Re: [PATCH] iio: imu: kmx61: Fix TOCTOU race condition

Next message: Maoyi Xie: "[PATCH net] rds_tcp: close NULL deref window in rds_tcp_set_callbacks"
Previous message: Frank Li: "Re: [PATCH RESEND] clocksource: move NXP timer selection to drivers/clocksource"
In reply to: Maxwell Doose: "[PATCH] iio: imu: kmx61: Fix TOCTOU race condition"
Next in thread: Andy Shevchenko: "Re: [PATCH] iio: imu: kmx61: Fix TOCTOU race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maxwell Doose

Date: Tue May 12 2026 - 11:22:06 EST

On Tue May 12, 2026 at 7:03 AM CDT, Maxwell Doose wrote:
> A Time-of-check to Time-of-use race condition is present in
> kmx61_write_event_config(). Move the mutex_lock() call above it to fix
> it.
>
> Fixes: fd3ae7a9f21c ("iio: imu: kmx61: Add support for any motion trigger")
> Signed-off-by: Maxwell Doose <m32285159@xxxxxxxxx>
> ---
> drivers/iio/imu/kmx61.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/iio/imu/kmx61.c b/drivers/iio/imu/kmx61.c
> index 3cd91d8a89ee..9aa00acc7f14 100644
> --- a/drivers/iio/imu/kmx61.c
> +++ b/drivers/iio/imu/kmx61.c
> @@ -942,11 +942,13 @@ static int kmx61_write_event_config(struct iio_dev *indio_dev,
> struct kmx61_data *data = kmx61_get_data(indio_dev);
> int ret = 0;
>
> - if (state && data->ev_enable_state)
> - return 0;
> -
> mutex_lock(&data->lock);
>
> + if (state && data->ev_enable_state) {
> + ret = 0;
> + goto err_unlock;
> + }
> +
> if (!state && data->motion_trig_on) {
> data->ev_enable_state = false;
> goto err_unlock;

Whoops, forgot to add reported-by and closes tags, so:

Reported-by: sashiko <sashiko-bot@xxxxxxxxxx>
Closes: https://sashiko.dev/#/patchset/20260507223337.48437-1-m32285159%40gmail.com

best regards,
max