[Bug 289120] A time-of-check to time-of-use race exists in gpioc_kqread() of GPIO subsystem

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 289120] A time-of-check to time-of-use race exists in gpioc_kqread() of GPIO subsystem"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 30 Sep 2025 11:21:51 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289120

--- Comment #9 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=d000adfe41e6f2fe8f3dbe92d8fc2d34ae882086

commit d000adfe41e6f2fe8f3dbe92d8fc2d34ae882086
Author:     Ahmad Khalifa <vexeduxr@FreeBSD.org>
AuthorDate: 2025-09-30 11:09:50 +0000
Commit:     Ahmad Khalifa <vexeduxr@FreeBSD.org>
CommitDate: 2025-09-30 11:20:25 +0000

    gpioc: fix race in ioctl(GPIOCONFIGEVENTS)

    A race can occur in gpioc_ioctl when it is called with GPIOCONFIGEVENTS
    closely followed by GPIOSETCONFIG. GPIOSETCONFIG can alter the
    priv->pins list, making it no longer empty and opening the door for
    access to priv->events while we are reallocating it. Fix this by holding
    priv->mtx while handling GPIOCONFIGEVENTS.

    Reported by:    Qiu-ji Chen
    PR:             289120
    Reviewed by:    mmel
    MFC after:      1 day
    Differential Revision:  https://reviews.freebsd.org/D52783

 sys/dev/gpio/gpioc.c | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.