From: "Danilo Krummrich" <dakr@kernel.org>
To: "Tzung-Bi Shih" <tzungbi@kernel.org>
Cc: "Benson Leung" <bleung@chromium.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Rafael J . Wysocki" <rafael@kernel.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Shuah Khan" <shuah@kernel.org>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <chrome-platform@lists.linux.dev>,
<linux-kselftest@vger.kernel.org>,
"Laurent Pinchart" <laurent.pinchart@ideasonboard.com>,
"Bartosz Golaszewski" <brgl@bgdev.pl>,
"Wolfram Sang" <wsa+renesas@sang-engineering.com>,
"Simona Vetter" <simona.vetter@ffwll.ch>,
"Dan Williams" <dan.j.williams@intel.com>,
"Jason Gunthorpe" <jgg@nvidia.com>
Subject: Re: [PATCH v6 1/3] revocable: Revocable resource management
Date: Thu, 06 Nov 2025 17:20:17 +0100 [thread overview]
Message-ID: <DE1QYZ73VEDY.3UGO41S4PAEVK@kernel.org> (raw)
In-Reply-To: <20251106152330.11733-2-tzungbi@kernel.org>
On Thu Nov 6, 2025 at 4:23 PM CET, Tzung-Bi Shih wrote:
> +Revocable vs. Device-Managed (devm) Resources
> +=============================================
> +
> +It's important to understand the distinction between a standard
> +device-managed (devm) resource and a resource managed by a revocable provider.
> +
> +The key difference is their lifetime:
> +
> +* A **devm resource** is tied to the lifetime of the device. It is
> + automatically freed when the device is unbound.
> +* A **revocable provider** persists as long as there are active references
> + to it from consumer handles.
> +
> +This means that a revocable provider can outlive the device that created
> +it. This is a deliberate design feature, allowing consumers to hold a
> +reference to a resource even after the underlying device has been removed,
This seems wrong, the consumer does not hold a reference to the encapsulated
resource, it holds a reference to the revocable object itself.
The resource itself may be revoked at any point of time -- usually by devres,
but can be anything.
This makes revocable an independent synchronization primitive -- which admittedly
is mainly designed for (device) resources. Yet, it's independent.
In comparison, devres manages the lifetime of a resource, while ignoring if
there are active users or not.
Hence, I think the description needs some adjustments, as it makes it sounds as
if they're the same thing with different lifetime patterns, while they're
fundamentally different components.
I'd rather explain how revocable can complement devres.
> +/**
> + * DOC: Overview
> + *
> + * Some resources can be removed asynchronously, for example, resources
> + * provided by a hot-pluggable device like USB. When holding a reference
> + * to such a resource, it's possible for the resource to be removed and
> + * its memory freed, leading to use-after-free errors on subsequent access.
> + *
> + * The "revocable" mechanism addresses this by establishing a weak reference
> + * to a resource that might be freed at any time. It allows a resource
> + * consumer to safely attempt to access the resource, guaranteeing that the
> + * access is valid for the duration of its use, or it fails safely if the
> + * resource has already been revoked.
Here you start the documentation with _how_ revocable can be used, but I'd
rather start with explaining what it is, i.e. explain that it is a
synchronization primitive manages the access to an object that can
asynchronously be revoked, etc.
I'd move the example use-case below that.
The code itself LGTM, hence with the above addressed,
Acked-by: Danilo Krummrich <dakr@kernel.org>
next prev parent reply other threads:[~2025-11-06 16:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 15:23 [PATCH v6 0/3] drivers/base: Introduce revocable Tzung-Bi Shih
2025-11-06 15:23 ` [PATCH v6 1/3] revocable: Revocable resource management Tzung-Bi Shih
2025-11-06 16:20 ` Danilo Krummrich [this message]
2025-11-06 15:23 ` [PATCH v6 2/3] revocable: Add Kunit test cases Tzung-Bi Shih
2025-11-06 15:23 ` [PATCH v6 3/3] selftests: revocable: Add kselftest cases Tzung-Bi Shih
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DE1QYZ73VEDY.3UGO41S4PAEVK@kernel.org \
--to=dakr@kernel.org \
--cc=bleung@chromium.org \
--cc=brgl@bgdev.pl \
--cc=chrome-platform@lists.linux.dev \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jgg@nvidia.com \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=shuah@kernel.org \
--cc=simona.vetter@ffwll.ch \
--cc=tzungbi@kernel.org \
--cc=wsa+renesas@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).