[PATCH] iio: imu: kmx61: Fix TOCTOU race condition

Next message: Richard Cheng: "Re: [PATCH v2] drivers/base/memory: make memory block get/put explicit"
Previous message: Greg KH: "Re: [PATCH v2 4/7] sysfs: Add SYSFS_HUGE_BIN_FILE flag for binary attributes larger than PAGE_SIZE"
Next in thread: Maxwell Doose: "Re: [PATCH] iio: imu: kmx61: Fix TOCTOU race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maxwell Doose

Date: Tue May 12 2026 - 08:04:20 EST

A Time-of-check to Time-of-use race condition is present in
kmx61_write_event_config(). Move the mutex_lock() call above it to fix
it.

Fixes: fd3ae7a9f21c ("iio: imu: kmx61: Add support for any motion trigger")
Signed-off-by: Maxwell Doose <m32285159@xxxxxxxxx>
---
drivers/iio/imu/kmx61.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/iio/imu/kmx61.c b/drivers/iio/imu/kmx61.c
index 3cd91d8a89ee..9aa00acc7f14 100644
--- a/drivers/iio/imu/kmx61.c
+++ b/drivers/iio/imu/kmx61.c
@@ -942,11 +942,13 @@ static int kmx61_write_event_config(struct iio_dev *indio_dev,
struct kmx61_data *data = kmx61_get_data(indio_dev);
int ret = 0;

- if (state && data->ev_enable_state)
- return 0;
-
mutex_lock(&data->lock);

+ if (state && data->ev_enable_state) {
+ ret = 0;
+ goto err_unlock;
+ }
+
if (!state && data->motion_trig_on) {
data->ev_enable_state = false;
goto err_unlock;
--
2.54.0