1. Patchew
  2. linux
  3. View series

[PATCH v2 0/2] rust: debugfs: fix callback file unsoundness

Tamir Duberstein posted 2 patches 1 week, 6 days ago 
rust/kernel/debugfs.rs                   | 20 ++-----
rust/kernel/debugfs/callback_adapters.rs | 67 +++++++++++-----------
rust/kernel/debugfs/file_ops.rs          | 96 ++++++++++++++++----------------
3 files changed, 90 insertions(+), 93 deletions(-)
[PATCH v2 0/2] rust: debugfs: fix callback file unsoundness
Posted by Tamir Duberstein 1 week, 6 days ago 
Commit 40ecc49466c8 ("rust: debugfs: Add support for callback-based
files") introduced two ways to construct references whose requirements
are not met.

First, `write()` constructed an `&mut seq_file` although file operation
callbacks may run concurrently for the same open file. It only needs
`seq_file::private`, so patch 1 reads that field through a raw pointer.

Second, `FileOps::adapt()` transmuted a reference between different
generic instantiations of a default-representation type, despite there
being no layout guarantee. Patch 2 replaces this with an explicit
adapter safety contract.

I discovered the second issue while looking to remove
reference-to-reference transmutes after discussing with Alice [1] and
the first issue was found by Sashiko in the v1 review.

Link: https://lore.kernel.org/all/CAH5fLgibt_BQmOtkfEfo1=48zUeoWBJ-=u5gzw_a3X6Q7=aUSA@mail.gmail.com/ [1]
Signed-off-by: Tamir Duberstein <tamird@kernel.org>
---
Changes in v2:
- Fix the pre-existing `write()` aliasing issue reported during review
  of v1.
- Link to v1: https://patch.msgid.link/20260526-fileops-unsound-redesign-v1-1-bd1685cbaf56@kernel.org

To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Rafael J. Wysocki" <rafael@kernel.org>
To: Danilo Krummrich <dakr@kernel.org>
To: Miguel Ojeda <ojeda@kernel.org>
To: Boqun Feng <boqun@kernel.org>
To: Gary Guo <gary@garyguo.net>
To: Björn Roy Baron <bjorn3_gh@protonmail.com>
To: Benno Lossin <lossin@kernel.org>
To: Andreas Hindborg <a.hindborg@kernel.org>
To: Alice Ryhl <aliceryhl@google.com>
To: Trevor Gross <tmgross@umich.edu>
To: Matthew Maurer <mmaurer@google.com>
Cc: driver-core@lists.linux.dev
Cc: rust-for-linux@vger.kernel.org
Cc: linux-kernel@vger.kernel.org

---
Tamir Duberstein (2):
      rust: debugfs: avoid borrowing seq_file in write
      rust: debugfs: avoid transmuting FileOps

 rust/kernel/debugfs.rs                   | 20 ++-----
 rust/kernel/debugfs/callback_adapters.rs | 67 +++++++++++-----------
 rust/kernel/debugfs/file_ops.rs          | 96 ++++++++++++++++----------------
 3 files changed, 90 insertions(+), 93 deletions(-)
---
base-commit: fc1ce3afa2e61b4b15e71436ece91b0441a9f4f0
change-id: 20260526-fileops-unsound-redesign-51a81b17f552

Best regards,
--  
Tamir Duberstein <tamird@kernel.org>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.