[PATCH v3 5/5] iio: as73211: copy/release available integration times to fix race

From: Matteo Martelli
Date: Tue Oct 15 2024 - 07:08:07 EST

Next message: Jon Hunter: "Re: [PATCH net-next v2] net: phy: aquantia: fix return value check in aqr107_config_mdi()"
Previous message: Matteo Martelli: "[PATCH v3 4/5] iio: ad7192: copy/release available filter frequencies to fix race"
In reply to: Matteo Martelli: "[PATCH v3 4/5] iio: ad7192: copy/release available filter frequencies to fix race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While available integration times are being printed to sysfs by iio core
(iio_read_channel_info_avail), the sampling frequency might be changed.
This could cause the buffer shared with iio core to be corrupted. To
prevent it, make a copy of the integration times buffer and free it in
the read_avail_release_resource callback.

Signed-off-by: Matteo Martelli <matteomartelli3@xxxxxxxxx>
---
drivers/iio/light/as73211.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index be0068081ebbbb37fdfb252b67a77b302ff725f6..c4c94873e6a1cc926cfb724d906b07222773c43f 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -108,7 +108,8 @@ struct as73211_spec_dev_data {
* @creg1: Cached Configuration Register 1.
* @creg2: Cached Configuration Register 2.
* @creg3: Cached Configuration Register 3.
- * @mutex: Keeps cached registers in sync with the device.
+ * @mutex: Keeps cached registers in sync with the device and protects
+ * int_time_avail concurrent access for updating and reading.
* @completion: Completion to wait for interrupt.
* @int_time_avail: Available integration times (depend on sampling frequency).
* @spec_dev: device-specific configuration.
@@ -493,17 +494,32 @@ static int as73211_read_avail(struct iio_dev *indio_dev, struct iio_chan_spec co
*type = IIO_VAL_INT;
return IIO_AVAIL_LIST;

- case IIO_CHAN_INFO_INT_TIME:
+ case IIO_CHAN_INFO_INT_TIME: {
*length = ARRAY_SIZE(data->int_time_avail);
- *vals = data->int_time_avail;
*type = IIO_VAL_INT_PLUS_MICRO;
- return IIO_AVAIL_LIST;

+ guard(mutex)(&data->mutex);
+
+ *vals = kmemdup_array(data->int_time_avail, *length,
+ sizeof(int), GFP_KERNEL);
+ if (!*vals)
+ return -ENOMEM;
+
+ return IIO_AVAIL_LIST;
+ }
default:
return -EINVAL;
}
}

+static void as73211_read_avail_release_res(struct iio_dev *indio_dev,
+ struct iio_chan_spec const *chan,
+ const int *vals, long mask)
+{
+ if (mask == IIO_CHAN_INFO_INT_TIME)
+ kfree(vals);
+}
+
static int _as73211_write_raw(struct iio_dev *indio_dev,
struct iio_chan_spec const *chan __always_unused,
int val, int val2, long mask)
@@ -699,6 +715,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
static const struct iio_info as73211_info = {
.read_raw = as73211_read_raw,
.read_avail = as73211_read_avail,
+ .read_avail_release_resource = as73211_read_avail_release_res,
.write_raw = as73211_write_raw,
};

--
2.47.0

Next message: Jon Hunter: "Re: [PATCH net-next v2] net: phy: aquantia: fix return value check in aqr107_config_mdi()"
Previous message: Matteo Martelli: "[PATCH v3 4/5] iio: ad7192: copy/release available filter frequencies to fix race"
In reply to: Matteo Martelli: "[PATCH v3 4/5] iio: ad7192: copy/release available filter frequencies to fix race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]