1. Patchew
  2. linux
  3. View series

[PATCH v3 0/2] gpiolib: acpi: Fix bounds-checking and connection leak

Marco Scardovi (scardracs) posted 2 patches 4 days, 15 hours ago 
drivers/gpio/gpiolib-acpi-core.c | 157 ++++++++++++++++++++++++++++++---------
1 file changed, 122 insertions(+), 35 deletions(-)
[PATCH v3 0/2] gpiolib: acpi: Fix bounds-checking and connection leak
Posted by Marco Scardovi (scardracs) 4 days, 15 hours ago 
Hi Andy,

This new series addresses two issues in the ACPI GPIO library while trying
to address your feedbacks:
1. Adds robust bounds checking for pin resource indexing when requesting
   owned descriptors and querying wakeup/interrupt pin configurations.
2. Fixes a connection/descriptor leak in the OpRegion address space
   handler and handles connection rollback in a transaction-local list
   to avoid wiping successfully established connections.

Please note that some of these changes were found during a personal follow up
analysis before submitting the patches to the community. They are reported
to explain why some of these fixes are made in that way instead of another.

Changes since v2:
- Fixed a global over-cleanup bug in the error path of the handler, which
  incorrectly wiped the whole persistent connection list (achip->conns).
  We now use a temporary local list_head (new_conns) inside the handler
  to log and rollback only the connections requested during the current
  transaction, and splice them into the global list only on success.
- Renamed the global connections teardown helper to
  acpi_gpiochip_free_all_connections() to clearly indicate its scope.
- Fixed a potential concurrent connection duplication race in the handler
  using an optimistic double-check allocation retry pattern.
- Introduced the acpi_gpiochip_find_conn() helper to reduce lookup code
  duplication.
- Changed the subject prefix of Patch 2/2 to "Fixes: gpiolib: acpi: ...".

Changes since v1:
- Reworked bounds checking in acpi_gpio_adr_space_handler() to validate
  that the requested pin range [pin_index, pin_index + bits] remains within
  bounds of the ACPI resource pin table, returning -EINVAL instead of
  silent truncation.

As always I'll wait for your precious feedbacks

Assisted-by: Antigravity:gemini-3-flash
Signed-off-by: Marco Scardovi <mscardovi95@gmail.com>

Marco Scardovi (scardracs) (2):
  gpiolib: acpi: Add robust bounds-checking for GPIO pin resources
  Fixes: gpiolib: acpi: resource leak in OpRegion

 drivers/gpio/gpiolib-acpi-core.c | 157 ++++++++++++++++++++++++++++++---------
 1 file changed, 122 insertions(+), 35 deletions(-)

-- 
2.54.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.