From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f47.google.com (mail-oo1-f47.google.com [209.85.161.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C1263C4173 for ; Tue, 12 May 2026 15:54:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778601251; cv=none; b=jbSwf2in4r+CCWvvLuWPgo/d00kHDbxsuX3Sb2v8riKDDkGw+dcI2KMnaiA2L6pDyhc3sBik2ezjCxye/9y+wCbac+nohm7lc+6SHbaWoRaQue9rZvIpzegRRMCcPf9S3MLVWjfF6EyaqNTgYe3TRd+sVdE0b/DAXhxBZrhNWRY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778601251; c=relaxed/simple; bh=ar7r0CplPhOBjT9O7jDUVxLUCoUGYulfCXSofIIVZxg=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=GQzoz10yMqOKNkPwp8mLRz/0oTFWyIjO1ECcDWwsfTUi98qNYjqbwK5IdrogaEd+tZ0wdFZaMlHP4fBXMD8+4OxizAkbgVh7nO49EZxZD1AOs1WWK07yQNYjnqCSbMNhM7bdMV4EH94MXJZGDsaxveHMiyJGb8f5iXJ3Zz3w+Gg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=baylibre.com; spf=pass smtp.mailfrom=baylibre.com; dkim=pass (2048-bit key) header.d=baylibre-com.20251104.gappssmtp.com header.i=@baylibre-com.20251104.gappssmtp.com header.b=x53TWIKz; arc=none smtp.client-ip=209.85.161.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=baylibre.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=baylibre.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=baylibre-com.20251104.gappssmtp.com header.i=@baylibre-com.20251104.gappssmtp.com header.b="x53TWIKz" Received: by mail-oo1-f47.google.com with SMTP id 006d021491bc7-6966e1a0b91so3395815eaf.3 for ; Tue, 12 May 2026 08:54:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20251104.gappssmtp.com; s=20251104; t=1778601248; x=1779206048; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=mu9LntJbCssD7Nm2DFnHOLJ9ocvl6E8VHMXK5m9CjY8=; b=x53TWIKzeyMKFVktKRdzanktnalpKFgdRGZbKkQFiPb3Q0OsUaqqiujnGzSeMiqkvL TV6boZgKVgU9baz3Vsb2TANUgjgM1ttGdjTG+c0JckHhABdDHdffq/TenH7FJzdIqryV 3/7su7QAlyDwg7Tw+uMpvagNjnt3g6xqTtRP0eO9f6aoEiukqnjdeNiOMDlWS2oXJhGB EkgKZMS15PL5xF0nOBXXI3oWryXRIZWHP+MbXTbU7P6IMMlu+8ShDjKqtoZ06WlHSwf1 CN2M47cffSbS6BCbmAHDFqVljbuNJhOxnZFqhCDcU9QUrprqjpWQS016aQhJ7Hh3oU2Y X38w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778601248; x=1779206048; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mu9LntJbCssD7Nm2DFnHOLJ9ocvl6E8VHMXK5m9CjY8=; b=mIXd/iD4OglzeQ2ntChlSHAIbTwnJYrTM6ZpCtXMbB8ZqlQo7cHTrvCHtmH560AFNM VowkXTdEuwNrnn2XH9nITT0QdgvfGrPH7m7IqkzT7coFLMToq4w3aOfAQBVW9ATJAp/Z eI8CO6t7F/1lxBKGxRl/4/QdHE3lucV14Pou+u42vNceEDQdVBXaftei7n8fZIPzoHb0 mY9rtdswXHD7QH4jQGtIXlUk7l9d6cLgSExnPe7sJW5JeD1HL3EuNhQwka5CvcXORewb GLzbSItwsi+9VreqYI7G6abaKCEFUPb2T+zDjcK2wcyDNibI0xkubgAlDauW8QKiA0pf dKig== X-Forwarded-Encrypted: i=1; AFNElJ9LMUynzfLzOfFFSIKLY7aguCC8aDH2pEE4/jCMTXTwoVB803BHL4BTGc4PKTlmbPTqz3IMCvWbTa6sAfI=@vger.kernel.org X-Gm-Message-State: AOJu0YxdS06FVW1RLWZGi3Jo2vWWfE9WXzy9KDOWWncZxXkcdZmy82qN DGwomhwJJ6w2hOPO1OUXNp1CJG1xPRH1fTlo9bBrQ+K2wNYXveQd3wKunRehZYmLK3A= X-Gm-Gg: Acq92OGASoUybAOzk4Z/oInPhElTvkDUVR7jJRwbW7iQyaxy5ZbBETJIB0s41GvtGjG vjiwIy5cJS+HiRFms4yMNrZ0WgGKHeR1g+Att6AXGi/mIMaQwVTpPKnm48OIXA3UiAxGF1HERLk VqTj7WTHbjv+iL1IzRcvrntfbWxIvjsf3v/6LRXsSKG5+C3/nDv8sgxhjPwaYeCq17iNbS0CdfT CNX/8eL2HiFc3fGBOo99brr9dXLHbf3EXbV3ZluTVPIs/343xEYUkFkdKQdlhEavQj0/KdUhow/ 1oTA/SFr6slqsglBFjLdAYW6rkdQ7q/b80sNFH+xNfA9c+cL2+5ZvewQ6DgHX34+msUgrcnK1ZJ 88gJRoH5Sxh42waBBlEYslKcovrAv1X765rHGcRNVfZusO4uQ5Y93Al2Rkd58AZpLhahPcON0kc Eu+qCk8Q+nfevObT2/KDb+36IisSsX+ut+l88bgaEEs44rqzG/MDHvWiyrYJZHFSEetbfVNouJ7 w== X-Received: by 2002:a05:6820:1610:b0:696:1a85:586b with SMTP id 006d021491bc7-69998d103cemr16189557eaf.35.1778601248273; Tue, 12 May 2026 08:54:08 -0700 (PDT) Received: from ?IPV6:2600:8803:e7e4:500:baa4:f7fb:528a:2457? ([2600:8803:e7e4:500:baa4:f7fb:528a:2457]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-4355736f517sm13105588fac.12.2026.05.12.08.54.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 May 2026 08:54:07 -0700 (PDT) Message-ID: <051ee23d-cc9d-4eff-bd2f-3ad2085f2162@baylibre.com> Date: Tue, 12 May 2026 10:54:07 -0500 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] iio: imu: kmx61: Fix TOCTOU race condition To: Maxwell Doose , jic23@kernel.org Cc: =?UTF-8?Q?Nuno_S=C3=A1?= , Andy Shevchenko , Daniel Baluta , "open list:IIO SUBSYSTEM AND DRIVERS" , open list References: <20260512120356.40839-1-m32285159@gmail.com> Content-Language: en-US From: David Lechner In-Reply-To: <20260512120356.40839-1-m32285159@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 5/12/26 7:03 AM, Maxwell Doose wrote: > A Time-of-check to Time-of-use race condition is present in > kmx61_write_event_config(). Move the mutex_lock() call above it to fix > it. > > Fixes: fd3ae7a9f21c ("iio: imu: kmx61: Add support for any motion trigger") > Signed-off-by: Maxwell Doose > --- > drivers/iio/imu/kmx61.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/iio/imu/kmx61.c b/drivers/iio/imu/kmx61.c > index 3cd91d8a89ee..9aa00acc7f14 100644 > --- a/drivers/iio/imu/kmx61.c > +++ b/drivers/iio/imu/kmx61.c > @@ -942,11 +942,13 @@ static int kmx61_write_event_config(struct iio_dev *indio_dev, > struct kmx61_data *data = kmx61_get_data(indio_dev); > int ret = 0; > > - if (state && data->ev_enable_state) > - return 0; > - > mutex_lock(&data->lock); > > + if (state && data->ev_enable_state) { > + ret = 0; > + goto err_unlock; > + } > + > if (!state && data->motion_trig_on) { > data->ev_enable_state = false; > goto err_unlock; There are actually 3 other drivers that have identical code which likely need the same fix. And in all of these, there is an write_event() callback that reads ev_enable_state without holding the mutex that looks suspicious too.