This series transitions the UAF prevention logic within the GPIO core (gpiolib) to use the 'revocable' mechanism.
The existing code aims to prevent UAF issues when the underlying GPIO chip is removed. This series replaces that custom logic with the generic 'revocable' API, which is designed to handle such lifecycle dependencies. There should be no change in behavior. This series depends on the 'revocable' API, introduced in [1]. Some build bots may report errors due to undefined symbols related to 'revocable' until the dependency is merged. [1] https://lore.kernel.org/chrome-platform/[email protected] Tzung-Bi Shih (23): gpiolib: Correct wrong kfree() usage for `kobj->name` gpiolib: cdev: Fix resource leaks on errors in gpiolib_cdev_register() gpiolib: Fix resource leaks on errors in gpiochip_add_data_with_key() gpiolib: Fix resource leaks on errors in lineinfo_changed_notify() gpiolib: cdev: Correct return code on memory allocation failure => The first 5 patches are fixes. They aren't directly related to the replacement, and should be able to apply independently. gpiolib: Access `gpio_bus_type` in gpiochip_setup_dev() gpiolib: Remove redundant check for struct gpio_chip gpiolib: sysfs: Remove redundant check for struct gpio_chip gpiolib: Ensure struct gpio_chip for gpiochip_setup_dev() gpiolib: cdev: Don't check struct gpio_chip in gpio_chrdev_open() => The following 5 patches are refactors. Makes the subsequent changes easier or at least clear. selftests: gpio: Add gpio-cdev-uaf tests => The following patch adds kselftest cases for some classic UAF scenarios. gpiolib: Add revocable provider handle for struct gpio_chip gpiolib: cdev: Leverage revocable for gpio_fileops gpiolib: cdev: Leverage revocable for linehandle_fileops gpiolib: cdev: Leverage revocable for line_fileops gpiolib: cdev: Leverage revocable for lineevent_fileops gpiolib: cdev: Leverage revocable for lineinfo_changed_notify gpiolib: Leverage revocable for gpiolib_sops => The following 7 patches start to replace the existing code. They are intentionally making small changes for easier to review. revocable: Support to define revocable consumer handle on stack revocable: Add Kunit test case for DEFINE_REVOCABLE() selftests: revocable: Add test case for DEFINE_REVOCABLE() => The following 3 patches introduce a new way to define revocable consumer handles on stack and its test cases. gpiolib: Leverage revocable for other independent lifecycle instances => The following patch handles the "others" (i.e., the rest of those custom logic) by using DEFINE_REVOCABLE() to at least make the usage easier. A big patch. gpiolib: Remove unused `chip` and `srcu` in struct gpio_device => The last patch removes the unused fields for the custom logic as all of them should be transiting to revocable. .../driver-api/driver-model/revocable.rst | 5 +- drivers/base/revocable.c | 60 ++- drivers/base/revocable_test.c | 54 +++ drivers/gpio/gpiolib-cdev.c | 262 ++++++----- drivers/gpio/gpiolib-cdev.h | 3 +- drivers/gpio/gpiolib-sysfs.c | 55 ++- drivers/gpio/gpiolib-sysfs.h | 11 +- drivers/gpio/gpiolib.c | 410 ++++++++++-------- drivers/gpio/gpiolib.h | 27 +- include/linux/revocable.h | 30 +- .../drivers/base/revocable/revocable_test.c | 12 + .../revocable/test_modules/revocable_test.c | 37 +- tools/testing/selftests/gpio/Makefile | 5 +- tools/testing/selftests/gpio/gpio-cdev-uaf.c | 320 ++++++++++++++ tools/testing/selftests/gpio/gpio-cdev-uaf.sh | 67 +++ 15 files changed, 974 insertions(+), 384 deletions(-) create mode 100644 tools/testing/selftests/gpio/gpio-cdev-uaf.c create mode 100755 tools/testing/selftests/gpio/gpio-cdev-uaf.sh -- 2.52.0.457.g6b5491de43-goog
