On Thu, Feb 05, 2026 at 12:56:47PM +0100, Danilo Krummrich wrote:
> should be
>
> int revocable_init(struct revocable_provider __rcu **_rp, ...)
>
> instead of
>
> int revocable_init(struct revocable_provider __rcu *_rp, ...)
>
> for the same reason revocable_provider_revoke() takes a double pointer.
>
> Otherwise this seems racy:
>
> int revocable_init(struct revocable_provider __rcu *_rp, struct
> revocable *rev)
> {
> struct revocable_provider *rp;
>
> if (!_rp)
> return -ENODEV;
>
> /*
> * If revocable_provider_revoke() is called concurrently at this
> * point, _rp is not affectd by rcu_replace_pointer().
> *
> * Additionally, nothing prevents a concurrent kfree_rcu() from
> * freeing the revocable provider before we enter the RCU
> * read-side critical section below.
> */
>
> /*
> * Enter a read-side critical section.
> *
> * This prevents kfree_rcu() from freeing the struct
> revocable_provider
> * memory, for the duration of this scope.
> */
> scoped_guard(rcu) {
>
> ...
> }
>
> Do I miss anything?
You're right. Will fix that.
