Re: [PATCH v2 3/7] rust: drm: Add RegistrationData to drm::Driver

[Danilo Krummrich]

On Wed Jun 3, 2026 at 1:51 PM CEST, Gary Guo wrote:
>> +    /// Safe variant of [`Registration::new_with_lt()`] for registration data that does not contain
>> +    /// borrowed references.
>> +    pub fn new<E>(
>
> This is currently unsound, as leaking the unbind guard also gives out
> `&Device<Bound>` in addition to the registration data.

For this to be unsound someone would need to be able to move the
drm::Registration into a context where its Drop runs independently of the driver
unbind, because otherwise leaking the UnbindGuard would also block driver unbind
forever and the now unconstraint &Device<Bound> remains valid.

So, I assume you refer to the case where someone calls forget() on the
drm::Registration that was created without the promise not to do so, i.e. new().

> I think we should just remove the not pass `&Device<Bound>` to ioctl callbacks.
> Giving back registration data is sufficient; if a device driver needs
> `&Device<Bound>` it can just store a reference in its registration data; more
> commonly I suspect it will just store whatever device resource is needed and
> doesn't need `&Device<Bound>` (with the introduction of lifetime, we have much
> fewer cases that we actually need `&Device<Bound>` and cannot be replaced with a
> direct reference to the device resource).
>
> Not passing this bound device allows us to make this safe, and also remove the
> need of patch 1 and patch 5.

I follow your reasoning, but not passing T::ParentDevice<Bound> in the ioctl
makes Registration::new() rather pointless on its own; given that it takes
T: 'static you can't store &'a T::ParentDevice<Bound> in the first place.