this macro is wild. Reviewed-by: Lyude Paul <[email protected]>
On Sun, 2026-06-28 at 16:53 +0200, Danilo Krummrich wrote: > References to dev, data, and file in the declare_drm_ioctls! macro > are > created via unsafe pointer dereferences, producing unbounded > lifetimes. > If an ioctl handler explicitly annotates its parameters with 'static, > the compiler accepts this, allowing the handler to stash references > that > outlive the ioctl call. > > Fix this by adding a higher-ranked function pointer coercion that > enforces the handler accepts universally quantified lifetimes: > > let _: for<'a> fn(&'a _, &'a mut _, &'a _) -> _ = $func; > > Since the handler must be coercible to a function pointer accepting > any > lifetime 'a, it can no longer demand 'static on any parameter. > > Cc: [email protected] > Fixes: 9a69570682b1 ("rust: drm: ioctl: Add DRM ioctl abstraction") > Reported-by: [email protected] > Closes: > https://lore.kernel.org/all/[email protected]/ > Suggested-by: Gary Guo <[email protected]> > Signed-off-by: Danilo Krummrich <[email protected]> > --- > rust/kernel/drm/ioctl.rs | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/rust/kernel/drm/ioctl.rs b/rust/kernel/drm/ioctl.rs > index cf328101dde4..ccf4150d83b6 100644 > --- a/rust/kernel/drm/ioctl.rs > +++ b/rust/kernel/drm/ioctl.rs > @@ -135,6 +135,12 @@ macro_rules! declare_drm_ioctls { > // dev/file match the current driver > these ioctls are being declared > // for, and it's not clear how to > enforce this within the type system. > let dev = > $crate::drm::device::Device::from_raw(raw_dev); > + > + // Enforce that the handler accepts > higher-ranked > + // lifetimes, preventing it from > requiring 'static > + // references that could escape this > scope. > + let _: for<'a> fn(&'a _, &'a mut _, &'a > _) -> _ = $func; > + > // SAFETY: The ioctl argument has size > `_IOC_SIZE(cmd)`, which we > // asserted above matches the size of > this type, and all bit patterns of > // UAPI structs must be valid.
