Re: [PATCH v4 7/7] platform/chrome: cros_ec_chardev: Secure cros_ec_device via revocable

linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Tzung-Bi Shih <tzungbi@kernel.org>
To: Benson Leung <bleung@chromium.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"Rafael J . Wysocki" <rafael@kernel.org>,
	Danilo Krummrich <dakr@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>,
	Dawid Niedzwiecki <dawidn@google.com>,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	chrome-platform@lists.linux.dev, linux-kselftest@vger.kernel.org,
	Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
	Bartosz Golaszewski <brgl@bgdev.pl>,
	Wolfram Sang <wsa+renesas@sang-engineering.com>
Subject: Re: [PATCH v4 7/7] platform/chrome: cros_ec_chardev: Secure cros_ec_device via revocable
Date: Tue, 23 Sep 2025 08:29:26 +0000	[thread overview]
Message-ID: <aNJaZr8b7If54e8P@google.com> (raw)
In-Reply-To: <20250923075302.591026-8-tzungbi@kernel.org>

On Tue, Sep 23, 2025 at 07:53:02AM +0000, Tzung-Bi Shih wrote:
> @@ -166,7 +166,6 @@ static int cros_ec_chardev_open(struct inode *inode, struct file *filp)
>  	if (!priv)
>  		return -ENOMEM;
>  
> -	priv->ec_dev = ec_dev;
>  	priv->cmd_offset = ec->cmd_offset;
>  	filp->private_data = priv;
>  	INIT_LIST_HEAD(&priv->events);
> @@ -370,6 +369,18 @@ static const struct file_operations chardev_fops = {
>  #endif
>  };
>  
> +static int cros_ec_chardev_rev_try_access(struct revocable *rev, void *data)
> +{
> +	struct chardev_priv *priv = data;
> +
> +	priv->ec_dev = revocable_try_access(rev);
> +	return priv->ec_dev ? 0 : -ENODEV;
> +}
> +
> +static const struct revocable_operations cros_ec_chardev_rops = {
> +	.try_access = cros_ec_chardev_rev_try_access,
> +};
> +
>  static int cros_ec_chardev_probe(struct platform_device *pdev)
>  {
>  	struct cros_ec_dev *ec = dev_get_drvdata(pdev->dev.parent);
> @@ -385,6 +396,8 @@ static int cros_ec_chardev_probe(struct platform_device *pdev)
>  	misc->fops = &chardev_fops;
>  	misc->name = ec_platform->ec_name;
>  	misc->parent = pdev->dev.parent;
> +	misc->rp = ec->ec_dev->revocable_provider;
> +	misc->rops = &cros_ec_chardev_rops;
>  
>  	dev_set_drvdata(&pdev->dev, misc);

If we prefer to avoid modifying the device driver, the driver must at least
register its resource providers with the subsystem.

This would allow the subsystem to guarantee resource validity by calling
revocable_try_access() before dispatching any file operations.

The device driver could then access its resources directly
(e.g., priv->ec_dev) within its fops, as their validity would have already
been checked by the subsystem.

     prev parent reply	other threads:[~2025-09-23  8:29 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-23  7:52 [PATCH v4 0/7] platform/chrome: Fix a possible UAF via revocable Tzung-Bi Shih
2025-09-23  7:52 ` [PATCH v4 1/7] revocable: Revocable resource management Tzung-Bi Shih
2025-09-23  7:52 ` [PATCH v4 2/7] revocable: Add Kunit test cases Tzung-Bi Shih
2025-09-23  7:52 ` [PATCH v4 3/7] selftests: revocable: Add kselftest cases Tzung-Bi Shih
2025-09-23  7:52 ` [PATCH v4 4/7] platform/chrome: Protect cros_ec_device lifecycle with revocable Tzung-Bi Shih
2025-09-23  7:53 ` [PATCH v4 5/7] revocable: Add fops replacement Tzung-Bi Shih
2025-09-24 20:54   ` dan.j.williams
2025-10-01 14:23     ` Tzung-Bi Shih
2025-09-23  7:53 ` [PATCH v4 6/7] char: misc: Leverage revocable " Tzung-Bi Shih
2025-09-23  7:53 ` [PATCH v4 7/7] platform/chrome: cros_ec_chardev: Secure cros_ec_device via revocable Tzung-Bi Shih
2025-09-23  8:29   ` Tzung-Bi Shih [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aNJaZr8b7If54e8P@google.com \
    --to=tzungbi@kernel.org \
    --cc=bleung@chromium.org \
    --cc=brgl@bgdev.pl \
    --cc=chrome-platform@lists.linux.dev \
    --cc=corbet@lwn.net \
    --cc=dakr@kernel.org \
    --cc=dawidn@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=shuah@kernel.org \
    --cc=wsa+renesas@sang-engineering.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).