[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aN6GNYXFiyZpqGVw@tzungbi-laptop>
Date: Thu, 2 Oct 2025 22:03:33 +0800
From: Tzung-Bi Shih <tzungbi@...nel.org>
To: Mary Strodl <mstrodl@....rit.edu>
Cc: Linus Walleij <linus.walleij@...aro.org>, linux-kernel@...r.kernel.org,
brgl@...ev.pl, linux-gpio@...r.kernel.org,
"Paul E. McKenney" <paulmck@...nel.org>
Subject: Re: [PATCH v2 1/3] gpio: mpsse: use rcu to ensure worker is torn down
On Wed, Oct 01, 2025 at 11:07:00AM -0400, Mary Strodl wrote:
> Hey Linus,
>
> On Wed, Oct 01, 2025 at 09:15:14AM +0200, Linus Walleij wrote:
> > Oh this RCU thing is a bit terse and a lot of code.
> >
> > Can you look if you can use the new revocable resource
> > management API? It uses RCU underneath.
> > https://lwn.net/Articles/1038523/
>
> Yeah I'm very open to suggestions about how to do this nicer.
>
> I can't read that article, because I don't subscribe to LWN (Maybe I should
> though). Looks like it becomes free tomorrow, so I can take a look then. I did
> find and skim through this, which I believe is the implementation of the API
> you're talking about:
> https://lore.kernel.org/chrome-platform/20250923075302.591026-2-tzungbi@kernel.org/
>
> Based on this, it seems like:
> * This uses sleepable RCU, which I don't think we can use in the IRQ callbacks
> since they don't allow any blocking (this is the main reason for the complexity)
Good to know. It hints me about maybe revocable should provide both RCU and
SRCU variants.
> * We'd still need some sort of list primitive, because we could potentially have
> multiple workers being torn down at a time, so we need to know what all to
> revoke when the device is being torn down. Right now, I'm using the RCU lists
> API to keep track of this. My instinct is to use devm, but that also isn't
> technically safe for use in IRQ handlers.
>
> I obviously haven't played with the revocable resource management API, so
> maybe these limitations aren't as big of a deal as I think they are.
To use revocable API, we need to identify what resources should protect. It
seems there are some UAF possibilities in gpio_mpsse_poll() after unplugging
the device.
Thanks for letting me know the use case. We are figuring if revocable could
provide subsystem level helpers so that device drivers don't need to play
with primitive revocable APIs.
Powered by blists - more mailing lists