On Tue, Mar 24, 2026 at 01:59:04AM +0100, Danilo Krummrich wrote: > This is the follow-up of the driver_override generalization in [1], converting > the remaining 11 busses and removing the now-unused driver_set_override() > helper. > > All of them (except AP, which has a different race condition) are prone to the > potential UAF described in [2], caused by accessing the driver_override field > from their corresponding match() callback. > > In order to address this, the generalized driver_override field in struct > device > is protected with a spinlock. The driver-core provides accessors, such as > device_match_driver_override(), device_has_driver_override() and > device_set_driver_override(), which all ensure proper locking internally. > > Additionally, the driver-core provides a driver_override flag in struct > bus_type, which, once enabled, automatically registers generic sysfs > callbacks, > allowing userspace to modify the driver_override field. > > SPI and AP are a bit special; both print "\n" when driver_override is not set, > whereas all other buses (and thus the driver-core) produce "(null)\n" in this > case. > > Hence, SPI and AP do not take advantage of the driver_override flag in struct > bus_type; AP additionally maintains a counter in its custom sysfs store(). > > Technically, we could support a custom fallback string when driver_override is > unset in struct bus_type, but only SPI would benefit from this, since AP has > additional custom logic in store() anyways. > > (I'm not sure if there are userspace programs that strictly rely on this; > driverctl seems to check for both, but I rather not break some userspace tool > I'm not aware of. :) > > This series is based on v7.0-rc5 with no additional dependencies, hence those > patches can be picked up by subsystems individually. > > [1] > https://lore.kernel.org/driver-core/[email protected]/ > [2] https://bugzilla.kernel.org/show_bug.cgi?id=220789 > [3] > https://gitlab.com/driverctl/driverctl/-/blob/0.121/driverctl?ref_type=tags#L99
vdpa bits: Acked-by: Michael S. Tsirkin <[email protected]> I assume it'll all be merged together? > Danilo Krummrich (12): > amba: use generic driver_override infrastructure > bus: fsl-mc: use generic driver_override infrastructure > cdx: use generic driver_override infrastructure > hv: vmbus: use generic driver_override infrastructure > PCI: use generic driver_override infrastructure > platform/wmi: use generic driver_override infrastructure > rpmsg: use generic driver_override infrastructure > vdpa: use generic driver_override infrastructure > s390/cio: use generic driver_override infrastructure > s390/ap: use generic driver_override infrastructure > spi: use generic driver_override infrastructure > driver core: remove driver_set_override() > > drivers/amba/bus.c | 37 +++------------ > drivers/base/driver.c | 75 ------------------------------ > drivers/bus/fsl-mc/fsl-mc-bus.c | 43 +++-------------- > drivers/cdx/cdx.c | 40 ++-------------- > drivers/hv/vmbus_drv.c | 36 ++------------ > drivers/pci/pci-driver.c | 11 +++-- > drivers/pci/pci-sysfs.c | 28 ----------- > drivers/pci/probe.c | 1 - > drivers/platform/wmi/core.c | 36 ++------------ > drivers/rpmsg/qcom_glink_native.c | 2 - > drivers/rpmsg/rpmsg_core.c | 43 +++-------------- > drivers/rpmsg/virtio_rpmsg_bus.c | 1 - > drivers/s390/cio/cio.h | 5 -- > drivers/s390/cio/css.c | 34 ++------------ > drivers/s390/crypto/ap_bus.c | 34 +++++++------- > drivers/s390/crypto/ap_bus.h | 1 - > drivers/s390/crypto/ap_queue.c | 24 +++------- > drivers/spi/spi.c | 19 +++----- > drivers/vdpa/vdpa.c | 48 ++----------------- > drivers/vfio/fsl-mc/vfio_fsl_mc.c | 4 +- > drivers/vfio/pci/vfio_pci_core.c | 5 +- > drivers/xen/xen-pciback/pci_stub.c | 6 ++- > include/linux/amba/bus.h | 5 -- > include/linux/cdx/cdx_bus.h | 4 -- > include/linux/device/driver.h | 2 - > include/linux/fsl/mc.h | 4 -- > include/linux/hyperv.h | 5 -- > include/linux/pci.h | 6 --- > include/linux/rpmsg.h | 4 -- > include/linux/spi/spi.h | 5 -- > include/linux/vdpa.h | 4 -- > include/linux/wmi.h | 4 -- > 32 files changed, 88 insertions(+), 488 deletions(-) > > > base-commit: c369299895a591d96745d6492d4888259b004a9e > -- > 2.53.0
