On Fri, 13 Feb 2026 10:23:05 +0100, Tzung-Bi Shih <[email protected]> said:
> The "revocable" mechanism is a synchronization primitive designed to
> manage safe access to resources that can be asynchronously removed or
> invalidated. Its primary purpose is to prevent Use-After-Free (UAF)
> errors when interacting with resources whose lifetimes are not
> guaranteed to outlast their consumers.
>
[snip]
> diff --git a/include/linux/revocable.h b/include/linux/revocable.h
> +
[snip]
> +/**
> + * struct revocable_consumer - A handle for resource consumer.
> + * @rp: The pointer of resource provider.
> + * @idx: The index for the SRCU critical section.
> + */
> +struct revocable_consumer {
> + struct revocable *rp;
> + int idx;
> +};
> +
> +void revocable_get(struct revocable *rp);
> +void revocable_put(struct revocable *rp);
> +struct revocable *revocable_alloc(void *res);
Is there any reason why we couldn't do:
int revocable_init(struct revocable *rp, void *res);
and then:
struct gpio_device {
struct revocable rp;
...
};
revocable_init(&gdev->rp, gc);
? It would be functionally equivalent to what we're doing now in GPIO.
Bartosz
