Guo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260110-this_module_fix-v3-5-97a3d9c14e8b@gmail.com \
--to=kari.argillander@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=atomlin@atomlin.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=da.gomez@kernel.org \
--cc=dakr@kernel.org \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lossin@kernel.org \
--cc=mcgrof@kernel.org \
--cc=ojeda@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.