| Message ID | 20241003-iio-read-avail-release-v1-4-c70cc7d9c2e0@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | iio: fix possible race condition during access of available info lists | expand |
On Thu, 03 Oct 2024 19:34:09 +0200 Matteo Martelli <matteomartelli3@gmail.com> wrote: > While available integration times are being printed to sysfs by iio core > (iio_read_channel_info_avail), the sampling frequency might be changed. > This could cause the buffer shared with iio core to be corrupted. To > prevent it, make a copy of the integration times buffer and free it in > the read_avail_release_resource callback. > > Signed-off-by: Matteo Martelli <matteomartelli3@gmail.com> > --- > drivers/iio/light/as73211.c | 23 ++++++++++++++++++++--- > 1 file changed, 20 insertions(+), 3 deletions(-) > > diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c > index be0068081ebbbb37fdfb252b67a77b302ff725f6..520c898e0ff9c530b4fdd45589559f9014d7992c 100644 > --- a/drivers/iio/light/as73211.c > +++ b/drivers/iio/light/as73211.c > @@ -493,17 +493,33 @@ static int as73211_read_avail(struct iio_dev *indio_dev, struct iio_chan_spec co > *type = IIO_VAL_INT; > return IIO_AVAIL_LIST; > > - case IIO_CHAN_INFO_INT_TIME: > + case IIO_CHAN_INFO_INT_TIME: { > *length = ARRAY_SIZE(data->int_time_avail); > - *vals = data->int_time_avail; > *type = IIO_VAL_INT_PLUS_MICRO; > - return IIO_AVAIL_LIST; > > + guard(mutex)(&data->mutex); > + > + *vals = kmemdup_array(data->int_time_avail, *length, > + sizeof(int), GFP_KERNEL); > + if (!*vals) > + return -ENOMEM; > + > + return IIO_AVAIL_LIST; > + } > default: > return -EINVAL; > } > } > > +static void as73211_read_avail_release_res(struct iio_dev *indio_dev, > + struct iio_chan_spec const *chan, > + const int *vals, long mask) > +{ > + if (mask == IIO_CHAN_INFO_INT_TIME) > + kfree(vals); > +} > + Trivial but one blank line is enough. If there is no other feedback on the series I can tidy this up whilst applying. > + > static int _as73211_write_raw(struct iio_dev *indio_dev, > struct iio_chan_spec const *chan __always_unused, > int val, int val2, long mask) > @@ -699,6 +715,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) > static const struct iio_info as73211_info = { > .read_raw = as73211_read_raw, > .read_avail = as73211_read_avail, > + .read_avail_release_resource = as73211_read_avail_release_res, > .write_raw = as73211_write_raw, > }; > >
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index be0068081ebbbb37fdfb252b67a77b302ff725f6..520c898e0ff9c530b4fdd45589559f9014d7992c 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -493,17 +493,33 @@ static int as73211_read_avail(struct iio_dev *indio_dev, struct iio_chan_spec co *type = IIO_VAL_INT; return IIO_AVAIL_LIST; - case IIO_CHAN_INFO_INT_TIME: + case IIO_CHAN_INFO_INT_TIME: { *length = ARRAY_SIZE(data->int_time_avail); - *vals = data->int_time_avail; *type = IIO_VAL_INT_PLUS_MICRO; - return IIO_AVAIL_LIST; + guard(mutex)(&data->mutex); + + *vals = kmemdup_array(data->int_time_avail, *length, + sizeof(int), GFP_KERNEL); + if (!*vals) + return -ENOMEM; + + return IIO_AVAIL_LIST; + } default: return -EINVAL; } } +static void as73211_read_avail_release_res(struct iio_dev *indio_dev, + struct iio_chan_spec const *chan, + const int *vals, long mask) +{ + if (mask == IIO_CHAN_INFO_INT_TIME) + kfree(vals); +} + + static int _as73211_write_raw(struct iio_dev *indio_dev, struct iio_chan_spec const *chan __always_unused, int val, int val2, long mask) @@ -699,6 +715,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) static const struct iio_info as73211_info = { .read_raw = as73211_read_raw, .read_avail = as73211_read_avail, + .read_avail_release_resource = as73211_read_avail_release_res, .write_raw = as73211_write_raw, };
While available integration times are being printed to sysfs by iio core (iio_read_channel_info_avail), the sampling frequency might be changed. This could cause the buffer shared with iio core to be corrupted. To prevent it, make a copy of the integration times buffer and free it in the read_avail_release_resource callback. Signed-off-by: Matteo Martelli <matteomartelli3@gmail.com> --- drivers/iio/light/as73211.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-)