Hi all,
while reviewing my patches I ended up noticing these two were concurrent of
the same problem so I ended up merging them and opening a new thread to
avoid any confusion.
lore.kernel.org/linux-gpio/20260518075357.112584-1-mscardovi95@gmail.com/
lore.kernel.org/linux-gpio/20260524162708.62949-1-scardracs@disroot.org/
Please mind to check the 1st one before reviewing it as it contains some
of @Andy's comments on it.
This series consolidates various fixes and bounds-checking improvements
for gpiolib-acpi.
- Patch 1: Adds robust bounds checking for GPIO pin resource arrays.
- Patch 2: Fixes a resource leak and concurrent access race in the
GPIO OperationRegion address space handler.
- Patch 3: Prevents physical address truncation from 64-bit to 16-bit
in the OperationRegion handler.
- Patch 4: Prevents out-of-bounds pointer arithmetic in
acpi_gpio_package_count when counting GPIOs.
Changes in v4:
- Merged the address truncation and package count pointer arithmetic
bounds-checking fixes into this unified patch series.
- Cleaned up the OperationRegion handler modifications to avoid
conflicts between the leak fix and truncation check.
- Added code documentation comments explaining locking requirements in
acpi_gpiochip_find_conn().
- Reworded the commit subject line of Patch 2 to follow standard
kernel conventions.
- Optimized the concurrent double-request rollback path in Patch 2 to
free the descriptor outside the mutex (`conn_lock`) to prevent
potential lockdep issues.
- Refined the `-EBUSY` recovery comment in Patch 2 to accurately
characterize it as a best-effort recovery path.
Marco Scardovi (2):
gpiolib: acpi: prevent address truncation in OperationRegion handler
gpiolib: acpi: fix out-of-bounds pointer arithmetic in
acpi_gpio_package_count
Marco Scardovi (scardracs) (2):
gpiolib: acpi: Add robust bounds-checking for GPIO pin resources
gpiolib: acpi: fix resource leak in OpRegion
drivers/gpio/gpiolib-acpi-core.c | 186 ++++++++++++++++++++++++-------
1 file changed, 147 insertions(+), 39 deletions(-)
--
2.54.0