From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2965421B9FD; Wed, 20 Aug 2025 08:17:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755677845; cv=none; b=NckeVhkDUE99iSUKV6fjEMSh0o8rZFhHZZaXVa/lP7kWcvprhTr/kKjmNMlhzjoPxsD84jfZ+PohKH9hRJchHIanKHtki8cB2fhEcql7KddOs/ZmA6laexZVD7ETRdf2qeg9mYObLQ3pmEbYhg4aKFKrnu4VdhtSFXpGcb76CmQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755677845; c=relaxed/simple; bh=Dc5NRIzPD+WO269gYuJoXHm7vaSM5NPvDKwoOI/hTec=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=pQZc3p1MnuvA05XWCVWHCFbeJU3o9uyehnL6mL7pjbicdwYQfi4D9onn2Kz9Aky4V1YZuaV++U91U8xF4QDqjgsRdAguinPAg2ChN4a96IA++VKuHlgTsHp7xGT9YKtqFjYjpNS9s31doiZuj/qIsWeAPKWalpsCwrMMDfdkM3A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YcZ6QKsN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YcZ6QKsN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7278AC113D0; Wed, 20 Aug 2025 08:17:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1755677844; bh=Dc5NRIzPD+WO269gYuJoXHm7vaSM5NPvDKwoOI/hTec=; h=From:To:Cc:Subject:Date:From; b=YcZ6QKsNp9V3duVko2MLuTdpZ+y8x/zmsEvi6Ok2rqXL20SrWYfDL97LuLdlsSxFS inoAu2nx9AN69lJQar8/AOHuceFHXjb6KMymFyrfGrcmAWTBQiojH7An4OuGZdDrw/ abuozJkRPIZJI85rG1XsmHWqNS/Ol72G2zs0vIOpjn7ejkyaQvh0vjQZJCm2oeWSMC nLu0P1q67rJIqTH5t9HivEV9S0bf5BSzhwNQyE1XZSp0wu+Mb2q+NovNW/umXhPnQf oIdKCHCo2dmzPpDMz09qZ5rQCKei16U8D//ttk14gKAY8Utgc2E7LYP/5c5ubq39Wp 1Z6PcQh4sQW7A== From: Tzung-Bi Shih To: Benson Leung , Greg Kroah-Hartman , "Rafael J . Wysocki" , Danilo Krummrich Cc: Jonathan Corbet , Shuah Khan , Dawid Niedzwiecki , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, chrome-platform@lists.linux.dev, linux-kselftest@vger.kernel.org, tzungbi@kernel.org, Laurent Pinchart , Bartosz Golaszewski , Wolfram Sang Subject: [PATCH v2 0/5] platform/chrome: Fix a possible UAF via revocable Date: Wed, 20 Aug 2025 08:16:40 +0000 Message-ID: <20250820081645.847919-1-tzungbi@kernel.org> X-Mailer: git-send-email 2.51.0.rc1.167.g924127e9c0-goog Precedence: bulk X-Mailing-List: chrome-platform@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This is a follow-up series of [1]. It tries to fix a possible UAF in the fops of cros_ec_chardev after the underlying protocol device has gone by using revocable. The 1st patch introduces the revocable which is an implementation of ideas from the talk [2]. The 2nd and 3rd patches add test cases for revocable in Kunit and selftest. The 4th patch converts existing protocol devices to resource providers of cros_ec_device. The 5th patch converts cros_ec_chardev to a resource consumer of cros_ec_device to fix the UAF. [1] https://lore.kernel.org/chrome-platform/20250721044456.2736300-6-tzungbi@kernel.org/ [2] https://lpc.events/event/17/contributions/1627/ Cc: Laurent Pinchart Cc: Bartosz Golaszewski Cc: Wolfram Sang v2: - Rename "ref_proxy" -> "revocable". - Add test cases in Kunit and selftest. v1: https://lore.kernel.org/chrome-platform/20250814091020.1302888-1-tzungbi@kernel.org/ Tzung-Bi Shih (5): revocable: Revocable resource management revocable: Add Kunit test cases selftests: revocable: Add kselftest cases platform/chrome: Protect cros_ec_device lifecycle with revocable platform/chrome: cros_ec_chardev: Consume cros_ec_device via revocable .../driver-api/driver-model/index.rst | 1 + .../driver-api/driver-model/revocable.rst | 151 ++++++++++++ MAINTAINERS | 9 + drivers/base/Kconfig | 8 + drivers/base/Makefile | 5 +- drivers/base/revocable.c | 229 ++++++++++++++++++ drivers/base/revocable_test.c | 110 +++++++++ drivers/platform/chrome/cros_ec_chardev.c | 124 +++++++--- drivers/platform/chrome/cros_ec_i2c.c | 5 + drivers/platform/chrome/cros_ec_ishtp.c | 5 + drivers/platform/chrome/cros_ec_lpc.c | 5 + drivers/platform/chrome/cros_ec_rpmsg.c | 5 + drivers/platform/chrome/cros_ec_spi.c | 4 + drivers/platform/chrome/cros_ec_uart.c | 5 + include/linux/platform_data/cros_ec_proto.h | 4 + include/linux/revocable.h | 37 +++ tools/testing/selftests/Makefile | 1 + .../selftests/drivers/base/revocable/Makefile | 7 + .../drivers/base/revocable/revocable_test.c | 116 +++++++++ .../drivers/base/revocable/test-revocable.sh | 39 +++ .../base/revocable/test_modules/Makefile | 10 + .../revocable/test_modules/revocable_test.c | 188 ++++++++++++++ 22 files changed, 1027 insertions(+), 41 deletions(-) create mode 100644 Documentation/driver-api/driver-model/revocable.rst create mode 100644 drivers/base/revocable.c create mode 100644 drivers/base/revocable_test.c create mode 100644 include/linux/revocable.h create mode 100644 tools/testing/selftests/drivers/base/revocable/Makefile create mode 100644 tools/testing/selftests/drivers/base/revocable/revocable_test.c create mode 100755 tools/testing/selftests/drivers/base/revocable/test-revocable.sh create mode 100644 tools/testing/selftests/drivers/base/revocable/test_modules/Makefile create mode 100644 tools/testing/selftests/drivers/base/revocable/test_modules/revocable_test.c -- 2.51.0.rc1.167.g924127e9c0-goog