| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3401727c-ad93-42df-8130-413eda41ab3a@roeck-us.net> Date: Thu, 5 Jun 2025 07:37:10 -0700 From: Guenter Roeck <linux@...ck-us.net> To: Gui-Dong Han <hanguidong02@...il.com> Cc: vt8231@...denengine.co.uk, steve.glendinning@...well.net, jdelvare@...e.com, linux-hwmon@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [BUG] hwmon: Widespread TOCTOU vulnerabilities in the hwmon subsystem On Thu, Jun 05, 2025 at 07:33:24AM -0700, Guenter Roeck wrote: > > > > I would like to discuss these issues further and collaborate on the > > best way to address them comprehensively. > > > > I'd suggest to start submitting patches, with the goal of minimizing > the scope of changes. Sometimes that may mean expanding the scope of > locks, sometimes it may mean converting macros to functions. When > converting to functions, it doesn't have to be inline functions: I'd > leave that up to the compiler to decide. None of that code is performance > critical. > Actualy, that makes me wonder if it would make sense to introduce subsystem-level locking. We could introduce a lock in struct hwmon_device_attribute and lock it whenever a show or store function executes in drivers/hwmon/hwmon.c. That would only help for drivers using the _with_info API, but it would simplify driver code a lot. Any thoughts on that ? Thanks, Guenter
Powered by blists - more mailing lists