Commit 9eb4fb93 authored Nov 26, 2025 by Gui-Dong Han Committed by Guenter Roeck Nov 26, 2025

hwmon: (adm1029) Add locking to avoid TOCTOU

The function fan_show checks shared data for zero or invalid values
before using it as a divisor. These accesses are currently lockless. If
the data changes to zero between the check and the division, it causes a
divide-by-zero error.

Explicitly acquire the update lock around these checks and calculations
to ensure the data remains stable, preventing Time-of-Check to
Time-of-Use (TOCTOU) race conditions.

Link: https://lore.kernel.org/all/CALbr=LYJ_ehtp53HXEVkSpYoub+XYSTU8Rg=o1xxMJ8=5z8B-g@mail.gmail.com/

Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Link: https://lore.kernel.org/r/20251126114047.10039-1-hanguidong02@gmail.com

Signed-off-by: Guenter Roeck <linux@roeck-us.net>

parent be89cf78

drivers/hwmon/adm1029.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -171,14 +171,17 @@ fan_show(struct device dev, struct device_attribute devattr, char *buf)
		struct adm1029_data *data = adm1029_update_device(dev);
		u16 val;

		mutex_lock(&data->update_lock);
		if (data->fan[attr->index] == 0 \|\|
		(data->fan_div[attr->index] & 0xC0) == 0 \|\|
		data->fan[attr->index] == 255) {
		mutex_unlock(&data->update_lock);
		return sprintf(buf, "0\n");
		}

		val = 1880 * 120 / DIV_FROM_REG(data->fan_div[attr->index])
		/ data->fan[attr->index];
		mutex_unlock(&data->update_lock);
		return sprintf(buf, "%d\n", val);
		}