From: Jason Gunthorpe <jgg@nvidia.com>
To: Tzung-Bi Shih <tzungbi@kernel.org>
Cc: Benson Leung <bleung@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J . Wysocki" <rafael@kernel.org>,
Danilo Krummrich <dakr@kernel.org>,
Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
chrome-platform@lists.linux.dev, linux-kselftest@vger.kernel.org,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Bartosz Golaszewski <brgl@bgdev.pl>,
Wolfram Sang <wsa+renesas@sang-engineering.com>,
Simona Vetter <simona.vetter@ffwll.ch>,
Dan Williams <dan.j.williams@intel.com>
Subject: Re: [PATCH v6 1/3] revocable: Add fops replacement
Date: Mon, 17 Nov 2025 11:33:01 -0400 [thread overview]
Message-ID: <20251117153301.GD10864@nvidia.com> (raw)
In-Reply-To: <aRGGARe6ExyGpaRh@google.com>
On Mon, Nov 10, 2025 at 06:28:17AM +0000, Tzung-Bi Shih wrote:
> > It just means the user of this needs to understand there are
> > limitations on what release can do. Usually release just frees memory,
> > that is fine.
> >
> > I think it would be strange for a release to touch revocable data,
> > that might suggest some larger problem.
>
> I think it'd be inevitable for accessing some devm memory in ->release(),
> e.g. [1].
>
> [1] https://elixir.bootlin.com/linux/v6.17/source/drivers/platform/chrome/cros_ec_chardev.c#L260
Again, that's symptomatic of a "larger problem" :\
The blocking notifier registration to receive events to relay out to
the file descriptors should be part this drivers probe/remove
lifecycle so it has the proper lifetime. Trying to use a revocable
idea here will create a weirdly unbalanced/dangling blocking notifier
registration :(
Inside cros_ec_chardev it should have a simple list of open file
descriptors and the single blocking notifier callback can iterate over
the list and memdup the events. Then your release is just a simple
locked list del on a global list which doesn't have a lifecycle
problem.
Jason
next prev parent reply other threads:[~2025-11-17 15:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 15:27 [PATCH v6 0/3] platform/chrome: Fix an UAF via replacing fops Tzung-Bi Shih
2025-11-06 15:27 ` [PATCH v6 1/3] revocable: Add fops replacement Tzung-Bi Shih
2025-11-06 15:47 ` Jason Gunthorpe
2025-11-07 5:07 ` Tzung-Bi Shih
2025-11-07 14:15 ` Jason Gunthorpe
2025-11-10 6:28 ` Tzung-Bi Shih
2025-11-17 15:33 ` Jason Gunthorpe [this message]
2025-11-06 17:11 ` kernel test robot
2025-11-07 3:39 ` kernel test robot
2025-11-06 15:27 ` [PATCH v6 2/3] char: misc: Leverage revocable " Tzung-Bi Shih
2025-11-06 15:27 ` [PATCH v6 3/3] platform/chrome: cros_ec_chardev: Secure cros_ec_device via revocable Tzung-Bi Shih
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251117153301.GD10864@nvidia.com \
--to=jgg@nvidia.com \
--cc=bleung@chromium.org \
--cc=brgl@bgdev.pl \
--cc=chrome-platform@lists.linux.dev \
--cc=corbet@lwn.net \
--cc=dakr@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=shuah@kernel.org \
--cc=simona.vetter@ffwll.ch \
--cc=tzungbi@kernel.org \
--cc=wsa+renesas@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.