From nobody Fri Jun 12 19:47:45 2026
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com
 [209.85.210.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13407385D81
	for <linux-kernel@vger.kernel.org>; Wed, 13 May 2026 01:36:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.41
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778636204; cv=none;
 b=oh1GVPZXQE5dDr1rEKuEVrB/jXA70o51d8aAuq/b+OjgkXL09q+ZnTQ4v6fwKUxtzDayaZnvZs1/OPp57INyPn19zjehBWFE3phFUSvOYJIfAbeERBKWPcV1K6BGPr8ReKbxW3NT+Bxc6l1YSLcn8mKFHF/EmmCFYFQpMHozYHg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778636204; c=relaxed/simple;
	bh=XQK7Rj5SxTOGJeHdeR0dlvQZhO+384rs0z0IsWLwfhg=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=DOAsWpr3u+3zwB4AUf++PW1JUsFJtnlBJQe4h84QxSFQeCXuph20+pgzpKg6ZIORuK0336ydv742vxGTVk+2PseihzfXQkhJpbbFSjfn+o95kyCU1eSAgaydyhCNaFi6QD7wLzbZ5zylMIZuIx1WAzNfAy5g23huqKqXOCjfSJw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=YWfUKdYI; arc=none smtp.client-ip=209.85.210.41
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="YWfUKdYI"
Received: by mail-ot1-f41.google.com with SMTP id
 46e09a7af769-7dcd17e19b6so3556862a34.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 May 2026 18:36:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1778636200; x=1779241000;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=647KizCmT0BV4mGCMhIP+6nuRdxNDMMBx0b8A8P9hDI=;
        b=YWfUKdYIFX1/Mi2z0CIZR4HbQa1jjGPBi8NyF9UAIA5sg7WPB6ryYgcLKk8cY3FZxv
         02Xd7JfEJljtKcO9N0fMkLRMJWAPWFnaIgA7QAGF6SvXPO5b58BeymQj4MV4sy2hHv+f
         JNaEzHeJ5eArmPLPyDbgEieuhMQDERzx83ZvpFBxVDsxAECyhYqUmMRogG9d6XJw4enq
         UZRUEIVp+lO+jT4oUKj6Nq6f/ONZyw2hHIDOqJLCfSnAKxhymgCyvuRBfETTXi7pXqFA
         vfXK862Ozw3MXHPm09sLEHjj9IzcLIB4j6N26xJENty0UzcTceiMgzifrLFXs/9mz5t6
         kG2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778636200; x=1779241000;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=647KizCmT0BV4mGCMhIP+6nuRdxNDMMBx0b8A8P9hDI=;
        b=KrDeTReVFBfOJi71bAr0mBLI6+8kBHFv650mBPqJxgEIiJE4VY6k7viqqcaVOsSvlR
         KWoAh+JEhLUyWdqfcsAr2dP1slBsswlyI1sUTXfJiNoihUVhgA4fXqn8vct060KNi7X+
         nyO9F5ah/Mp3CmlDCE11+pe+/ccRa/qvi5yZyZGr+ofwRzLiWx2Efrrp5TSWnCbidrEK
         +1kLTQN5zgTB83eFMk8MpTugZpVS3AzkphTxuyk5yxlZbPL/179FOgS2KGZBhmd8O3rb
         7n7mjVZrw3v2JBZTXetOT+GDWQrQRYJ0Muk+56AUJLEU4y+uiWHrhDmzPQpyWFXLnmle
         fT1w==
X-Forwarded-Encrypted: i=1;
 AFNElJ+qLE2qAcJ6MmeyKpvC+M0iU6V/ZTdcCiqLbxcMYXogb+ssrf6MFMOI38STM4ZOrdgvYwPtH24qqVOrGTU=@vger.kernel.org
X-Gm-Message-State: AOJu0Ywr16l/S+6yHJfZgmFOpSU30/F41TNO0cPpdqiSej2kXo3ETR09
	4cCBEdDSBYLxRDrrnsxD2XAFxNobXGyxcORgfXLGSh0PL3lpKjnEtQeV
X-Gm-Gg: Acq92OFPZ7g1FdVrPw9tSIpeSLaDsj96776zHJY0A+fySO0UI6ZsZW4tiLKyOeBxwUs
	eHcuKkb2FgyotQM+yUDe/t9HNytyykFg34HVZtIIct6183dqrX+9j2Tw5OVKYWmyofyDon5qXZY
	DwK0EYsuouUqy7oI+vZYipHMyBeISf3W2OLLDw3zqBxtxfIuA6srd/ObXt4mKx6GcZISU47H3+q
	9SykMWpdhqM+DPiHhiyoTuyBK11hiR5ASF+ulhkxISKLD/2Fiy+M+7BJ8yp6aG7JdNyVoXu0b1/
	MmVLJ+pyMSJUyPS6DxO9vanf1lsa98cveg8Aeo63pwo3vDNQVp0nkgjviVkAQEXvhMzDXNZ0lnw
	AJnUcPplXR+ZYcdIC+NLvkmmHgKm6AycoEr9uYtmn4JLw+X+dDl3kRv7fcGKMQD3e9UG08kn2Xk
	ifdTBsMUA8k+hfaiqAxaNphq62C1zJxlSTR8VHOaBbWJYszoJjeQ6ii27e0Q==
X-Received: by 2002:a05:6830:6102:b0:7dc:cd0b:58af with SMTP id
 46e09a7af769-7e3da03f8b2mr837514a34.6.1778636200232;
        Tue, 12 May 2026 18:36:40 -0700 (PDT)
Received: from linuxescape.lan (23-88-128-2.fttp.usinternet.com.
 [23.88.128.2])
        by smtp.gmail.com with ESMTPSA id
 46e09a7af769-7e367d90148sm10412083a34.20.2026.05.12.18.36.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 12 May 2026 18:36:39 -0700 (PDT)
From: Maxwell Doose <m32285159@gmail.com>
To: jic23@kernel.org
Cc: sashiko <sashiko-bot@kernel.org>,
	David Lechner <dlechner@baylibre.com>,
	=?UTF-8?q?Nuno=20S=C3=A1?= <nuno.sa@analog.com>,
	Andy Shevchenko <andy@kernel.org>,
	Daniel Baluta <daniel.baluta@intel.com>,
	linux-iio@vger.kernel.org (open list:IIO SUBSYSTEM AND DRIVERS),
	linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v2] iio: imu: kmx61: Fix potential time-of-check to
 time-of-use race
Date: Tue, 12 May 2026 20:36:38 -0500
Message-ID: <20260513013638.147606-1-m32285159@gmail.com>
X-Mailer: git-send-email 2.54.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

A time-of-check to time-of-use race condition exists in
kmx61_write_event_config(). If two threads enter the function at the
same time, both threads may pass the check and get to the lock. Thus,
when the first thread releases the lock allowing the second thread to
start execution after the first thread modifies data->ev_enable_state to
force returning from the function, the second thread continues execution
regardless. Fix this by moving the data->ev_enable_state check inside of
the critical section.

Fixes: fd3ae7a9f21c ("iio: imu: kmx61: Add support for any motion trigger")
Reported-by: sashiko <sashiko-bot@kernel.org>
Closes: https://sashiko.dev/#/patchset/20260507223337.48437-1-m32285159%40g=
mail.com
Signed-off-by: Maxwell Doose <m32285159@gmail.com>
Reviewed-by: Joshua Crofts <joshua.crofts1@gmail.com>
---
 drivers/iio/imu/kmx61.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/iio/imu/kmx61.c b/drivers/iio/imu/kmx61.c
index 3cd91d8a89ee..3afa369de3cf 100644
--- a/drivers/iio/imu/kmx61.c
+++ b/drivers/iio/imu/kmx61.c
@@ -942,11 +942,11 @@ static int kmx61_write_event_config(struct iio_dev *i=
ndio_dev,
 	struct kmx61_data *data =3D kmx61_get_data(indio_dev);
 	int ret =3D 0;
=20
-	if (state && data->ev_enable_state)
-		return 0;
-
 	mutex_lock(&data->lock);
=20
+	if (state && data->ev_enable_state)
+		goto err_unlock;
+
 	if (!state && data->motion_trig_on) {
 		data->ev_enable_state =3D false;
 		goto err_unlock;
--=20
2.54.0