From nobody Mon Feb 9 15:08:44 2026 Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FE54253950 for ; Tue, 6 Jan 2026 16:13:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767715995; cv=none; b=HninM9H90FCKsIfgRuJUW6Q383PTVqP18iLbh0a825fa1bGy0e3KqdYnOp8VhAVKUZKzr7Xq5iye5QWLcZo3y+NwMrkK6xnqByfp4suAgBmHeuW1DGk+v3WrM1sgrGqqhBOLGascTUzkKZeJTJTnbhacurxyNKvfu6LWVXxDUnQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767715995; c=relaxed/simple; bh=891dg5NeMMgINCtxfUx5z2GhTLzUtO+bREujFmK9Vxo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KFTo0g97LO8n9YezhD0l7nZO3AMrfSGiObd8+y77HWNaO+Jah/KV8PqT9vvsBxZDTMMwtUWxq92+zifr+JDRQOQcstw/MPByI/J4Wr2YR3ln4Mgg882HSSBj4xzjMog0HtImcwnCFv4Gai5mViTPUF/9K5ds7Y5hW/IarEqhnb0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ldu++Ps4; arc=none smtp.client-ip=209.85.208.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ldu++Ps4" Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-37b9d8122fdso8851901fa.3 for ; Tue, 06 Jan 2026 08:13:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767715991; x=1768320791; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SI0sZ7uVNTRnuO/8Ld3c5O3KKGDZMWG55LzxmtwZszI=; b=ldu++Ps44zc7q53vPwr67A5C/YUHDRRHIknPwGDZFvgN6MCdczym6TRGrzGiV/dPb3 E2Tz2usQgfl431x6YYsDhbotP4eOAItpgWJIMHWym2W1yet15nTDGAChTfd2ysDv1mvG VQ15EZyc0zXZ6KxV4gf9I2Yj0Z1J/OFkjT+Jo2SO+2yGfCFsNhXpwAPDIiqrPJo5uiPk h0NwIi80fU0FcfmO7q5BtVF25MMYkb8LigHM65Uau9ziaO4yT/QJX7Mm7bqTQMpl5a2l rwIXIcYi9C/Wzm2LQpnBR5y5zmDQL7l9/wbb0EuY/4ormYAm5Gxk/CEjfqC8lZWMtEeD dHRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767715991; x=1768320791; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SI0sZ7uVNTRnuO/8Ld3c5O3KKGDZMWG55LzxmtwZszI=; b=NZnrn0F8XlGYulkBZd8NF8V+T6ybc0TpPEZv8wGfrsXcQPe213spaZMNm2m+MU72Jz HP10K+/gMz4ytseVSY3lA9HBRhdJ99huRCTjXrT2NSeIiQC96Y0rofOeIvMhgWEHBbLf hR/SvrQ7SU3yYdMy46jN+BLzgSFWfnVrXoB4dPrktEoyoHnyZl8aJppbbIa+RxsVEfR2 Mb1Iht9xvqL7Ndh7waDUZ0ukDvbJitixb1VUZTxsG/zGqXMj1OmYf9gaasq6iOE+Hr9E OzaYQt2/Y/m91vDWTRXQlMhtnJva4KvEvMQVHmSyhe3kMe30ZjkR7eM3Z/e/XHbNGibh oStA== X-Forwarded-Encrypted: i=1; AJvYcCUk8swQI4vQneLFF38EQeH4p7spusil3MVjYK5YtALiYNgi2UTFofvuZsKZdPyu95wd/aFlCERWG3bIV9k=@vger.kernel.org X-Gm-Message-State: AOJu0YxAXVorDCiWpmb4ebZpGPyS98pzRuUnKX64W7kbbEWrG/dyWXof Vk2PAQwlnvY/6iNbpb7kh/xQKHa0RyDTZo53YzS7154j66umF5/nWm18V2isjsfL X-Gm-Gg: AY/fxX6tBagVektra4gNsRw8wf9ZXNOxBB+LfMvQlwW7owSFuT/rnM8/Z0BQz0d4qe5 rl6x3FuJKFGcddymqBK8oMww3eUaArhZMG/N1VT2+JYyrDIeSLXCpdSdbsJbShe0rX5DY2z+lSR Xh+6yu8XxdjKK1Ha1s7+6P1mF+2zzEh64bCeqb7Tysy4bqZbHj+MLzS1mS7J4+HZRqeglhqGGPZ Nf2Pu1635G84gPpoU822m/or1lOfsO0B0DK/pc11HgIxGGiPLd/KYGIHJqW3uzmr9GfuVyUZlpJ 50adXE0fdSqB0uqmpTCFpHYC3W+9Z5XHmsMAQ/h16hvY4u6Ja7+ScofnclXSu+bFdBDHaURMLy8 Rlw8AUcXQm5zBCm3Zn3bCR7HXBX3w8GeAgjlHNi3hnFzMVXMV8qci08ICByStPBt0VaOi9B2fcn Jledi3OgAyznSniih7vKrdaeiUKMId8264D+ZZy/5uh9JPuCaG5I5g2aOEeGwJOLQA1Zuo2VLfq 5MvT4c1+6UdRULH X-Google-Smtp-Source: AGHT+IExWVexzUnKcxTwfYgOYf3r4tTgS0aisp7MxRHoeqvXnsdWfpbBK/qR84vqvGxwAzpgZN+KnA== X-Received: by 2002:a2e:a905:0:b0:382:5178:3e96 with SMTP id 38308e7fff4ca-382eaac9c85mr12054861fa.29.1767715991373; Tue, 06 Jan 2026 08:13:11 -0800 (PST) Received: from LT-5CG5341NQ4.nordic.imtech.com (37-33-180-149.bb.dnainternet.fi. [37.33.180.149]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-382eb91dfbdsm5256091fa.44.2026.01.06.08.13.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jan 2026 08:13:10 -0800 (PST) From: Kari Argillander Date: Tue, 06 Jan 2026 18:11:41 +0200 Subject: [PATCH RFC v2 03/11] rust: miscdevice: fix use after free because missing .owner Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260106-this_module_fix-v2-3-842ac026f00b@gmail.com> References: <20260106-this_module_fix-v2-0-842ac026f00b@gmail.com> In-Reply-To: <20260106-this_module_fix-v2-0-842ac026f00b@gmail.com> To: Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Alexandre Courbot Cc: Greg Kroah-Hartman , rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org, Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , Aaron Tomlin , Kari Argillander , Youseok Yang X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1767715983; l=2370; i=kari.argillander@gmail.com; s=20251219; h=from:subject:message-id; bh=891dg5NeMMgINCtxfUx5z2GhTLzUtO+bREujFmK9Vxo=; b=XTB+sVOL63dP4+VWC+iJBYkzCmbAeMtvvB++kKg5rg1gpSNNQmkqwSCagBJoh3NsSq0qwA4nQ VI5WDjBJtTIDa6b1hFQyngjY104t7ooXovgREEee0nWRpTUeFWWqvFb X-Developer-Key: i=kari.argillander@gmail.com; a=ed25519; pk=RwSxyhTpE3z4sywdDbIkC3q33ZQLNyhYWxT44iTY6r4= Currently if miscdevice driver is compiled as module it can cause use after free when unloading. To reproduce problem with Rust sample driver we can do: tail -f /dev/rust-misc-device # And same time as device is open sudo rmmod rust_misc_device_module This will crash system. Fix is to have .owner field filled with module information. We pass this owner information through vtable. Reported-by: Youseok Yang Closes: https://github.com/Rust-for-Linux/linux/issues/1182 Fixes: f893691e7426 ("rust: miscdevice: add base miscdevice abstraction") Signed-off-by: Kari Argillander --- rust/kernel/miscdevice.rs | 5 +++++ samples/rust/rust_misc_device.rs | 1 + 2 files changed, 6 insertions(+) diff --git a/rust/kernel/miscdevice.rs b/rust/kernel/miscdevice.rs index ba64c8a858f0..d4b0c35c4b60 100644 --- a/rust/kernel/miscdevice.rs +++ b/rust/kernel/miscdevice.rs @@ -18,6 +18,7 @@ mm::virt::VmaNew, prelude::*, seq_file::SeqFile, + this_module::ThisModule, types::{ForeignOwnable, Opaque}, }; use core::{marker::PhantomData, pin::Pin}; @@ -112,6 +113,9 @@ fn drop(self: Pin<&mut Self>) { /// Trait implemented by the private data of an open misc device. #[vtable] pub trait MiscDevice: Sized { + /// Module ownership for this device, provided via `THIS_MODULE`. + type ThisModule: ThisModule; + /// What kind of pointer should `Self` be wrapped in. type Ptr: ForeignOwnable + Send + Sync; =20 @@ -388,6 +392,7 @@ impl MiscdeviceVTable { } =20 const VTABLE: bindings::file_operations =3D bindings::file_operations { + owner: T::ThisModule::OWNER.as_ptr(), open: Some(Self::open), release: Some(Self::release), mmap: if T::HAS_MMAP { Some(Self::mmap) } else { None }, diff --git a/samples/rust/rust_misc_device.rs b/samples/rust/rust_misc_devi= ce.rs index 49dd5814e1ab..464e3026e6e3 100644 --- a/samples/rust/rust_misc_device.rs +++ b/samples/rust/rust_misc_device.rs @@ -155,6 +155,7 @@ struct RustMiscDevice { =20 #[vtable] impl MiscDevice for RustMiscDevice { + type ThisModule =3D THIS_MODULE; type Ptr =3D Pin>; =20 fn open(_file: &File, misc: &MiscDeviceRegistration) -> Result>> { --=20 2.43.0