From: Tzung-Bi Shih <tzungbi@kernel.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Danilo Krummrich <dakr@kernel.org>,
Bartosz Golaszewski <brgl@bgdev.pl>,
Linus Walleij <linusw@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Wolfram Sang <wsa+renesas@sang-engineering.com>,
Jason Gunthorpe <jgg@nvidia.com>, Johan Hovold <johan@kernel.org>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
chrome-platform@lists.linux.dev,
Dan Williams <dan.j.williams@intel.com>,
linux-gpio@vger.kernel.org
Subject: Re: [PATCH v2 08/11] gpio: cdev: Leverage revocable for accessing struct gpio_chip
Date: Tue, 3 Feb 2026 09:51:55 +0000 [thread overview]
Message-ID: <aYHFO0TlXMP4Bli-@google.com> (raw)
In-Reply-To: <20260203061059.975605-9-tzungbi@kernel.org>
On Tue, Feb 03, 2026 at 06:10:55AM +0000, Tzung-Bi Shih wrote:
> ---
> v2:
> - Change usages accordingly after applying
> https://lore.kernel.org/all/20260129143733.45618-4-tzungbi@kernel.org.
> - Preserve a local storage for `struct revocable`.
> - Combine multiple patches (see "v1:").
Forgot to mention it in the changelog:
- v2 fixes a race condition reported in
https://lore.kernel.org/all/CAMRc=McDaipt85OHm0MksLkuf6E79dY1uNSqqbcJnoQTUs81Pw@mail.gmail.com/
and analyzed in
https://lore.kernel.org/all/aXEEUWwkxHZzCnaI@tzungbi-laptop/.
In v1, the blocking_notifier_chain_unregister() will be skipped if the
chip has been removed, leading an UAF in gpiolib_cdev_unregister().
In v2, it won't skip blocking_notifier_chain_unregister().
>
> v1:
> - https://lore.kernel.org/all/20260116081036.352286-14-tzungbi@kernel.org
> - https://lore.kernel.org/all/20260116081036.352286-15-tzungbi@kernel.org
> - https://lore.kernel.org/all/20260116081036.352286-16-tzungbi@kernel.org
> - https://lore.kernel.org/all/20260116081036.352286-17-tzungbi@kernel.org
> - https://lore.kernel.org/all/20260116081036.352286-18-tzungbi@kernel.org
next prev parent reply other threads:[~2026-02-03 9:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 6:10 [PATCH v2 00/11] gpio: Adopt revocable mechanism for UAF prevention Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 01/11] gpio: Access `gpio_bus_type` in gpiochip_setup_dev() Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 02/11] gpio: Remove redundant check for struct gpio_chip Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 03/11] gpio: sysfs: " Tzung-Bi Shih
2026-02-04 10:33 ` Bartosz Golaszewski
2026-02-05 8:51 ` Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 04/11] gpio: Ensure struct gpio_chip for gpiochip_setup_dev() Tzung-Bi Shih
2026-02-04 10:36 ` Bartosz Golaszewski
2026-02-05 8:51 ` Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 05/11] gpio: cdev: Don't check struct gpio_chip in gpio_chrdev_open() Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 06/11] selftests: gpio: Add gpio-cdev-uaf tests Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 07/11] gpio: Add revocable provider handle for struct gpio_chip Tzung-Bi Shih
2026-02-04 12:58 ` Bartosz Golaszewski
2026-02-05 8:52 ` Tzung-Bi Shih
2026-02-05 16:57 ` Bartosz Golaszewski
2026-02-06 9:13 ` Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 08/11] gpio: cdev: Leverage revocable for accessing " Tzung-Bi Shih
2026-02-03 9:51 ` Tzung-Bi Shih [this message]
2026-02-04 13:02 ` Bartosz Golaszewski
2026-02-03 6:10 ` [PATCH v2 09/11] gpio: Remove gpio_chip_guard by using revocable Tzung-Bi Shih
2026-02-04 13:05 ` Bartosz Golaszewski
2026-02-03 6:10 ` [PATCH v2 10/11] gpio: Leverage revocable for accessing struct gpio_chip Tzung-Bi Shih
2026-02-03 6:10 ` [PATCH v2 11/11] gpio: Remove unused `chip` and `srcu` in struct gpio_device Tzung-Bi Shih
2026-02-03 11:15 ` [PATCH v2 00/11] gpio: Adopt revocable mechanism for UAF prevention Bartosz Golaszewski
2026-02-03 16:53 ` Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYHFO0TlXMP4Bli-@google.com \
--to=tzungbi@kernel.org \
--cc=brgl@bgdev.pl \
--cc=chrome-platform@lists.linux.dev \
--cc=corbet@lwn.net \
--cc=dakr@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jgg@nvidia.com \
--cc=johan@kernel.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linusw@kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=shuah@kernel.org \
--cc=wsa+renesas@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.