Re: [PATCH v2 08/11] gpio: cdev: Leverage revocable for accessing struct gpio_chip
From: Tzung-Bi Shih
Date: Tue Feb 03 2026 - 04:54:11 EST
On Tue, Feb 03, 2026 at 06:10:55AM +0000, Tzung-Bi Shih wrote:
> ---
> v2:
> - Change usages accordingly after applying
> https://lore.kernel.org/all/20260129143733.45618-4-tzungbi@xxxxxxxxxx.
> - Preserve a local storage for `struct revocable`.
> - Combine multiple patches (see "v1:").
Forgot to mention it in the changelog:
- v2 fixes a race condition reported in
https://lore.kernel.org/all/CAMRc=McDaipt85OHm0MksLkuf6E79dY1uNSqqbcJnoQTUs81Pw@xxxxxxxxxxxxxx/
and analyzed in
https://lore.kernel.org/all/aXEEUWwkxHZzCnaI@tzungbi-laptop/.
In v1, the blocking_notifier_chain_unregister() will be skipped if the
chip has been removed, leading an UAF in gpiolib_cdev_unregister().
In v2, it won't skip blocking_notifier_chain_unregister().
>
> v1:
> - https://lore.kernel.org/all/20260116081036.352286-14-tzungbi@xxxxxxxxxx
> - https://lore.kernel.org/all/20260116081036.352286-15-tzungbi@xxxxxxxxxx
> - https://lore.kernel.org/all/20260116081036.352286-16-tzungbi@xxxxxxxxxx
> - https://lore.kernel.org/all/20260116081036.352286-17-tzungbi@xxxxxxxxxx
> - https://lore.kernel.org/all/20260116081036.352286-18-tzungbi@xxxxxxxxxx