[PATCH v3 0/4] platform/chrome: cros_ec_chardev: Fix a potential UAF

Next message: Tzung-Bi Shih: "[PATCH v3 2/4] platform/chrome: cros_ec_chardev: Move data to chardev_pdata"
Previous message: Tzung-Bi Shih: "[PATCH v3 3/4] platform/chrome: cros_ec_chardev: Add event relayer"
Next in thread: Tzung-Bi Shih: "[PATCH v3 1/4] platform/chrome: cros_ec_chardev: Introduce chardev_data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tzung-Bi Shih

Date: Mon May 25 2026 - 01:28:17 EST

This series addresses a potential Use-After-Free error when a device is
deregistered while file operations are still in progress or files remain
open in cros_ec_chardev.

- Patches 1 to 3 are preparation steps in cros_ec_chardev driver. They
introduce reference counting for platform driver data and an event
relayer. This removes the direct access to `ec_dev->event_notifier`
in `cros_ec_chardev_release()`.
- Patch 4 introduces a rwsem for protecting `ec_dev` to prevent the UAF
error.

---
v3:
- Address review comment in patch 4.

v2: https://lore.kernel.org/all/20260516143017.18560-1-tzungbi@xxxxxxxxxx
- Merge patches 5 to 7 from
https://lore.kernel.org/all/20260427134659.95181-1-tzungbi@xxxxxxxxxx.

v1: Doesn't exist.

Tzung-Bi Shih (4):
platform/chrome: cros_ec_chardev: Introduce chardev_data
platform/chrome: cros_ec_chardev: Move data to chardev_pdata
platform/chrome: cros_ec_chardev: Add event relayer
platform/chrome: cros_ec_chardev: Introduce rwsem for protecting
ec_dev

drivers/platform/chrome/cros_ec_chardev.c | 146 +++++++++++++++++-----
1 file changed, 116 insertions(+), 30 deletions(-)

--
2.54.0.794.g4f17f83d09-goog