lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260116081036.352286-1-tzungbi@kernel.org>
Date: Fri, 16 Jan 2026 08:10:13 +0000
From: Tzung-Bi Shih <tzungbi@...nel.org>
To: Benson Leung <bleung@...omium.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"Rafael J . Wysocki" <rafael@...nel.org>,
	Danilo Krummrich <dakr@...nel.org>,
	Bartosz Golaszewski <brgl@...ev.pl>,
	Linus Walleij <linusw@...nel.org>
Cc: Jonathan Corbet <corbet@....net>,
	Shuah Khan <shuah@...nel.org>,
	linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	chrome-platform@...ts.linux.dev,
	linux-kselftest@...r.kernel.org,
	tzungbi@...nel.org,
	Laurent Pinchart <laurent.pinchart@...asonboard.com>,
	Wolfram Sang <wsa+renesas@...g-engineering.com>,
	Simona Vetter <simona.vetter@...ll.ch>,
	Dan Williams <dan.j.williams@...el.com>,
	Jason Gunthorpe <jgg@...dia.com>,
	linux-gpio@...r.kernel.org
Subject: [PATCH 00/23] gpiolib: Adopt revocable mechanism for UAF prevention

This series transitions the UAF prevention logic within the GPIO core
(gpiolib) to use the 'revocable' mechanism.

The existing code aims to prevent UAF issues when the underlying GPIO
chip is removed.  This series replaces that custom logic with the
generic 'revocable' API, which is designed to handle such lifecycle
dependencies.  There should be no change in behavior.

This series depends on the 'revocable' API, introduced in [1].  Some
build bots may report errors due to undefined symbols related to
'revocable' until the dependency is merged.

[1] https://lore.kernel.org/chrome-platform/20260116080235.350305-1-tzungbi@kernel.org

Tzung-Bi Shih (23):
  gpiolib: Correct wrong kfree() usage for `kobj->name`
  gpiolib: cdev: Fix resource leaks on errors in gpiolib_cdev_register()
  gpiolib: Fix resource leaks on errors in gpiochip_add_data_with_key()
  gpiolib: Fix resource leaks on errors in lineinfo_changed_notify()
  gpiolib: cdev: Correct return code on memory allocation failure

=> The first 5 patches are fixes.  They aren't directly related to the
   replacement, and should be able to apply independently.

  gpiolib: Access `gpio_bus_type` in gpiochip_setup_dev()
  gpiolib: Remove redundant check for struct gpio_chip
  gpiolib: sysfs: Remove redundant check for struct gpio_chip
  gpiolib: Ensure struct gpio_chip for gpiochip_setup_dev()
  gpiolib: cdev: Don't check struct gpio_chip in gpio_chrdev_open()

=> The following 5 patches are refactors.  Makes the subsequent changes
   easier or at least clear.

  selftests: gpio: Add gpio-cdev-uaf tests

=> The following patch adds kselftest cases for some classic UAF
   scenarios.

  gpiolib: Add revocable provider handle for struct gpio_chip
  gpiolib: cdev: Leverage revocable for gpio_fileops
  gpiolib: cdev: Leverage revocable for linehandle_fileops
  gpiolib: cdev: Leverage revocable for line_fileops
  gpiolib: cdev: Leverage revocable for lineevent_fileops
  gpiolib: cdev: Leverage revocable for lineinfo_changed_notify
  gpiolib: Leverage revocable for gpiolib_sops

=> The following 7 patches start to replace the existing code.  They
   are intentionally making small changes for easier to review.

  revocable: Support to define revocable consumer handle on stack
  revocable: Add Kunit test case for DEFINE_REVOCABLE()
  selftests: revocable: Add test case for DEFINE_REVOCABLE()

=> The following 3 patches introduce a new way to define revocable
   consumer handles on stack and its test cases.

  gpiolib: Leverage revocable for other independent lifecycle instances

=> The following patch handles the "others" (i.e., the rest of those
   custom logic) by using DEFINE_REVOCABLE() to at least make the usage
   easier.  A big patch.

  gpiolib: Remove unused `chip` and `srcu` in struct gpio_device

=> The last patch removes the unused fields for the custom logic as all
   of them should be transiting to revocable.

 .../driver-api/driver-model/revocable.rst     |   5 +-
 drivers/base/revocable.c                      |  60 ++-
 drivers/base/revocable_test.c                 |  54 +++
 drivers/gpio/gpiolib-cdev.c                   | 262 ++++++-----
 drivers/gpio/gpiolib-cdev.h                   |   3 +-
 drivers/gpio/gpiolib-sysfs.c                  |  55 ++-
 drivers/gpio/gpiolib-sysfs.h                  |  11 +-
 drivers/gpio/gpiolib.c                        | 410 ++++++++++--------
 drivers/gpio/gpiolib.h                        |  27 +-
 include/linux/revocable.h                     |  30 +-
 .../drivers/base/revocable/revocable_test.c   |  12 +
 .../revocable/test_modules/revocable_test.c   |  37 +-
 tools/testing/selftests/gpio/Makefile         |   5 +-
 tools/testing/selftests/gpio/gpio-cdev-uaf.c  | 320 ++++++++++++++
 tools/testing/selftests/gpio/gpio-cdev-uaf.sh |  67 +++
 15 files changed, 974 insertions(+), 384 deletions(-)
 create mode 100644 tools/testing/selftests/gpio/gpio-cdev-uaf.c
 create mode 100755 tools/testing/selftests/gpio/gpio-cdev-uaf.sh

-- 
2.52.0.457.g6b5491de43-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ