* [PATCH] hwmon: (max16065) Use local variable to avoid TOCTOU
@ 2025-11-28 12:47 Gui-Dong Han
2025-11-28 16:36 ` Guenter Roeck
0 siblings, 1 reply; 2+ messages in thread
From: Gui-Dong Han @ 2025-11-28 12:47 UTC (permalink / raw)
To: linux; +Cc: linux-hwmon, linux-kernel, Gui-Dong Han, stable
In max16065_current_show, data->curr_sense is read twice: once for the
error check and again for the calculation. Since
i2c_smbus_read_byte_data returns negative error codes on failure, if the
data changes to an error code between the check and the use, ADC_TO_CURR
results in an incorrect calculation.
Read data->curr_sense into a local variable to ensure consistency. Note
that data->curr_gain is constant and safe to access directly.
This aligns max16065_current_show with max16065_input_show, which
already uses a local variable for the same reason.
Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z8B-g@mail.gmail.com/
Fixes: f5bae2642e3d ("hwmon: Driver for MAX16065 System Manager and compatibles")
Cc: stable@vger.kernel.org
Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
---
Based on the discussion in the link, I will submit a series of patches to
address TOCTOU issues in the hwmon subsystem by converting macros to
functions or adjusting locking where appropriate.
---
drivers/hwmon/max16065.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/hwmon/max16065.c b/drivers/hwmon/max16065.c
index 0ccb5eb596fc..4c9e7892a73c 100644
--- a/drivers/hwmon/max16065.c
+++ b/drivers/hwmon/max16065.c
@@ -216,12 +216,13 @@ static ssize_t max16065_current_show(struct device *dev,
struct device_attribute *da, char *buf)
{
struct max16065_data *data = max16065_update_device(dev);
+ int curr_sense = data->curr_sense;
- if (unlikely(data->curr_sense < 0))
- return data->curr_sense;
+ if (unlikely(curr_sense < 0))
+ return curr_sense;
return sysfs_emit(buf, "%d\n",
- ADC_TO_CURR(data->curr_sense, data->curr_gain));
+ ADC_TO_CURR(curr_sense, data->curr_gain));
}
static ssize_t max16065_limit_store(struct device *dev,
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] hwmon: (max16065) Use local variable to avoid TOCTOU
2025-11-28 12:47 [PATCH] hwmon: (max16065) Use local variable to avoid TOCTOU Gui-Dong Han
@ 2025-11-28 16:36 ` Guenter Roeck
0 siblings, 0 replies; 2+ messages in thread
From: Guenter Roeck @ 2025-11-28 16:36 UTC (permalink / raw)
To: Gui-Dong Han; +Cc: linux-hwmon, linux-kernel, stable
On Fri, Nov 28, 2025 at 08:47:09PM +0800, Gui-Dong Han wrote:
> In max16065_current_show, data->curr_sense is read twice: once for the
> error check and again for the calculation. Since
> i2c_smbus_read_byte_data returns negative error codes on failure, if the
> data changes to an error code between the check and the use, ADC_TO_CURR
> results in an incorrect calculation.
>
> Read data->curr_sense into a local variable to ensure consistency. Note
> that data->curr_gain is constant and safe to access directly.
>
> This aligns max16065_current_show with max16065_input_show, which
> already uses a local variable for the same reason.
>
> Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z8B-g@mail.gmail.com/
> Fixes: f5bae2642e3d ("hwmon: Driver for MAX16065 System Manager and compatibles")
> Cc: stable@vger.kernel.org
> Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Applied.
Thanks,
Guenter
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-11-28 16:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-28 12:47 [PATCH] hwmon: (max16065) Use local variable to avoid TOCTOU Gui-Dong Han
2025-11-28 16:36 ` Guenter Roeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox