Fix missing .owner field in file_operations. This has been previosly left out because Rust feature `const_refs_to_static` has not been enabled. Now that it is we can make define owner even in const context.
This should probably fix use-after-free problems in situations where file is opened and module driver is unloaded during that. Signed-off-by: Kari Argillander <[email protected]> --- drivers/gpu/drm/nova/driver.rs | 2 ++ drivers/gpu/drm/tyr/driver.rs | 2 ++ rust/kernel/drm/device.rs | 2 +- rust/kernel/drm/driver.rs | 4 ++++ rust/kernel/drm/gem/mod.rs | 5 +++-- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/nova/driver.rs b/drivers/gpu/drm/nova/driver.rs index b1af0a099551..7ce505802716 100644 --- a/drivers/gpu/drm/nova/driver.rs +++ b/drivers/gpu/drm/nova/driver.rs @@ -14,6 +14,7 @@ use crate::file::File; use crate::gem::NovaObject; +use crate::THIS_MODULE; pub(crate) struct NovaDriver { #[expect(unused)] @@ -65,6 +66,7 @@ fn probe(adev: &auxiliary::Device<Core>, _info: &Self::IdInfo) -> impl PinInit<S #[vtable] impl drm::Driver for NovaDriver { + type ThisModule = THIS_MODULE; type Data = NovaData; type File = File; type Object = gem::Object<NovaObject>; diff --git a/drivers/gpu/drm/tyr/driver.rs b/drivers/gpu/drm/tyr/driver.rs index f0da58932702..11932d3f03ff 100644 --- a/drivers/gpu/drm/tyr/driver.rs +++ b/drivers/gpu/drm/tyr/driver.rs @@ -25,6 +25,7 @@ use crate::gpu; use crate::gpu::GpuInfo; use crate::regs; +use crate::THIS_MODULE; pub(crate) type IoMem = kernel::io::mem::IoMem<SZ_2M>; @@ -179,6 +180,7 @@ fn drop(self: Pin<&mut Self>) { #[vtable] impl drm::Driver for TyrDriver { + type ThisModule = THIS_MODULE; type Data = TyrData; type File = File; type Object = drm::gem::Object<TyrObject>; diff --git a/rust/kernel/drm/device.rs b/rust/kernel/drm/device.rs index 3ce8f62a0056..a740c87933d0 100644 --- a/rust/kernel/drm/device.rs +++ b/rust/kernel/drm/device.rs @@ -92,7 +92,7 @@ impl<T: drm::Driver> Device<T> { fops: &Self::GEM_FOPS, }; - const GEM_FOPS: bindings::file_operations = drm::gem::create_fops(); + const GEM_FOPS: bindings::file_operations = drm::gem::create_fops::<T::ThisModule>(); /// Create a new `drm::Device` for a `drm::Driver`. pub fn new(dev: &device::Device, data: impl PinInit<T::Data, Error>) -> Result<ARef<Self>> { diff --git a/rust/kernel/drm/driver.rs b/rust/kernel/drm/driver.rs index f30ee4c6245c..a157db2ea02b 100644 --- a/rust/kernel/drm/driver.rs +++ b/rust/kernel/drm/driver.rs @@ -9,6 +9,7 @@ error::{to_result, Result}, prelude::*, sync::aref::ARef, + this_module::ThisModule, }; use macros::vtable; @@ -99,6 +100,9 @@ pub trait AllocImpl: super::private::Sealed + drm::gem::IntoGEMObject { /// drm_driver` to be registered in the DRM subsystem. #[vtable] pub trait Driver { + /// Module ownership for this device, provided via `THIS_MODULE`. + type ThisModule: ThisModule; + /// Context data associated with the DRM driver type Data: Sync + Send; diff --git a/rust/kernel/drm/gem/mod.rs b/rust/kernel/drm/gem/mod.rs index bdaac839dacc..9980cebec96b 100644 --- a/rust/kernel/drm/gem/mod.rs +++ b/rust/kernel/drm/gem/mod.rs @@ -11,6 +11,7 @@ error::{to_result, Result}, prelude::*, sync::aref::{ARef, AlwaysRefCounted}, + this_module::ThisModule, types::Opaque, }; use core::{ops::Deref, ptr::NonNull}; @@ -292,10 +293,10 @@ impl<T: DriverObject> AllocImpl for Object<T> { }; } -pub(super) const fn create_fops() -> bindings::file_operations { +pub(super) const fn create_fops<M: ThisModule>() -> bindings::file_operations { let mut fops: bindings::file_operations = pin_init::zeroed(); - fops.owner = core::ptr::null_mut(); + fops.owner = M::OWNER.as_ptr(); fops.open = Some(bindings::drm_open); fops.release = Some(bindings::drm_release); fops.unlocked_ioctl = Some(bindings::drm_ioctl); -- 2.43.0
