Re: [PATCH v8 1/3] revocable: Revocable resource management

Next message: Manivannan Sadhasivam: "Re: [PATCH v4 3/9] pci: pwrctrl: rename pci-pwrctrl-slot as generic"
Previous message: Stefano Garzarella: "[PATCH net] vsock: document namespace mode sysctls"
Next in thread: Tzung-Bi Shih: "Re: [PATCH v8 1/3] revocable: Revocable resource management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Bartosz Golaszewski

Date: Mon Feb 16 2026 - 11:38:03 EST

On Fri, 13 Feb 2026 10:23:05 +0100, Tzung-Bi Shih <tzungbi@xxxxxxxxxx> said:
> The "revocable" mechanism is a synchronization primitive designed to
> manage safe access to resources that can be asynchronously removed or
> invalidated. Its primary purpose is to prevent Use-After-Free (UAF)
> errors when interacting with resources whose lifetimes are not
> guaranteed to outlast their consumers.
>

[snip]

> diff --git a/include/linux/revocable.h b/include/linux/revocable.h
> +

[snip]

> +/**
> + * struct revocable_consumer - A handle for resource consumer.
> + * @rp: The pointer of resource provider.
> + * @idx: The index for the SRCU critical section.
> + */
> +struct revocable_consumer {
> + struct revocable *rp;
> + int idx;
> +};
> +
> +void revocable_get(struct revocable *rp);
> +void revocable_put(struct revocable *rp);
> +struct revocable *revocable_alloc(void *res);

Is there any reason why we couldn't do:

int revocable_init(struct revocable *rp, void *res);

and then:

struct gpio_device {
struct revocable rp;
...
};

revocable_init(&gdev->rp, gc);

? It would be functionally equivalent to what we're doing now in GPIO.

Bartosz