hwmon: (emc2103) Add locking to avoid TOCTOU

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The functions fan1_input_show and fan1_target_show check shared data for
zero before using it as a divisor. These accesses are currently
lockless. If the data changes to zero between the check and the
division, it causes a divide-by-zero error.

Explicitly acquire the update lock around these checks and calculations
to ensure the data remains stable, preventing Time-of-Check to
Time-of-Use (TOCTOU) race conditions.

Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z8B-g@mail.gmail.com/
Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Link: https://lore.kernel.org/r/20251124165508.4667-1-hanguidong02@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>

authored by

Gui-Dong Han and committed by

Guenter Roeck 4 months ago 4faaa77d edbce49e

1 changed file

expand all

drivers

hwmon

emc2103.c

drivers/hwmon/emc2103.c

··· 277 277 { 278 278 struct emc2103_data *data = emc2103_update_device(dev); 279 279 int rpm = 0; 280 + mutex_lock(&data->update_lock); 280 281 if (data->fan_tach != 0) 281 282 rpm = (FAN_RPM_FACTOR * data->fan_multiplier) / data->fan_tach; 283 + mutex_unlock(&data->update_lock); 282 284 return sprintf(buf, "%d\n", rpm); 283 285 } 284 286 ··· 365 363 struct emc2103_data *data = emc2103_update_device(dev); 366 364 int rpm = 0; 367 365 366 + mutex_lock(&data->update_lock); 368 367 /* high byte of 0xff indicates disabled so return 0 */ 369 368 if ((data->fan_target != 0) && ((data->fan_target & 0x1fe0) != 0x1fe0)) 370 369 rpm = (FAN_RPM_FACTOR * data->fan_multiplier) 371 370 / data->fan_target; 371 + mutex_unlock(&data->update_lock); 372 372 373 373 return sprintf(buf, "%d\n", rpm); 374 374 }