hwmon: (adm1029) Add locking to avoid TOCTOU

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The function fan_show checks shared data for zero or invalid values
before using it as a divisor. These accesses are currently lockless. If
the data changes to zero between the check and the division, it causes a
divide-by-zero error.

Explicitly acquire the update lock around these checks and calculations
to ensure the data remains stable, preventing Time-of-Check to
Time-of-Use (TOCTOU) race conditions.

Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z8B-g@mail.gmail.com/
Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Link: https://lore.kernel.org/r/20251126114047.10039-1-hanguidong02@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>

authored by

Gui-Dong Han and committed by

Guenter Roeck 4 months ago 9eb4fb93 be89cf78

1 changed file

expand all

drivers

hwmon

adm1029.c

drivers/hwmon/adm1029.c

··· 171 171 struct adm1029_data *data = adm1029_update_device(dev); 172 172 u16 val; 173 173 174 + mutex_lock(&data->update_lock); 174 175 if (data->fan[attr->index] == 0 || 175 176 (data->fan_div[attr->index] & 0xC0) == 0 || 176 177 data->fan[attr->index] == 255) { 178 + mutex_unlock(&data->update_lock); 177 179 return sprintf(buf, "0\n"); 178 180 } 179 181 180 182 val = 1880 * 120 / DIV_FROM_REG(data->fan_div[attr->index]) 181 183 / data->fan[attr->index]; 184 + mutex_unlock(&data->update_lock); 182 185 return sprintf(buf, "%d\n", val); 183 186 } 184 187