Date: Wed, 01 Oct 2025 09:39:15 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 289120] A time-of-check to time-of-use race exists in gpioc_kqread() of GPIO subsystem Message-ID: <bug-289120-227-rluu4uC67M@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-289120-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289120 --- Comment #11 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=4472ecb362b068400f26abfce2db2a2b10a88d95 commit 4472ecb362b068400f26abfce2db2a2b10a88d95 Author: Ahmad Khalifa <vexeduxr@FreeBSD.org> AuthorDate: 2025-09-30 11:09:50 +0000 Commit: Ahmad Khalifa <vexeduxr@FreeBSD.org> CommitDate: 2025-10-01 08:52:21 +0000 gpioc: fix race in ioctl(GPIOCONFIGEVENTS) A race can occur in gpioc_ioctl when it is called with GPIOCONFIGEVENTS closely followed by GPIOSETCONFIG. GPIOSETCONFIG can alter the priv->pins list, making it no longer empty and opening the door for access to priv->events while we are reallocating it. Fix this by holding priv->mtx while handling GPIOCONFIGEVENTS. Reported by: Qiu-ji Chen PR: 289120 Reviewed by: mmel MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52783 (cherry picked from commit d000adfe41e6f2fe8f3dbe92d8fc2d34ae882086) sys/dev/gpio/gpioc.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-289120-227-rluu4uC67M>